diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-05-17 19:05:49 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-05-17 19:05:49 +0300 |
| commit | 43a25d93ebdabea52f99b05e15b06250cd8f07d7 (patch) | |
| tree | dceebdc68925362117480a5d672bcff122fb625b /lib/gitlab/ci | |
| parent | 20c84b99005abd1c82101dfeff264ac50d2df211 (diff) | |
Add latest changes from gitlab-org/gitlab@16-0-stable-eev16.0.0-rc42
Diffstat (limited to 'lib/gitlab/ci')
180 files changed, 2387 insertions, 63156 deletions
diff --git a/lib/gitlab/ci/ansi2json/parser.rb b/lib/gitlab/ci/ansi2json/parser.rb index fdd49df1e24..1d26bceb7b1 100644 --- a/lib/gitlab/ci/ansi2json/parser.rb +++ b/lib/gitlab/ci/ansi2json/parser.rb @@ -9,14 +9,14 @@ module Gitlab class Parser # keys represent the trailing digit in color changing command (30-37, 40-47, 90-97. 100-107) COLOR = { - 0 => 'black', # not that this is gray in the intense color table + 0 => 'black', # Note: This is gray in the intense color table. 1 => 'red', 2 => 'green', 3 => 'yellow', 4 => 'blue', 5 => 'magenta', 6 => 'cyan', - 7 => 'white' # not that this is gray in the dark (aka default) color table + 7 => 'white' # Note: This is gray in the dark (aka default) color table. }.freeze STYLE_SWITCHES = { diff --git a/lib/gitlab/ci/ansi2json/state.rb b/lib/gitlab/ci/ansi2json/state.rb index b2b6ce649ed..3aec1cde1bc 100644 --- a/lib/gitlab/ci/ansi2json/state.rb +++ b/lib/gitlab/ci/ansi2json/state.rb @@ -1,11 +1,18 @@ # frozen_string_literal: true +require 'openssl' + # In this class we keep track of the state changes that the # Converter makes as it scans through the log stream. module Gitlab module Ci module Ansi2json class State + include Gitlab::Utils::StrongMemoize + + SIGNATURE_KEY_SALT = 'gitlab-ci-ansi2json-state' + SEPARATOR = '--' + attr_accessor :offset, :current_line, :inherited_style, :open_sections, :last_line_offset def initialize(new_state, stream_size) @@ -18,12 +25,15 @@ module Gitlab end def encode - state = { + json = { offset: @last_line_offset, style: @current_line.style.to_h, open_sections: @open_sections - } - Base64.urlsafe_encode64(state.to_json) + }.to_json + + encoded = Base64.urlsafe_encode64(json, padding: false) + + encoded + SEPARATOR + sign(encoded) end def open_section(section, timestamp, options) @@ -85,14 +95,55 @@ module Gitlab end end - def decode_state(state) - return unless state.present? + def decode_state(data) + return if data.blank? - decoded_state = Base64.urlsafe_decode64(state) + encoded_state = verify(data) + if encoded_state.blank? + ::Gitlab::AppLogger.warn(message: "#{self.class}: signature missing or invalid", invalid_state: data) + return + end + + decoded_state = Base64.urlsafe_decode64(encoded_state) return unless decoded_state.present? - Gitlab::Json.parse(decoded_state) + ::Gitlab::Json.parse(decoded_state) + end + + def sign(message) + ::OpenSSL::HMAC.hexdigest( + signature_digest, + signature_key, + message + ) + end + + def verify(signed_message) + signature_length = signature_digest.digest_length * 2 # a byte is exactly two hexadecimals + message_length = signed_message.length - SEPARATOR.length - signature_length + return if message_length <= 0 + + signature = signed_message.last(signature_length) + message = signed_message.first(message_length) + return unless valid_signature?(message, signature) + + message + end + + def valid_signature?(message, signature) + expected_signature = sign(message) + expected_signature.bytesize == signature.bytesize && + ::OpenSSL.fixed_length_secure_compare(signature, expected_signature) + end + + def signature_digest + ::OpenSSL::Digest.new('SHA256') + end + + def signature_key + ::Gitlab::Application.key_generator.generate_key(SIGNATURE_KEY_SALT, signature_digest.block_length) end + strong_memoize_attr :signature_key end end end diff --git a/lib/gitlab/ci/badge/release/latest_release.rb b/lib/gitlab/ci/badge/release/latest_release.rb index e73bb2a912a..8d84a54787b 100644 --- a/lib/gitlab/ci/badge/release/latest_release.rb +++ b/lib/gitlab/ci/badge/release/latest_release.rb @@ -10,7 +10,8 @@ module Gitlab::Ci @project = project @customization = { key_width: opts[:key_width] ? opts[:key_width].to_i : nil, - key_text: opts[:key_text] + key_text: opts[:key_text], + value_width: opts[:value_width] ? opts[:value_width].to_i : nil } # In the future, we should support `order_by=semver` for showing the diff --git a/lib/gitlab/ci/badge/release/template.rb b/lib/gitlab/ci/badge/release/template.rb index 354be6276fa..549742226a1 100644 --- a/lib/gitlab/ci/badge/release/template.rb +++ b/lib/gitlab/ci/badge/release/template.rb @@ -11,9 +11,11 @@ module Gitlab::Ci }.freeze KEY_WIDTH_DEFAULT = 90 VALUE_WIDTH_DEFAULT = 54 + VALUE_WIDTH_MAXIMUM = 200 def initialize(badge) @tag = badge.tag || "none" + @value_width = badge.customization[:value_width] super end @@ -30,7 +32,11 @@ module Gitlab::Ci end def value_width - VALUE_WIDTH_DEFAULT + if @value_width && @value_width.between?(1, VALUE_WIDTH_MAXIMUM) + @value_width + else + VALUE_WIDTH_DEFAULT + end end def value_color diff --git a/lib/gitlab/ci/build/cache.rb b/lib/gitlab/ci/build/cache.rb index 1cddc9fcc98..c1052f59272 100644 --- a/lib/gitlab/ci/build/cache.rb +++ b/lib/gitlab/ci/build/cache.rb @@ -9,8 +9,10 @@ module Gitlab def initialize(cache, pipeline) cache = Array.wrap(cache) @cache = cache.map.with_index do |cache, index| + prefix = cache_prefix(cache, index) + Gitlab::Ci::Pipeline::Seed::Build::Cache - .new(pipeline, cache, index) + .new(pipeline, cache, prefix) end end @@ -23,6 +25,20 @@ module Gitlab end end end + + private + + # The below method fixes a bug related to incorrect caches being used + # For more details please see: https://gitlab.com/gitlab-org/gitlab/-/issues/388374 + def cache_prefix(cache, index) + files = cache.dig(:key, :files) if cache.is_a?(Hash) && cache[:key].is_a?(Hash) + + return index if files.blank? + + filenames = files.map { |file| file.split('.').first }.join('_') + + "#{index}_#{filenames}" + end end end end diff --git a/lib/gitlab/ci/build/rules.rb b/lib/gitlab/ci/build/rules.rb index dee95534b07..bc7aad1b186 100644 --- a/lib/gitlab/ci/build/rules.rb +++ b/lib/gitlab/ci/build/rules.rb @@ -6,12 +6,14 @@ module Gitlab class Rules include ::Gitlab::Utils::StrongMemoize - Result = Struct.new(:when, :start_in, :allow_failure, :variables, :errors) do + Result = Struct.new(:when, :start_in, :allow_failure, :variables, :needs, :errors) do def build_attributes { when: self.when, options: { start_in: start_in }.compact, - allow_failure: allow_failure + allow_failure: allow_failure, + scheduling_type: (:dag if needs), + needs_attributes: needs&.[](:job) }.compact end @@ -33,13 +35,14 @@ module Gitlab matched_rule.attributes[:when] || @default_when, matched_rule.attributes[:start_in], matched_rule.attributes[:allow_failure], - matched_rule.attributes[:variables] + matched_rule.attributes[:variables], + (matched_rule.attributes[:needs] if Feature.enabled?(:introduce_rules_with_needs, pipeline.project)) ) else Result.new('never') end rescue Rule::Clause::ParseError => e - Result.new('never', nil, nil, nil, [e.message]) + Result.new('never', nil, nil, nil, nil, [e.message]) end private diff --git a/lib/gitlab/ci/components/instance_path.rb b/lib/gitlab/ci/components/instance_path.rb index 010ce57d2a0..27a7611ffdd 100644 --- a/lib/gitlab/ci/components/instance_path.rb +++ b/lib/gitlab/ci/components/instance_path.rb @@ -6,6 +6,8 @@ module Gitlab class InstancePath include Gitlab::Utils::StrongMemoize + LATEST_VERSION_KEYWORD = '~latest' + def self.match?(address) address.include?('@') && address.start_with?(Settings.gitlab_ci['component_fqdn']) end @@ -39,9 +41,9 @@ module Gitlab File.join(component_dir, @content_filename).delete_prefix('/') end - # TODO: Add support when version is a released tag and "~latest" moving target def sha return unless project + return latest_version_sha if version == LATEST_VERSION_KEYWORD project.commit(version)&.id end @@ -69,6 +71,12 @@ module Gitlab ::Project.where_full_path_in(possible_paths).take # rubocop: disable CodeReuse/ActiveRecord end + + def latest_version_sha + return unless catalog_resource = project&.catalog_resource + + catalog_resource.latest_version&.sha + end end end end diff --git a/lib/gitlab/ci/config.rb b/lib/gitlab/ci/config.rb index 585e671ce42..0c293c3f0ef 100644 --- a/lib/gitlab/ci/config.rb +++ b/lib/gitlab/ci/config.rb @@ -9,7 +9,7 @@ module Gitlab include Gitlab::Utils::StrongMemoize ConfigError = Class.new(StandardError) - TIMEOUT_SECONDS = 30.seconds + TIMEOUT_SECONDS = ENV.fetch('GITLAB_CI_CONFIG_FETCH_TIMEOUT_SECONDS', 30).to_i.clamp(0, 60).seconds TIMEOUT_MESSAGE = 'Request timed out when fetching configuration files.' RESCUE_ERRORS = [ @@ -21,14 +21,15 @@ module Gitlab attr_reader :root, :context, :source_ref_path, :source, :logger - def initialize(config, project: nil, pipeline: nil, sha: nil, user: nil, parent_pipeline: nil, source: nil, logger: nil) + # rubocop: disable Metrics/ParameterLists + def initialize(config, project: nil, pipeline: nil, sha: nil, user: nil, parent_pipeline: nil, source: nil, pipeline_config: nil, logger: nil) @logger = logger || ::Gitlab::Ci::Pipeline::Logger.new(project: project) @source_ref_path = pipeline&.source_ref_path @project = project @context = self.logger.instrument(:config_build_context, once: true) do pipeline ||= ::Ci::Pipeline.new(project: project, sha: sha, user: user, source: source) - build_context(project: project, pipeline: pipeline, sha: sha, user: user, parent_pipeline: parent_pipeline) + build_context(project: project, pipeline: pipeline, sha: sha, user: user, parent_pipeline: parent_pipeline, pipeline_config: pipeline_config) end @context.set_deadline(TIMEOUT_SECONDS) @@ -49,6 +50,7 @@ module Gitlab rescue *rescue_errors => e raise Config::ConfigError, e.message end + # rubocop: enable Metrics/ParameterLists def valid? @root.valid? @@ -117,8 +119,7 @@ module Gitlab def expand_config(config) build_config(config) - rescue Gitlab::Config::Loader::Yaml::DataTooLargeError, - Gitlab::Config::Loader::MultiDocYaml::DataTooLargeError => e + rescue Gitlab::Config::Loader::Yaml::DataTooLargeError => e track_and_raise_for_dev_exception(e) raise Config::ConfigError, e.message @@ -157,13 +158,14 @@ module Gitlab end end - def build_context(project:, pipeline:, sha:, user:, parent_pipeline:) + def build_context(project:, pipeline:, sha:, user:, parent_pipeline:, pipeline_config:) Config::External::Context.new( project: project, sha: sha || find_sha(project), user: user, parent_pipeline: parent_pipeline, variables: build_variables(pipeline: pipeline), + pipeline_config: pipeline_config, logger: logger) end diff --git a/lib/gitlab/ci/config/entry/cache.rb b/lib/gitlab/ci/config/entry/cache.rb index a635f409109..b3ff74c14da 100644 --- a/lib/gitlab/ci/config/entry/cache.rb +++ b/lib/gitlab/ci/config/entry/cache.rb @@ -9,11 +9,12 @@ module Gitlab include ::Gitlab::Config::Entry::Validatable include ::Gitlab::Config::Entry::Attributable - ALLOWED_KEYS = %i[key untracked paths when policy unprotect].freeze + ALLOWED_KEYS = %i[key untracked paths when policy unprotect fallback_keys].freeze ALLOWED_POLICY = %w[pull-push push pull].freeze DEFAULT_POLICY = 'pull-push' ALLOWED_WHEN = %w[on_success on_failure always].freeze DEFAULT_WHEN = 'on_success' + DEFAULT_FALLBACK_KEYS = [].freeze validations do validates :config, type: Hash, allowed_keys: ALLOWED_KEYS @@ -27,6 +28,8 @@ module Gitlab in: ALLOWED_WHEN, message: "should be one of: #{ALLOWED_WHEN.join(', ')}" } + + validates :fallback_keys, length: { maximum: 5, too_long: "has to many entries (maximum %{count})" } end end @@ -42,7 +45,10 @@ module Gitlab entry :paths, Entry::Paths, description: 'Specify which paths should be cached across builds.' - attributes :policy, :when, :unprotect + entry :fallback_keys, ::Gitlab::Config::Entry::ArrayOfStrings, + description: 'List of keys to download cache from if no cache hit occurred for key' + + attributes :policy, :when, :unprotect, :fallback_keys def value result = super @@ -52,6 +58,7 @@ module Gitlab result[:policy] = policy || DEFAULT_POLICY # Use self.when to avoid conflict with reserved word result[:when] = self.when || DEFAULT_WHEN + result[:fallback_keys] = fallback_keys || DEFAULT_FALLBACK_KEYS result end diff --git a/lib/gitlab/ci/config/entry/job.rb b/lib/gitlab/ci/config/entry/job.rb index 7c49b59a7f0..d31d1b366c3 100644 --- a/lib/gitlab/ci/config/entry/job.rb +++ b/lib/gitlab/ci/config/entry/job.rb @@ -14,7 +14,7 @@ module Gitlab ALLOWED_KEYS = %i[tags script image services start_in artifacts cache dependencies before_script after_script hooks environment coverage retry parallel interruptible timeout - release id_tokens].freeze + release id_tokens publish].freeze validations do validates :config, allowed_keys: Gitlab::Ci::Config::Entry::Job.allowed_keys + PROCESSABLE_ALLOWED_KEYS @@ -45,6 +45,8 @@ module Gitlab errors.add(:dependencies, "the #{missing_needs.join(", ")} should be part of needs") if missing_needs.any? end end + + validates :publish, absence: { message: "can only be used within a `pages` job" }, unless: -> { pages_job? } end entry :before_script, Entry::Commands, @@ -125,10 +127,14 @@ module Gitlab inherit: false, metadata: { composable_class: ::Gitlab::Ci::Config::Entry::IdToken } + entry :publish, Entry::Publish, + description: 'Path to be published with Pages', + inherit: false + attributes :script, :tags, :when, :dependencies, :needs, :retry, :parallel, :start_in, :interruptible, :timeout, - :release, :allow_failure + :release, :allow_failure, :publish def self.matching?(name, config) !name.to_s.start_with?('.') && @@ -164,12 +170,13 @@ module Gitlab artifacts: artifacts_value, release: release_value, after_script: after_script_value, - hooks: hooks_pre_get_sources_script_enabled? ? hooks_value : nil, + hooks: hooks_value, ignore: ignored?, allow_failure_criteria: allow_failure_criteria, needs: needs_defined? ? needs_value : nil, scheduling_type: needs_defined? ? :dag : :stage, - id_tokens: id_tokens_value + id_tokens: id_tokens_value, + publish: publish ).compact end @@ -177,6 +184,10 @@ module Gitlab allow_failure_defined? ? static_allow_failure : manual_action? end + def pages_job? + name == :pages + end + def self.allowed_keys ALLOWED_KEYS end @@ -194,10 +205,6 @@ module Gitlab allow_failure_value end - - def hooks_pre_get_sources_script_enabled? - YamlProcessor::FeatureFlags.enabled?(:ci_hooks_pre_get_sources_script) - end end end end diff --git a/lib/gitlab/ci/config/entry/product/parallel.rb b/lib/gitlab/ci/config/entry/product/parallel.rb index e91714e3f5c..59cd3d3cf91 100644 --- a/lib/gitlab/ci/config/entry/product/parallel.rb +++ b/lib/gitlab/ci/config/entry/product/parallel.rb @@ -19,7 +19,7 @@ module Gitlab validations do validates :config, numericality: { only_integer: true, - greater_than_or_equal_to: 2, + greater_than_or_equal_to: 1, less_than_or_equal_to: Entry::Product::Parallel::PARALLEL_LIMIT }, allow_nil: true diff --git a/lib/gitlab/ci/config/entry/publish.rb b/lib/gitlab/ci/config/entry/publish.rb new file mode 100644 index 00000000000..52a2487009e --- /dev/null +++ b/lib/gitlab/ci/config/entry/publish.rb @@ -0,0 +1,24 @@ +# frozen_string_literal: true + +module Gitlab + module Ci + class Config + module Entry + ## + # Entry that represents the path to be published with Pages. + # + class Publish < ::Gitlab::Config::Entry::Node + include ::Gitlab::Config::Entry::Validatable + + validations do + validates :config, type: String + end + + def self.default + 'public' + end + end + end + end + end +end diff --git a/lib/gitlab/ci/config/entry/rules/rule.rb b/lib/gitlab/ci/config/entry/rules/rule.rb index 63bf1b38ac6..1e7f6056a65 100644 --- a/lib/gitlab/ci/config/entry/rules/rule.rb +++ b/lib/gitlab/ci/config/entry/rules/rule.rb @@ -9,7 +9,7 @@ module Gitlab include ::Gitlab::Config::Entry::Configurable include ::Gitlab::Config::Entry::Attributable - ALLOWED_KEYS = %i[if changes exists when start_in allow_failure variables].freeze + ALLOWED_KEYS = %i[if changes exists when start_in allow_failure variables needs].freeze ALLOWED_WHEN = %w[on_success on_failure always never manual delayed].freeze attributes :if, :exists, :when, :start_in, :allow_failure @@ -20,6 +20,11 @@ module Gitlab entry :variables, Entry::Variables, description: 'Environment variables to define for rule conditions.' + entry :needs, Entry::Needs, + description: 'Needs configuration to define for rule conditions.', + metadata: { allowed_needs: %i[job] }, + inherit: false + validations do validates :config, presence: true validates :config, type: { with: Hash } @@ -46,7 +51,8 @@ module Gitlab def value config.merge( changes: (changes_value if changes_defined?), - variables: (variables_value if variables_defined?) + variables: (variables_value if variables_defined?), + needs: (needs_value if needs_defined?) ).compact end diff --git a/lib/gitlab/ci/config/external/context.rb b/lib/gitlab/ci/config/external/context.rb index 6eef279d3de..b8e012ec851 100644 --- a/lib/gitlab/ci/config/external/context.rb +++ b/lib/gitlab/ci/config/external/context.rb @@ -9,29 +9,29 @@ module Gitlab TimeoutError = Class.new(StandardError) - MAX_INCLUDES = 100 - NEW_MAX_INCLUDES = 150 # Update to MAX_INCLUDES when FF ci_includes_count_duplicates is removed + TEMP_MAX_INCLUDES = 100 # For logging; to be removed in https://gitlab.com/gitlab-org/gitlab/-/issues/396776 include ::Gitlab::Utils::StrongMemoize - attr_reader :project, :sha, :user, :parent_pipeline, :variables + attr_reader :project, :sha, :user, :parent_pipeline, :variables, :pipeline_config attr_reader :expandset, :execution_deadline, :logger, :max_includes delegate :instrument, to: :logger def initialize( project: nil, sha: nil, user: nil, parent_pipeline: nil, variables: nil, - logger: nil + pipeline_config: nil, logger: nil ) @project = project @sha = sha @user = user @parent_pipeline = parent_pipeline @variables = variables || Ci::Variables::Collection.new - @expandset = Feature.enabled?(:ci_includes_count_duplicates, project) ? [] : Set.new + @pipeline_config = pipeline_config + @expandset = [] @execution_deadline = 0 @logger = logger || Gitlab::Ci::Pipeline::Logger.new(project: project) - @max_includes = Feature.enabled?(:ci_includes_count_duplicates, project) ? NEW_MAX_INCLUDES : MAX_INCLUDES + @max_includes = Gitlab::CurrentSettings.current_application_settings.ci_max_includes yield self if block_given? end @@ -91,6 +91,13 @@ module Gitlab expandset.map(&:metadata) end + # Some Ci::ProjectConfig sources prepend the config content with an "internal" `include`, which becomes + # the first included file. When running a pipeline, we pass pipeline_config into the context of the first + # included file, which we use in this method to determine if the file is an "internal" one. + def internal_include? + !!pipeline_config&.internal_include_prepended? + end + protected attr_writer :expandset, :execution_deadline, :logger, :max_includes diff --git a/lib/gitlab/ci/config/external/file/artifact.rb b/lib/gitlab/ci/config/external/file/artifact.rb index 0b90d240a15..273d78bd583 100644 --- a/lib/gitlab/ci/config/external/file/artifact.rb +++ b/lib/gitlab/ci/config/external/file/artifact.rb @@ -22,7 +22,7 @@ module Gitlab strong_memoize(:content) do Gitlab::Ci::ArtifactFileReader.new(artifact_job).read(location) rescue Gitlab::Ci::ArtifactFileReader::Error => error - errors.push(error.message) + errors.push(error.message) # TODO this memoizes the error message as a content! end end diff --git a/lib/gitlab/ci/config/external/file/base.rb b/lib/gitlab/ci/config/external/file/base.rb index 84f34f2584b..6b635cdf33b 100644 --- a/lib/gitlab/ci/config/external/file/base.rb +++ b/lib/gitlab/ci/config/external/file/base.rb @@ -61,16 +61,16 @@ module Gitlab [params, context.project&.full_path, context.sha].hash end - def load_and_validate_expanded_hash! - context.logger.instrument(:config_file_fetch_content_hash) do - content_hash # calling the method loads then memoizes the result - end - - context.logger.instrument(:config_file_expand_content_includes) do - expanded_content_hash # calling the method expands then memoizes the result - end + # This method is overridden to load context into the memoized result + # or to lazily load context via BatchLoader + def preload_context + # no-op + end - validate_hash! + def preload_content + # calling the `content` method either loads content into the memoized result + # or lazily loads it via BatchLoader + content end def validate_location! @@ -82,31 +82,65 @@ module Gitlab end def validate_context! - raise NotImplementedError, 'subclass must implement validate_context' + raise NotImplementedError, 'subclass must implement `validate_context!`' end def validate_content! - if content.blank? - errors.push("Included file `#{masked_location}` is empty or does not exist!") + errors.push("Included file `#{masked_location}` is empty or does not exist!") if content.blank? + end + + def load_and_validate_expanded_hash! + context.logger.instrument(:config_file_fetch_content_hash) do + content_result # calling the method loads YAML then memoizes the content result + end + + context.logger.instrument(:config_file_interpolate_result) do + interpolator.interpolate! + end + + return validate_interpolation! unless interpolator.valid? + + context.logger.instrument(:config_file_expand_content_includes) do + expanded_content_hash # calling the method expands then memoizes the result end + + validate_hash! end protected - def expanded_content_hash - return unless content_hash + def content_result + ::Gitlab::Ci::Config::Yaml + .load_result!(content, project: context.project) + end + strong_memoize_attr :content_result - strong_memoize(:expanded_content_hash) do - expand_includes(content_hash) - end + def content_inputs + # TODO: remove support for `with` syntax in 16.1, see https://gitlab.com/gitlab-org/gitlab/-/issues/408369 + # In the interim prefer `inputs` over `with` while allow either syntax. + params.to_h.slice(:inputs, :with).each_value.first end + strong_memoize_attr :content_inputs def content_hash - strong_memoize(:content_hash) do - ::Gitlab::Ci::Config::Yaml.load!(content) + interpolator.interpolate! + + interpolator.to_hash + end + strong_memoize_attr :content_hash + + def interpolator + External::Interpolator + .new(content_result, content_inputs, context) + end + strong_memoize_attr :interpolator + + def expanded_content_hash + return if content_hash.blank? + + strong_memoize(:expanded_content_hash) do + expand_includes(content_hash) end - rescue Gitlab::Config::Loader::FormatError - nil end def validate_hash! @@ -115,6 +149,12 @@ module Gitlab end end + def validate_interpolation! + return if interpolator.valid? + + errors.push("`#{masked_location}`: #{interpolator.error_message}") + end + def expand_includes(hash) External::Processor.new(hash, context.mutate(expand_context_attrs)).perform end diff --git a/lib/gitlab/ci/config/external/file/component.rb b/lib/gitlab/ci/config/external/file/component.rb index 33e7724bf9b..9679d78a1aa 100644 --- a/lib/gitlab/ci/config/external/file/component.rb +++ b/lib/gitlab/ci/config/external/file/component.rb @@ -11,11 +11,12 @@ module Gitlab def initialize(params, context) @location = params[:component] + super end def matching? - super && ::Feature.enabled?(:ci_include_components, context.project) + super && ::Feature.enabled?(:ci_include_components, context.project&.root_namespace) end def content @@ -48,9 +49,7 @@ module Gitlab end def validate_content! - return if content.present? - - errors.push(component_result.message) + errors.push(component_result.message) unless content.present? end private diff --git a/lib/gitlab/ci/config/external/file/project.rb b/lib/gitlab/ci/config/external/file/project.rb index f8d4cb27710..16a6bc8a692 100644 --- a/lib/gitlab/ci/config/external/file/project.rb +++ b/lib/gitlab/ci/config/external/file/project.rb @@ -15,7 +15,8 @@ module Gitlab # `Repository#blobs_at` does not support files with the `/` prefix. @location = Gitlab::Utils.remove_leading_slashes(params[:file]) - @project_name = get_project_name(params[:project]) + # We are using the same downcase in the `project` method. + @project_name = get_project_name(params[:project]).to_s.downcase @ref_name = params[:ref] || 'HEAD' super @@ -39,6 +40,15 @@ module Gitlab ) end + def preload_context + # + # calling these methods lazily loads them via BatchLoader + # + project + can_access_local_content? + sha + end + def validate_context! if !can_access_local_content? errors.push("Project `#{masked_project_name}` not found or access denied! Make sure any includes in the pipeline configuration are correctly defined.") @@ -58,21 +68,55 @@ module Gitlab private def project - strong_memoize(:project) do - ::Project.find_by_full_path(project_name) + return legacy_project if ::Feature.disabled?(:ci_batch_project_includes_context, context.project) + + # Although we use `where_full_path_in`, this BatchLoader does not reduce the number of queries to 1. + # That's because we use it in the `can_access_local_content?` and `sha` BatchLoaders + # as the `for` parameter. And this loads the project immediately. + BatchLoader.for(project_name) + .batch do |project_names, loader| + ::Project.where_full_path_in(project_names.uniq).each do |project| + # We are using the same downcase in the `initialize` method. + loader.call(project.full_path.downcase, project) + end end end def can_access_local_content? - strong_memoize(:can_access_local_content) do - context.logger.instrument(:config_file_project_validate_access) do - Ability.allowed?(context.user, :download_code, project) + if ::Feature.disabled?(:ci_batch_project_includes_context, context.project) + return legacy_can_access_local_content? + end + + return if project.nil? + + # We are force-loading the project with the `itself` method + # because the `project` variable can be a `BatchLoader` object and we should not + # pass a `BatchLoader` object in the `for` method to prevent unwanted behaviors. + BatchLoader.for(project.itself) + .batch(key: context.user) do |projects, loader, args| + projects.uniq.each do |project| + context.logger.instrument(:config_file_project_validate_access) do + loader.call(project, Ability.allowed?(args[:key], :download_code, project)) + end + end + end + end + + def sha + return legacy_sha if ::Feature.disabled?(:ci_batch_project_includes_context, context.project) + return if project.nil? + + # with `itself`, we are force-loading the project + BatchLoader.for([project.itself, ref_name]) + .batch do |project_ref_pairs, loader| + project_ref_pairs.uniq.each do |project, ref_name| + loader.call([project, ref_name], project.commit(ref_name).try(:sha)) end end end def fetch_local_content - BatchLoader.for([sha, location]) + BatchLoader.for([sha.to_s, location]) .batch(key: project) do |locations, loader, args| context.logger.instrument(:config_file_fetch_project_content) do args[:key].repository.blobs_at(locations).each do |blob| @@ -84,8 +128,22 @@ module Gitlab end end - def sha - strong_memoize(:sha) do + def legacy_project + strong_memoize(:legacy_project) do + ::Project.find_by_full_path(project_name) + end + end + + def legacy_can_access_local_content? + strong_memoize(:legacy_can_access_local_content) do + context.logger.instrument(:config_file_project_validate_access) do + Ability.allowed?(context.user, :download_code, project) + end + end + end + + def legacy_sha + strong_memoize(:legacy_sha) do project.commit(ref_name).try(:sha) end end @@ -94,7 +152,7 @@ module Gitlab def expand_context_attrs { project: project, - sha: sha, + sha: sha.to_s, # we need to use `.to_s` to load the value from the BatchLoader user: context.user, parent_pipeline: context.parent_pipeline, variables: context.variables diff --git a/lib/gitlab/ci/config/external/interpolator.rb b/lib/gitlab/ci/config/external/interpolator.rb new file mode 100644 index 00000000000..f8af77fb246 --- /dev/null +++ b/lib/gitlab/ci/config/external/interpolator.rb @@ -0,0 +1,127 @@ +# frozen_string_literal: true + +module Gitlab + module Ci + class Config + module External + ## + # Config::External::Interpolation perform includable file interpolation, and surfaces all possible interpolation + # errors. It is designed to provide an external file's validation context too. + # + class Interpolator + include ::Gitlab::Utils::StrongMemoize + + attr_reader :config, :args, :ctx, :errors + + def initialize(config, args, ctx = nil) + @config = config + @args = args.to_h + @ctx = ctx + @errors = [] + + validate! + end + + def valid? + @errors.none? + end + + def ready? + ## + # Interpolation is ready when it has been either interrupted by an error or finished with a result. + # + @result || @errors.any? + end + + def interpolate? + enabled? && has_header? && valid? + end + + def has_header? + config.has_header? && config.header.present? + end + + def to_hash + @result.to_h + end + + def error_message + # Interpolator can have multiple error messages, like: ["interpolation interrupted by errors", "unknown + # interpolation key: `abc`"] ? + # + # We are joining them together into a single one, because only one error can be surfaced when an external + # file gets included and is invalid. The limit to three error messages combined is more than required. + # + @errors.first(3).join(', ') + end + + ## + # TODO Add `instrument.logger` instrumentation blocks: + # https://gitlab.com/gitlab-org/gitlab/-/issues/396722 + # + def interpolate! + return {} unless valid? + return @result ||= content.to_h unless interpolate? + + return @errors.concat(header.errors) unless header.valid? + return @errors.concat(inputs.errors) unless inputs.valid? + return @errors.concat(context.errors) unless context.valid? + return @errors.concat(template.errors) unless template.valid? + + if ctx&.user + ::Gitlab::UsageDataCounters::HLLRedisCounter.track_event('ci_interpolation_users', values: ctx.user.id) + end + + @result ||= template.interpolated.to_h.deep_symbolize_keys + end + strong_memoize_attr :interpolate! + + private + + def validate! + return errors.push('content does not have a valid YAML syntax') unless config.valid? + + return unless has_header? && !enabled? + + errors.push('can not evaluate included file because interpolation is disabled') + end + + def enabled? + return false if ctx.nil? + + ::Feature.enabled?(:ci_includable_files_interpolation, ctx.project) + end + + def header + @entry ||= Ci::Config::Header::Root.new(config.header).tap do |header| + header.key = 'header' + + header.compose! + end + end + + def content + @content ||= config.content + end + + def spec + @spec ||= header.inputs_value + end + + def inputs + @inputs ||= Ci::Input::Inputs.new(spec, args) + end + + def context + @context ||= Ci::Interpolation::Context.new({ inputs: inputs.to_hash }) + end + + def template + @template ||= ::Gitlab::Ci::Interpolation::Template + .new(content, context) + end + end + end + end + end +end diff --git a/lib/gitlab/ci/config/external/mapper/matcher.rb b/lib/gitlab/ci/config/external/mapper/matcher.rb index e59eaa6d324..5072d0971cf 100644 --- a/lib/gitlab/ci/config/external/mapper/matcher.rb +++ b/lib/gitlab/ci/config/external/mapper/matcher.rb @@ -7,22 +7,13 @@ module Gitlab class Mapper # Matches the first file type that matches the given location class Matcher < Base - FILE_CLASSES = [ - External::File::Local, - External::File::Project, - External::File::Component, - External::File::Remote, - External::File::Template, - External::File::Artifact - ].freeze - - FILE_SUBKEYS = FILE_CLASSES.map { |f| f.name.demodulize.downcase }.freeze + include Gitlab::Utils::StrongMemoize private def process_without_instrumentation(locations) locations.map do |location| - matching = FILE_CLASSES.map do |file_class| + matching = file_classes.map do |file_class| file_class.new(location, context) end.select(&:matching?) @@ -31,10 +22,10 @@ module Gitlab elsif matching.empty? raise Mapper::AmbigiousSpecificationError, "`#{masked_location(location.to_json)}` does not have a valid subkey for include. " \ - "Valid subkeys are: `#{FILE_SUBKEYS.join('`, `')}`" + "Valid subkeys are: `#{file_subkeys.join('`, `')}`" else raise Mapper::AmbigiousSpecificationError, - "Each include must use only one of: `#{FILE_SUBKEYS.join('`, `')}`" + "Each include must use only one of: `#{file_subkeys.join('`, `')}`" end end end @@ -42,6 +33,28 @@ module Gitlab def masked_location(location) context.mask_variables_from(location) end + + def file_subkeys + file_classes.map { |f| f.name.demodulize.downcase }.freeze + end + strong_memoize_attr :file_subkeys + + def file_classes + classes = [ + External::File::Local, + External::File::Project, + External::File::Remote, + External::File::Template, + External::File::Artifact + ] + + if Feature.enabled?(:ci_include_components, context.project&.root_namespace) + classes << External::File::Component + end + + classes + end + strong_memoize_attr :file_classes end end end diff --git a/lib/gitlab/ci/config/external/mapper/verifier.rb b/lib/gitlab/ci/config/external/mapper/verifier.rb index 2982b0efb6c..3472f2c581a 100644 --- a/lib/gitlab/ci/config/external/mapper/verifier.rb +++ b/lib/gitlab/ci/config/external/mapper/verifier.rb @@ -9,8 +9,49 @@ module Gitlab class Verifier < Base private + # rubocop: disable Metrics/CyclomaticComplexity def process_without_instrumentation(files) + if ::Feature.disabled?(:ci_batch_project_includes_context, context.project) + return legacy_process_without_instrumentation(files) + end + + files.each do |file| + # When running a pipeline, some Ci::ProjectConfig sources prepend the config content with an + # "internal" `include`. We use this condition to exclude that `include` from the included file set. + context.expandset << file unless context.internal_include? + verify_max_includes! + + verify_execution_time! + + file.validate_location! + file.preload_context if file.valid? + end + + # We do not combine the loops because we need to load the context of all files via `BatchLoader`. + files.each do |file| # rubocop:disable Style/CombinableLoops + verify_execution_time! + + file.validate_context! if file.valid? + file.preload_content if file.valid? + end + + # We do not combine the loops because we need to load the content of all files via `BatchLoader`. + files.each do |file| # rubocop:disable Style/CombinableLoops + verify_execution_time! + + file.validate_content! if file.valid? + file.load_and_validate_expanded_hash! if file.valid? + end + end + # rubocop: enable Metrics/CyclomaticComplexity + + def legacy_process_without_instrumentation(files) files.each do |file| + # When running a pipeline, some Ci::ProjectConfig sources prepend the config content with an + # "internal" `include`. We use this condition to exclude that `include` from the included file set. + context.expandset << file unless context.internal_include? + verify_max_includes! + verify_execution_time! file.validate_location! @@ -21,23 +62,15 @@ module Gitlab # We do not combine the loops because we need to load the content of all files before continuing # to call `BatchLoader` for all locations. files.each do |file| # rubocop:disable Style/CombinableLoops - # Checking the max includes will be changed with https://gitlab.com/gitlab-org/gitlab/-/issues/367150 - verify_max_includes! verify_execution_time! file.validate_content! if file.valid? file.load_and_validate_expanded_hash! if file.valid? - - if context.expandset.is_a?(Array) # To be removed when FF 'ci_includes_count_duplicates' is removed - context.expandset << file - else - context.expandset.add(file) - end end end def verify_max_includes! - return if context.expandset.count < context.max_includes + return if context.expandset.count <= context.max_includes raise Mapper::TooManyIncludesError, "Maximum of #{context.max_includes} nested includes are allowed!" end diff --git a/lib/gitlab/ci/config/header/input.rb b/lib/gitlab/ci/config/header/input.rb new file mode 100644 index 00000000000..7f0edaaac4c --- /dev/null +++ b/lib/gitlab/ci/config/header/input.rb @@ -0,0 +1,25 @@ +# frozen_string_literal: true + +module Gitlab + module Ci + class Config + module Header + ## + # Input parameter used for interpolation with the CI configuration. + # + class Input < ::Gitlab::Config::Entry::Node + include ::Gitlab::Config::Entry::Validatable + include ::Gitlab::Config::Entry::Attributable + + attributes :default, prefix: :input + + validations do + validates :config, type: Hash, allowed_keys: [:default] + validates :key, alphanumeric: true + validates :input_default, alphanumeric: true, allow_nil: true + end + end + end + end + end +end diff --git a/lib/gitlab/ci/config/header/root.rb b/lib/gitlab/ci/config/header/root.rb new file mode 100644 index 00000000000..251682d13b4 --- /dev/null +++ b/lib/gitlab/ci/config/header/root.rb @@ -0,0 +1,36 @@ +# frozen_string_literal: true + +module Gitlab + module Ci + class Config + module Header + ## + # This class represents the root entry of the GitLab CI configuration header. + # + # A header is the first document in a multi-doc YAML that contains metadata + # and specifications about the GitLab CI configuration (the second document). + # + # The header is optional. A CI configuration can also be represented with a + # YAML containing a single document. + class Root < ::Gitlab::Config::Entry::Node + include ::Gitlab::Config::Entry::Configurable + + ALLOWED_KEYS = %i[spec].freeze + + validations do + validates :config, type: Hash, allowed_keys: ALLOWED_KEYS + end + + entry :spec, Header::Spec, + description: 'Specifications of the CI configuration.', + inherit: false, + default: {} + + def inputs_value + spec_entry.inputs_value + end + end + end + end + end +end diff --git a/lib/gitlab/ci/config/header/spec.rb b/lib/gitlab/ci/config/header/spec.rb new file mode 100644 index 00000000000..4753c1eb441 --- /dev/null +++ b/lib/gitlab/ci/config/header/spec.rb @@ -0,0 +1,24 @@ +# frozen_string_literal: true + +module Gitlab + module Ci + class Config + module Header + class Spec < ::Gitlab::Config::Entry::Node + include ::Gitlab::Config::Entry::Configurable + + ALLOWED_KEYS = %i[inputs].freeze + + validations do + validates :config, allowed_keys: ALLOWED_KEYS + end + + entry :inputs, ::Gitlab::Config::Entry::ComposableHash, + description: 'Allowed input parameters used for interpolation.', + inherit: false, + metadata: { composable_class: ::Gitlab::Ci::Config::Header::Input } + end + end + end + end +end diff --git a/lib/gitlab/ci/config/yaml.rb b/lib/gitlab/ci/config/yaml.rb index 94ef0afe7f9..729e7e3ac05 100644 --- a/lib/gitlab/ci/config/yaml.rb +++ b/lib/gitlab/ci/config/yaml.rb @@ -7,23 +7,39 @@ module Gitlab AVAILABLE_TAGS = [Config::Yaml::Tags::Reference].freeze MAX_DOCUMENTS = 2 - class << self - def load!(content) + class Loader + def initialize(content, project: nil) + @content = content + @project = project + end + + def load! ensure_custom_tags - if ::Feature.enabled?(:ci_multi_doc_yaml) - Gitlab::Config::Loader::MultiDocYaml.new( + if project.present? && ::Feature.enabled?(:ci_multi_doc_yaml, project) + ::Gitlab::Config::Loader::MultiDocYaml.new( content, max_documents: MAX_DOCUMENTS, - additional_permitted_classes: AVAILABLE_TAGS - ).load!.first + additional_permitted_classes: AVAILABLE_TAGS, + reject_empty: true + ).load! else - Gitlab::Config::Loader::Yaml.new(content, additional_permitted_classes: AVAILABLE_TAGS).load! + ::Gitlab::Config::Loader::Yaml + .new(content, additional_permitted_classes: AVAILABLE_TAGS) + .load! end end + def to_result + Yaml::Result.new(config: load!, error: nil) + rescue ::Gitlab::Config::Loader::FormatError => e + Yaml::Result.new(error: e) + end + private + attr_reader :content, :project + def ensure_custom_tags @ensure_custom_tags ||= begin AVAILABLE_TAGS.each { |klass| Psych.add_tag(klass.tag, klass) } @@ -32,6 +48,23 @@ module Gitlab end end end + + class << self + def load!(content, project: nil) + Loader.new(content, project: project).to_result.then do |result| + ## + # raise an error for backwards compatibility + # + raise result.error unless result.valid? + + result.content + end + end + + def load_result!(content, project: nil) + Loader.new(content, project: project).to_result + end + end end end end diff --git a/lib/gitlab/ci/config/yaml/result.rb b/lib/gitlab/ci/config/yaml/result.rb new file mode 100644 index 00000000000..33f9a454106 --- /dev/null +++ b/lib/gitlab/ci/config/yaml/result.rb @@ -0,0 +1,40 @@ +# frozen_string_literal: true + +module Gitlab + module Ci + class Config + module Yaml + class Result + attr_reader :error + + def initialize(config: nil, error: nil) + @config = Array.wrap(config) + @error = error + end + + def valid? + error.nil? + end + + def has_header? + return false unless @config.first.is_a?(Hash) + + @config.size > 1 && @config.first.key?(:spec) + end + + def header + raise ArgumentError unless has_header? + + @config.first + end + + def content + return @config.last if has_header? + + @config.first + end + end + end + end + end +end diff --git a/lib/gitlab/ci/input/arguments/base.rb b/lib/gitlab/ci/input/arguments/base.rb new file mode 100644 index 00000000000..a46037c40ce --- /dev/null +++ b/lib/gitlab/ci/input/arguments/base.rb @@ -0,0 +1,62 @@ +# frozen_string_literal: true + +module Gitlab + module Ci + module Input + module Arguments + ## + # Input::Arguments::Base is a common abstraction for input arguments: + # - required + # - optional + # - with a default value + # + class Base + attr_reader :key, :value, :spec, :errors + + ArgumentNotValidError = Class.new(StandardError) + + def initialize(key, spec, value) + @key = key # hash key / argument name + @value = value # user-provided value + @spec = spec # configured specification + @errors = [] + + unless value.is_a?(String) || value.nil? # rubocop:disable Style/IfUnlessModifier + @errors.push("unsupported value in input argument `#{key}`") + end + + validate! + end + + def valid? + @errors.none? + end + + def validate! + raise NotImplementedError + end + + def to_value + raise NotImplementedError + end + + def to_hash + raise ArgumentNotValidError unless valid? + + @output ||= { key => to_value } + end + + def self.matches?(spec) + raise NotImplementedError + end + + private + + def error(message) + @errors.push("`#{@key}` input: #{message}") + end + end + end + end + end +end diff --git a/lib/gitlab/ci/input/arguments/default.rb b/lib/gitlab/ci/input/arguments/default.rb new file mode 100644 index 00000000000..c6762b04870 --- /dev/null +++ b/lib/gitlab/ci/input/arguments/default.rb @@ -0,0 +1,48 @@ +# frozen_string_literal: true + +module Gitlab + module Ci + module Input + module Arguments + ## + # Input::Arguments::Default class represents user-provided input argument that has a default value. + # + class Default < Input::Arguments::Base + def validate! + return error('argument specification invalid') unless spec.key?(:default) + + error('invalid default value') unless default.is_a?(String) || default.nil? + end + + ## + # User-provided value needs to be specified, but it may be an empty string: + # + # ```yaml + # inputs: + # env: + # default: development + # + # with: + # env: "" + # ``` + # + # The configuration above will result in `env` being an empty string. + # + def to_value + value.nil? ? default : value + end + + def default + spec[:default] + end + + def self.matches?(spec) + return false unless spec.is_a?(Hash) + + spec.count == 1 && spec.each_key.first == :default + end + end + end + end + end +end diff --git a/lib/gitlab/ci/input/arguments/options.rb b/lib/gitlab/ci/input/arguments/options.rb new file mode 100644 index 00000000000..855dab129be --- /dev/null +++ b/lib/gitlab/ci/input/arguments/options.rb @@ -0,0 +1,55 @@ +# frozen_string_literal: true + +module Gitlab + module Ci + module Input + module Arguments + ## + # Input::Arguments::Options class represents user-provided input argument that is an enum, and is only valid + # when the value provided is listed as an acceptable one. + # + class Options < Input::Arguments::Base + ## + # An empty value is valid if it is allowlisted: + # + # ```yaml + # inputs: + # run: + # - "" + # - tests + # + # with: + # run: "" + # ``` + # + # The configuration above will return an empty value. + # + def validate! + return error('argument specification invalid') unless options.is_a?(Array) + return error('options argument empty') if options.empty? + + if !value.nil? + error("argument value #{value} not allowlisted") unless options.include?(value) + else + error('argument not provided') + end + end + + def to_value + value + end + + def options + spec[:options] + end + + def self.matches?(spec) + return false unless spec.is_a?(Hash) + + spec.count == 1 && spec.each_key.first == :options + end + end + end + end + end +end diff --git a/lib/gitlab/ci/input/arguments/required.rb b/lib/gitlab/ci/input/arguments/required.rb new file mode 100644 index 00000000000..2e39f548731 --- /dev/null +++ b/lib/gitlab/ci/input/arguments/required.rb @@ -0,0 +1,55 @@ +# frozen_string_literal: true + +module Gitlab + module Ci + module Input + module Arguments + ## + # Input::Arguments::Required class represents user-provided required input argument. + # + class Required < Input::Arguments::Base + ## + # The value has to be defined, but it may be empty. + # + def validate! + error('required value has not been provided') if value.nil? + end + + def to_value + value + end + + ## + # Required arguments do not have nested configuration. It has to be defined a null value. + # + # ```yaml + # spec: + # inputs: + # website: + # ``` + # + # An empty string value, that has no specification is also considered as a "required" input, however we should + # never see that being used, because it will be rejected by Ci::Config::Header validation. + # + # ```yaml + # spec: + # inputs: + # website: "" + # ``` + # + # An empty hash value is also considered to be a required argument: + # + # ```yaml + # spec: + # inputs: + # website: {} + # ``` + # + def self.matches?(spec) + spec.blank? + end + end + end + end + end +end diff --git a/lib/gitlab/ci/input/arguments/unknown.rb b/lib/gitlab/ci/input/arguments/unknown.rb new file mode 100644 index 00000000000..5873e6e66a6 --- /dev/null +++ b/lib/gitlab/ci/input/arguments/unknown.rb @@ -0,0 +1,31 @@ +# frozen_string_literal: true + +module Gitlab + module Ci + module Input + module Arguments + ## + # Input::Arguments::Unknown object gets fabricated when we can't match an input argument entry with any known + # specification. It is matched as the last one, and always returns an error. + # + class Unknown < Input::Arguments::Base + def validate! + if spec.is_a?(Hash) && spec.count == 1 + error("unrecognized input argument specification: `#{spec.each_key.first}`") + else + error('unrecognized input argument definition') + end + end + + def to_value + raise ArgumentError, 'unknown argument value' + end + + def self.matches?(*) + true + end + end + end + end + end +end diff --git a/lib/gitlab/ci/input/inputs.rb b/lib/gitlab/ci/input/inputs.rb new file mode 100644 index 00000000000..1b544e63e7d --- /dev/null +++ b/lib/gitlab/ci/input/inputs.rb @@ -0,0 +1,73 @@ +# frozen_string_literal: true + +module Gitlab + module Ci + module Input + ## + # Inputs::Input class represents user-provided inputs, configured using `with:` keyword. + # + # Input arguments are only valid with an associated component's inputs specification from component's header. + # + class Inputs + UnknownSpecArgumentError = Class.new(StandardError) + + ARGUMENTS = [ + Input::Arguments::Required, # Input argument is required + Input::Arguments::Default, # Input argument has a default value + Input::Arguments::Options, # Input argument that needs to be allowlisted + Input::Arguments::Unknown # Input argument has not been recognized + ].freeze + + def initialize(spec, args) + @spec = spec.to_h + @args = args.to_h + @inputs = [] + @errors = [] + + validate! + fabricate! + end + + def errors + @errors + @inputs.flat_map(&:errors) + end + + def valid? + errors.none? + end + + def unknown + @args.keys - @spec.keys + end + + def count + @inputs.count + end + + def to_hash + @inputs.inject({}) do |hash, argument| + raise ArgumentError unless argument.valid? + + hash.merge(argument.to_hash) + end + end + + private + + def validate! + @errors.push("unknown input arguments: #{unknown.inspect}") if unknown.any? + end + + def fabricate! + @spec.each do |key, spec| + argument = ARGUMENTS.find { |klass| klass.matches?(spec) } + + raise UnknownSpecArgumentError if argument.nil? + + @inputs.push(argument.new(key, spec, @args[key])) + end + end + end + end + end +end diff --git a/lib/gitlab/ci/interpolation/access.rb b/lib/gitlab/ci/interpolation/access.rb index 42598458902..f9bbd3e118d 100644 --- a/lib/gitlab/ci/interpolation/access.rb +++ b/lib/gitlab/ci/interpolation/access.rb @@ -45,7 +45,11 @@ module Gitlab raise ArgumentError, 'access path invalid' unless valid? @value ||= objects.inject(@ctx) do |memo, value| - memo.fetch(value.to_sym) + key = value.to_sym + + break @errors.push("unknown interpolation key: `#{key}`") unless memo.key?(key) + + memo.fetch(key) end rescue KeyError => e @errors.push(e) diff --git a/lib/gitlab/ci/interpolation/context.rb b/lib/gitlab/ci/interpolation/context.rb index ce7a86a3c9b..69c1fbb792c 100644 --- a/lib/gitlab/ci/interpolation/context.rb +++ b/lib/gitlab/ci/interpolation/context.rb @@ -38,6 +38,10 @@ module Gitlab @context.fetch(field) end + def key?(name) + @context.key?(name) + end + def to_h @context.to_h end @@ -53,7 +57,7 @@ module Gitlab end end - values.max + values.max.to_i end def self.fabricate(context) diff --git a/lib/gitlab/ci/jwt.rb b/lib/gitlab/ci/jwt.rb index d82ca875e76..4ba7b4cc6e1 100644 --- a/lib/gitlab/ci/jwt.rb +++ b/lib/gitlab/ci/jwt.rb @@ -31,6 +31,11 @@ module Gitlab attr_reader :build, :ttl + delegate :project, :user, :pipeline, :runner, to: :build + delegate :source_ref, :source_ref_path, to: :pipeline + delegate :public_key, to: :key + delegate :namespace, to: :project + def reserved_claims now = Time.now.to_i @@ -53,11 +58,12 @@ module Gitlab user_id: user&.id.to_s, user_login: user&.username, user_email: user&.email, - pipeline_id: build.pipeline.id.to_s, - pipeline_source: build.pipeline.source.to_s, + pipeline_id: pipeline.id.to_s, + pipeline_source: pipeline.source.to_s, job_id: build.id.to_s, ref: source_ref, ref_type: ref_type, + ref_path: source_ref_path, ref_protected: build.protected.to_s } @@ -82,30 +88,10 @@ module Gitlab end end - def public_key - key.public_key - end - def kid public_key.to_jwk[:kid] end - def project - build.project - end - - def namespace - project.namespace - end - - def user - build.user - end - - def source_ref - build.pipeline.source_ref - end - def ref_type ::Ci::BuildRunnerPresenter.new(build).ref_type end diff --git a/lib/gitlab/ci/jwt_v2.rb b/lib/gitlab/ci/jwt_v2.rb index cfefa79d9e0..aff30455d09 100644 --- a/lib/gitlab/ci/jwt_v2.rb +++ b/lib/gitlab/ci/jwt_v2.rb @@ -4,6 +4,8 @@ module Gitlab module Ci class JwtV2 < Jwt DEFAULT_AUD = Settings.gitlab.base_url + GITLAB_HOSTED_RUNNER = 'gitlab-hosted' + SELF_HOSTED_RUNNER = 'self-hosted' def self.for_build(build, aud: DEFAULT_AUD) new(build, ttl: build.metadata_timeout, aud: aud).encoded @@ -20,12 +22,38 @@ module Gitlab attr_reader :aud def reserved_claims - super.merge( + super.merge({ iss: Settings.gitlab.base_url, sub: "project_path:#{project.full_path}:ref_type:#{ref_type}:ref:#{source_ref}", - aud: aud + aud: aud, + user_identities: user_identities + }.compact) + end + + def user_identities + return unless user&.pass_user_identities_to_ci_jwt + + user.identities.map do |identity| + { + provider: identity.provider.to_s, + extern_uid: identity.extern_uid.to_s + } + end + end + + def custom_claims + super.merge( + runner_id: runner&.id, + runner_environment: runner_environment, + sha: pipeline.sha ) end + + def runner_environment + return unless runner + + runner.gitlab_hosted? ? GITLAB_HOSTED_RUNNER : SELF_HOSTED_RUNNER + end end end end diff --git a/lib/gitlab/ci/parsers/security/common.rb b/lib/gitlab/ci/parsers/security/common.rb index 1b9afc92d6b..447136df81f 100644 --- a/lib/gitlab/ci/parsers/security/common.rb +++ b/lib/gitlab/ci/parsers/security/common.rb @@ -139,6 +139,7 @@ module Gitlab details: data['details'] || {}, signatures: signatures, project_id: @project.id, + found_by_pipeline: report.pipeline, vulnerability_finding_signatures_enabled: @signatures_enabled)) end diff --git a/lib/gitlab/ci/parsers/security/validators/schema_validator.rb b/lib/gitlab/ci/parsers/security/validators/schema_validator.rb index bef4b147359..92d9d170575 100644 --- a/lib/gitlab/ci/parsers/security/validators/schema_validator.rb +++ b/lib/gitlab/ci/parsers/security/validators/schema_validator.rb @@ -7,27 +7,27 @@ module Gitlab module Validators class SchemaValidator SUPPORTED_VERSIONS = { - cluster_image_scanning: %w[14.0.4 14.0.5 14.0.6 14.1.0 14.1.1 14.1.2 14.1.3 15.0.0 15.0.1 15.0.2 15.0.4], - container_scanning: %w[14.0.0 14.0.1 14.0.2 14.0.3 14.0.4 14.0.5 14.0.6 14.1.0 14.1.1 14.1.2 14.1.3 15.0.0 15.0.1 15.0.2 15.0.4], - coverage_fuzzing: %w[14.0.0 14.0.1 14.0.2 14.0.3 14.0.4 14.0.5 14.0.6 14.1.0 14.1.1 14.1.2 14.1.3 15.0.0 15.0.1 15.0.2 15.0.4], - dast: %w[14.0.0 14.0.1 14.0.2 14.0.3 14.0.4 14.0.5 14.0.6 14.1.0 14.1.1 14.1.2 14.1.3 15.0.0 15.0.1 15.0.2 15.0.4], - api_fuzzing: %w[14.0.0 14.0.1 14.0.2 14.0.3 14.0.4 14.0.5 14.0.6 14.1.0 14.1.1 14.1.2 14.1.3 15.0.0 15.0.1 15.0.2 15.0.4], - dependency_scanning: %w[14.0.0 14.0.1 14.0.2 14.0.3 14.0.4 14.0.5 14.0.6 14.1.0 14.1.1 14.1.2 14.1.3 15.0.0 15.0.1 15.0.2 15.0.4], - sast: %w[14.0.0 14.0.1 14.0.2 14.0.3 14.0.4 14.0.5 14.0.6 14.1.0 14.1.1 14.1.2 14.1.3 15.0.0 15.0.1 15.0.2 15.0.4], - secret_detection: %w[14.0.0 14.0.1 14.0.2 14.0.3 14.0.4 14.0.5 14.0.6 14.1.0 14.1.1 14.1.2 14.1.3 15.0.0 15.0.1 15.0.2 15.0.4] + cluster_image_scanning: %w[15.0.0 15.0.1 15.0.2 15.0.4 15.0.6], + container_scanning: %w[15.0.0 15.0.1 15.0.2 15.0.4 15.0.6], + coverage_fuzzing: %w[15.0.0 15.0.1 15.0.2 15.0.4 15.0.6], + dast: %w[15.0.0 15.0.1 15.0.2 15.0.4 15.0.6], + api_fuzzing: %w[15.0.0 15.0.1 15.0.2 15.0.4 15.0.6], + dependency_scanning: %w[15.0.0 15.0.1 15.0.2 15.0.4 15.0.6], + sast: %w[15.0.0 15.0.1 15.0.2 15.0.4 15.0.6], + secret_detection: %w[15.0.0 15.0.1 15.0.2 15.0.4 15.0.6] }.freeze - VERSIONS_TO_REMOVE_IN_16_0 = %w[14.0.0 14.0.1 14.0.2 14.0.3 14.0.4 14.0.5 14.0.6 14.1.0 14.1.1 14.1.2 14.1.3].freeze + VERSIONS_TO_REMOVE_IN_17_0 = %w[].freeze DEPRECATED_VERSIONS = { - cluster_image_scanning: VERSIONS_TO_REMOVE_IN_16_0, - container_scanning: VERSIONS_TO_REMOVE_IN_16_0, - coverage_fuzzing: VERSIONS_TO_REMOVE_IN_16_0, - dast: VERSIONS_TO_REMOVE_IN_16_0, - api_fuzzing: VERSIONS_TO_REMOVE_IN_16_0, - dependency_scanning: VERSIONS_TO_REMOVE_IN_16_0, - sast: VERSIONS_TO_REMOVE_IN_16_0, - secret_detection: VERSIONS_TO_REMOVE_IN_16_0 + cluster_image_scanning: VERSIONS_TO_REMOVE_IN_17_0, + container_scanning: VERSIONS_TO_REMOVE_IN_17_0, + coverage_fuzzing: VERSIONS_TO_REMOVE_IN_17_0, + dast: VERSIONS_TO_REMOVE_IN_17_0, + api_fuzzing: VERSIONS_TO_REMOVE_IN_17_0, + dependency_scanning: VERSIONS_TO_REMOVE_IN_17_0, + sast: VERSIONS_TO_REMOVE_IN_17_0, + secret_detection: VERSIONS_TO_REMOVE_IN_17_0 }.freeze CURRENT_VERSIONS = SUPPORTED_VERSIONS.to_h { |k, v| [k, v - DEPRECATED_VERSIONS[k]] } @@ -131,11 +131,6 @@ module Gitlab end def report_uses_deprecated_schema_version? - # Avoid deprecation warnings for GitLab security scanners - # To be removed via https://gitlab.com/gitlab-org/gitlab/-/issues/386798 - return if report_data.dig('scan', 'scanner', 'vendor', 'name')&.downcase == 'gitlab' - return if report_data.dig('scan', 'analyzer', 'vendor', 'name')&.downcase == 'gitlab' - DEPRECATED_VERSIONS[report_type].include?(report_version) end diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.0/container-scanning-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.0.0/container-scanning-report-format.json deleted file mode 100644 index 14eb376485f..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.0/container-scanning-report-format.json +++ /dev/null @@ -1,741 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab Container Scanning", - "description": "This schema provides the the report format for Container Scanning (https://docs.gitlab.com/ee/user/application_security/container_scanning).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.0.0" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "type": "object", - "description": "The vendor/maintainer of the scanner.", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "container_scanning" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability.", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "location": { - "type": "object", - "description": "Identifies the vulnerability's location.", - "required": [ - "dependency", - "operating_system", - "image" - ], - "properties": { - "dependency": { - "type": "object", - "description": "Describes the dependency of a project where the vulnerability is located.", - "properties": { - "package": { - "type": "object", - "description": "Provides information on the package where the vulnerability is located.", - "properties": { - "name": { - "type": "string", - "description": "Name of the package where the vulnerability is located." - } - } - }, - "version": { - "type": "string", - "description": "Version of the vulnerable package." - }, - "iid": { - "description": "ID that identifies the dependency in the scope of a dependency file.", - "type": "number" - }, - "direct": { - "type": "boolean", - "description": "Tells whether this is a direct, top-level dependency of the scanned project." - }, - "dependency_path": { - "type": "array", - "description": "Ancestors of the dependency, starting from a direct project dependency, and ending with an immediate parent of the dependency. The dependency itself is excluded from the path. Direct dependencies have no path.", - "items": { - "type": "object", - "required": [ - "iid" - ], - "properties": { - "iid": { - "type": "number", - "description": "ID that is unique in the scope of a parent object, and specific to the resource type." - } - } - } - } - } - }, - "operating_system": { - "type": "string", - "minLength": 1, - "description": "The operating system that contains the vulnerable package." - }, - "image": { - "type": "string", - "minLength": 1, - "description": "The analyzed Docker image." - } - } - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.0/coverage-fuzzing-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.0.0/coverage-fuzzing-report-format.json deleted file mode 100644 index 296a895c7cb..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.0/coverage-fuzzing-report-format.json +++ /dev/null @@ -1,711 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab Fuzz Testing", - "description": "This schema provides the report format for Coverage Guided Fuzz Testing (https://docs.gitlab.com/ee/user/application_security/coverage_fuzzing).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.0.0" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "type": "object", - "description": "The vendor/maintainer of the scanner.", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "coverage_fuzzing" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability.", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "location": { - "description": "The location of the error", - "type": "object", - "properties": { - "crash_address": { - "type": "string", - "description": "The relative address in memory were the crash occurred.", - "examples": [ - "0xabababab" - ] - }, - "stacktrace_snippet": { - "type": "string", - "description": "The stack trace recorded during fuzzing resulting the crash.", - "examples": [ - "func_a+0xabcd\nfunc_b+0xabcc" - ] - }, - "crash_state": { - "type": "string", - "description": "Minimised and normalized crash stack-trace (called crash_state).", - "examples": [ - "func_a+0xa\nfunc_b+0xb\nfunc_c+0xc" - ] - }, - "crash_type": { - "type": "string", - "description": "Type of the crash.", - "examples": [ - "Heap-Buffer-overflow", - "Division-by-zero" - ] - } - } - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.0/dast-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.0.0/dast-report-format.json deleted file mode 100644 index 4d3868be019..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.0/dast-report-format.json +++ /dev/null @@ -1,1128 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab DAST", - "description": "This schema provides the the report format for Dynamic Application Security Testing (https://docs.gitlab.com/ee/user/application_security/dast).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.0.0" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanned_resources", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "type": "object", - "description": "The vendor/maintainer of the scanner.", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "dast", - "api_fuzzing" - ] - }, - "scanned_resources": { - "type": "array", - "description": "The attack surface scanned by DAST.", - "items": { - "type": "object", - "required": [ - "method", - "url", - "type" - ], - "properties": { - "method": { - "type": "string", - "minLength": 1, - "description": "HTTP method of the scanned resource.", - "examples": [ - "GET", - "POST", - "HEAD" - ] - }, - "url": { - "type": "string", - "minLength": 1, - "description": "URL of the scanned resource.", - "examples": [ - "http://my.site.com/a-page" - ] - }, - "type": { - "type": "string", - "minLength": 1, - "description": "Type of the scanned resource, for DAST, this must be 'url'.", - "examples": [ - "url" - ] - } - } - } - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability.", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "evidence": { - "type": "object", - "properties": { - "source": { - "type": "object", - "description": "Source of evidence", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "Unique source identifier", - "examples": [ - "assert:LogAnalysis", - "assert:StatusCode" - ] - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Source display name", - "examples": [ - "Log Analysis", - "Status Code" - ] - }, - "url": { - "type": "string", - "description": "Link to additional information", - "examples": [ - "https://docs.gitlab.com/ee/development/integrations/secure.html" - ] - } - } - }, - "summary": { - "type": "string", - "description": "Human readable string containing evidence of the vulnerability.", - "examples": [ - "Credit card 4111111111111111 found", - "Server leaked information nginx/1.17.6" - ] - }, - "request": { - "type": "object", - "description": "An HTTP request.", - "required": [ - "headers", - "method", - "url" - ], - "properties": { - "headers": { - "type": "array", - "description": "HTTP headers present on the request.", - "items": { - "type": "object", - "required": [ - "name", - "value" - ], - "properties": { - "name": { - "type": "string", - "minLength": 1, - "description": "Name of the HTTP header.", - "examples": [ - "Accept", - "Content-Length", - "Content-Type" - ] - }, - "value": { - "type": "string", - "minLength": 1, - "description": "Value of the HTTP header.", - "examples": [ - "*/*", - "560", - "application/json; charset=utf-8" - ] - } - } - } - }, - "method": { - "type": "string", - "minLength": 1, - "description": "HTTP method used in the request.", - "examples": [ - "GET", - "POST" - ] - }, - "url": { - "type": "string", - "minLength": 1, - "description": "URL of the request.", - "examples": [ - "http://my.site.com/vulnerable-endpoint?show-credit-card" - ] - }, - "body": { - "type": "string", - "description": "Body of the request for display purposes. Body must be suitable for display (not binary), and truncated to a reasonable size.", - "examples": [ - "user=jsmith&first=%27&last=smith" - ] - } - } - }, - "response": { - "type": "object", - "description": "An HTTP response.", - "required": [ - "headers", - "reason_phrase", - "status_code" - ], - "properties": { - "headers": { - "type": "array", - "description": "HTTP headers present on the request.", - "items": { - "type": "object", - "required": [ - "name", - "value" - ], - "properties": { - "name": { - "type": "string", - "minLength": 1, - "description": "Name of the HTTP header.", - "examples": [ - "Accept", - "Content-Length", - "Content-Type" - ] - }, - "value": { - "type": "string", - "minLength": 1, - "description": "Value of the HTTP header.", - "examples": [ - "*/*", - "560", - "application/json; charset=utf-8" - ] - } - } - } - }, - "reason_phrase": { - "type": "string", - "description": "HTTP reason phrase of the response.", - "examples": [ - "OK", - "Internal Server Error" - ] - }, - "status_code": { - "type": "integer", - "description": "HTTP status code of the response.", - "examples": [ - 200, - 500 - ] - }, - "body": { - "type": "string", - "description": "Body of the response for display purposes. Body must be suitable for display (not binary), and truncated to a reasonable size.", - "examples": [ - "{\"user_id\": 2}" - ] - } - } - }, - "supporting_messages": { - "type": "array", - "description": "Array of supporting http messages.", - "items": { - "type": "object", - "description": "A supporting http message.", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "minLength": 1, - "description": "Message display name.", - "examples": [ - "Unmodified", - "Recorded" - ] - }, - "request": { - "type": "object", - "description": "An HTTP request.", - "required": [ - "headers", - "method", - "url" - ], - "properties": { - "headers": { - "type": "array", - "description": "HTTP headers present on the request.", - "items": { - "type": "object", - "required": [ - "name", - "value" - ], - "properties": { - "name": { - "type": "string", - "minLength": 1, - "description": "Name of the HTTP header.", - "examples": [ - "Accept", - "Content-Length", - "Content-Type" - ] - }, - "value": { - "type": "string", - "minLength": 1, - "description": "Value of the HTTP header.", - "examples": [ - "*/*", - "560", - "application/json; charset=utf-8" - ] - } - } - } - }, - "method": { - "type": "string", - "minLength": 1, - "description": "HTTP method used in the request.", - "examples": [ - "GET", - "POST" - ] - }, - "url": { - "type": "string", - "minLength": 1, - "description": "URL of the request.", - "examples": [ - "http://my.site.com/vulnerable-endpoint?show-credit-card" - ] - }, - "body": { - "type": "string", - "description": "Body of the request for display purposes. Body must be suitable for display (not binary), and truncated to a reasonable size.", - "examples": [ - "user=jsmith&first=%27&last=smith" - ] - } - } - }, - "response": { - "type": "object", - "description": "An HTTP response.", - "required": [ - "headers", - "reason_phrase", - "status_code" - ], - "properties": { - "headers": { - "type": "array", - "description": "HTTP headers present on the request.", - "items": { - "type": "object", - "required": [ - "name", - "value" - ], - "properties": { - "name": { - "type": "string", - "minLength": 1, - "description": "Name of the HTTP header.", - "examples": [ - "Accept", - "Content-Length", - "Content-Type" - ] - }, - "value": { - "type": "string", - "minLength": 1, - "description": "Value of the HTTP header.", - "examples": [ - "*/*", - "560", - "application/json; charset=utf-8" - ] - } - } - } - }, - "reason_phrase": { - "type": "string", - "description": "HTTP reason phrase of the response.", - "examples": [ - "OK", - "Internal Server Error" - ] - }, - "status_code": { - "type": "integer", - "description": "HTTP status code of the response.", - "examples": [ - 200, - 500 - ] - }, - "body": { - "type": "string", - "description": "Body of the response for display purposes. Body must be suitable for display (not binary), and truncated to a reasonable size.", - "examples": [ - "{\"user_id\": 2}" - ] - } - } - } - } - } - } - } - }, - "location": { - "type": "object", - "description": "Identifies the vulnerability's location.", - "properties": { - "hostname": { - "type": "string", - "description": "The protocol, domain, and port of the application where the vulnerability was found." - }, - "method": { - "type": "string", - "description": "The HTTP method that was used to request the URL where the vulnerability was found." - }, - "param": { - "type": "string", - "description": "A value provided by a vulnerability rule related to the found vulnerability. Examples include a header value, or a parameter used in a HTTP POST." - }, - "path": { - "type": "string", - "description": "The path of the URL where the vulnerability was found. Typically, this would start with a forward slash." - } - } - }, - "assets": { - "type": "array", - "description": "Array of build assets associated with vulnerability.", - "items": { - "type": "object", - "description": "Describes an asset associated with vulnerability.", - "required": [ - "type", - "name", - "url" - ], - "properties": { - "type": { - "type": "string", - "description": "The type of asset", - "enum": [ - "http_session", - "postman" - ] - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Display name for asset", - "examples": [ - "HTTP Messages", - "Postman Collection" - ] - }, - "url": { - "type": "string", - "minLength": 1, - "description": "Link to asset in build artifacts", - "examples": [ - "https://gitlab.com/gitlab-org/security-products/dast/-/jobs/626397001/artifacts/file//output/zap_session.data" - ] - } - } - } - }, - "discovered_at": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss.sss, representing when the vulnerability was discovered", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}\\.\\d{3}$", - "examples": [ - "2020-01-28T03:26:02.956" - ] - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.0/dependency-scanning-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.0.0/dependency-scanning-report-format.json deleted file mode 100644 index f0c1a90adcc..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.0/dependency-scanning-report-format.json +++ /dev/null @@ -1,805 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab Dependency Scanning", - "description": "This schema provides the the report format for Dependency Scanning analyzers (https://docs.gitlab.com/ee/user/application_security/dependency_scanning).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.0.0" - }, - "required": [ - "dependency_files", - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "type": "object", - "description": "The vendor/maintainer of the scanner.", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "dependency_scanning" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability.", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "location": { - "type": "object", - "description": "Identifies the vulnerability's location.", - "required": [ - "file", - "dependency" - ], - "properties": { - "file": { - "type": "string", - "minLength": 1, - "description": "Path to the manifest or lock file where the dependency is declared (such as yarn.lock)." - }, - "dependency": { - "type": "object", - "description": "Describes the dependency of a project where the vulnerability is located.", - "properties": { - "package": { - "type": "object", - "description": "Provides information on the package where the vulnerability is located.", - "properties": { - "name": { - "type": "string", - "description": "Name of the package where the vulnerability is located." - } - } - }, - "version": { - "type": "string", - "description": "Version of the vulnerable package." - }, - "iid": { - "description": "ID that identifies the dependency in the scope of a dependency file.", - "type": "number" - }, - "direct": { - "type": "boolean", - "description": "Tells whether this is a direct, top-level dependency of the scanned project." - }, - "dependency_path": { - "type": "array", - "description": "Ancestors of the dependency, starting from a direct project dependency, and ending with an immediate parent of the dependency. The dependency itself is excluded from the path. Direct dependencies have no path.", - "items": { - "type": "object", - "required": [ - "iid" - ], - "properties": { - "iid": { - "type": "number", - "description": "ID that is unique in the scope of a parent object, and specific to the resource type." - } - } - } - } - } - } - } - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - }, - "dependency_files": { - "type": "array", - "description": "List of dependency files identified in the project.", - "items": { - "type": "object", - "required": [ - "path", - "package_manager", - "dependencies" - ], - "properties": { - "path": { - "type": "string", - "minLength": 1 - }, - "package_manager": { - "type": "string", - "minLength": 1 - }, - "dependencies": { - "type": "array", - "items": { - "type": "object", - "description": "Describes the dependency of a project where the vulnerability is located.", - "properties": { - "package": { - "type": "object", - "description": "Provides information on the package where the vulnerability is located.", - "properties": { - "name": { - "type": "string", - "description": "Name of the package where the vulnerability is located." - } - } - }, - "version": { - "type": "string", - "description": "Version of the vulnerable package." - }, - "iid": { - "description": "ID that identifies the dependency in the scope of a dependency file.", - "type": "number" - }, - "direct": { - "type": "boolean", - "description": "Tells whether this is a direct, top-level dependency of the scanned project." - }, - "dependency_path": { - "type": "array", - "description": "Ancestors of the dependency, starting from a direct project dependency, and ending with an immediate parent of the dependency. The dependency itself is excluded from the path. Direct dependencies have no path.", - "items": { - "type": "object", - "required": [ - "iid" - ], - "properties": { - "iid": { - "type": "number", - "description": "ID that is unique in the scope of a parent object, and specific to the resource type." - } - } - } - } - } - } - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.0/sast-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.0.0/sast-report-format.json deleted file mode 100644 index a7159be0190..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.0/sast-report-format.json +++ /dev/null @@ -1,706 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab SAST", - "description": "This schema provides the report format for Static Application Security Testing analyzers (https://docs.gitlab.com/ee/user/application_security/sast).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.0.0" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "type": "object", - "description": "The vendor/maintainer of the scanner.", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "sast" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability.", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "location": { - "type": "object", - "description": "Identifies the vulnerability's location.", - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the code affected by the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the code affected by the vulnerability." - }, - "class": { - "type": "string", - "description": "Provides the name of the class where the vulnerability is located." - }, - "method": { - "type": "string", - "description": "Provides the name of the method where the vulnerability is located." - } - } - }, - "raw_source_code_extract": { - "type": "string", - "description": "Provides an unsanitized excerpt of the affected source code." - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.0/secret-detection-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.0.0/secret-detection-report-format.json deleted file mode 100644 index 462e23a151c..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.0/secret-detection-report-format.json +++ /dev/null @@ -1,729 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab Secret Detection", - "description": "This schema provides the the report format for the Secret Detection analyzer (https://docs.gitlab.com/ee/user/application_security/secret_detection)", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.0.0" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "type": "object", - "description": "The vendor/maintainer of the scanner.", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "secret_detection" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability.", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "location": { - "required": [ - "commit" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located" - }, - "commit": { - "type": "object", - "description": "Represents the commit in which the vulnerability was detected", - "required": [ - "sha" - ], - "properties": { - "author": { - "type": "string" - }, - "date": { - "type": "string" - }, - "message": { - "type": "string" - }, - "sha": { - "type": "string", - "minLength": 1 - } - } - }, - "start_line": { - "type": "number", - "description": "The first line of the code affected by the vulnerability" - }, - "end_line": { - "type": "number", - "description": "The last line of the code affected by the vulnerability" - }, - "class": { - "type": "string", - "description": "Provides the name of the class where the vulnerability is located" - }, - "method": { - "type": "string", - "description": "Provides the name of the method where the vulnerability is located" - } - } - }, - "raw_source_code_extract": { - "type": "string", - "description": "Provides an unsanitized excerpt of the affected source code." - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.1/container-scanning-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.0.1/container-scanning-report-format.json deleted file mode 100644 index d01e7818866..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.1/container-scanning-report-format.json +++ /dev/null @@ -1,809 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab Container Scanning", - "description": "This schema provides the the report format for Container Scanning (https://docs.gitlab.com/ee/user/application_security/container_scanning).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.0.1" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "type": "object", - "description": "The vendor/maintainer of the scanner.", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "container_scanning" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability.", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "location": { - "type": "object", - "description": "Identifies the vulnerability's location.", - "required": [ - "dependency", - "operating_system", - "image" - ], - "properties": { - "dependency": { - "type": "object", - "description": "Describes the dependency of a project where the vulnerability is located.", - "properties": { - "package": { - "type": "object", - "description": "Provides information on the package where the vulnerability is located.", - "properties": { - "name": { - "type": "string", - "description": "Name of the package where the vulnerability is located." - } - } - }, - "version": { - "type": "string", - "description": "Version of the vulnerable package." - }, - "iid": { - "description": "ID that identifies the dependency in the scope of a dependency file.", - "type": "number" - }, - "direct": { - "type": "boolean", - "description": "Tells whether this is a direct, top-level dependency of the scanned project." - }, - "dependency_path": { - "type": "array", - "description": "Ancestors of the dependency, starting from a direct project dependency, and ending with an immediate parent of the dependency. The dependency itself is excluded from the path. Direct dependencies have no path.", - "items": { - "type": "object", - "required": [ - "iid" - ], - "properties": { - "iid": { - "type": "number", - "description": "ID that is unique in the scope of a parent object, and specific to the resource type." - } - } - } - } - } - }, - "operating_system": { - "type": "string", - "minLength": 1, - "description": "The operating system that contains the vulnerable package." - }, - "image": { - "type": "string", - "minLength": 1, - "description": "The analyzed Docker image." - } - } - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.1/coverage-fuzzing-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.0.1/coverage-fuzzing-report-format.json deleted file mode 100644 index d496b62ee7f..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.1/coverage-fuzzing-report-format.json +++ /dev/null @@ -1,779 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab Fuzz Testing", - "description": "This schema provides the report format for Coverage Guided Fuzz Testing (https://docs.gitlab.com/ee/user/application_security/coverage_fuzzing).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.0.1" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "type": "object", - "description": "The vendor/maintainer of the scanner.", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "coverage_fuzzing" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability.", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "location": { - "description": "The location of the error", - "type": "object", - "properties": { - "crash_address": { - "type": "string", - "description": "The relative address in memory were the crash occurred.", - "examples": [ - "0xabababab" - ] - }, - "stacktrace_snippet": { - "type": "string", - "description": "The stack trace recorded during fuzzing resulting the crash.", - "examples": [ - "func_a+0xabcd\nfunc_b+0xabcc" - ] - }, - "crash_state": { - "type": "string", - "description": "Minimised and normalized crash stack-trace (called crash_state).", - "examples": [ - "func_a+0xa\nfunc_b+0xb\nfunc_c+0xc" - ] - }, - "crash_type": { - "type": "string", - "description": "Type of the crash.", - "examples": [ - "Heap-Buffer-overflow", - "Division-by-zero" - ] - } - } - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.1/dast-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.0.1/dast-report-format.json deleted file mode 100644 index a4d59f39a15..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.1/dast-report-format.json +++ /dev/null @@ -1,1196 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab DAST", - "description": "This schema provides the the report format for Dynamic Application Security Testing (https://docs.gitlab.com/ee/user/application_security/dast).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.0.1" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanned_resources", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "type": "object", - "description": "The vendor/maintainer of the scanner.", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "dast", - "api_fuzzing" - ] - }, - "scanned_resources": { - "type": "array", - "description": "The attack surface scanned by DAST.", - "items": { - "type": "object", - "required": [ - "method", - "url", - "type" - ], - "properties": { - "method": { - "type": "string", - "minLength": 1, - "description": "HTTP method of the scanned resource.", - "examples": [ - "GET", - "POST", - "HEAD" - ] - }, - "url": { - "type": "string", - "minLength": 1, - "description": "URL of the scanned resource.", - "examples": [ - "http://my.site.com/a-page" - ] - }, - "type": { - "type": "string", - "minLength": 1, - "description": "Type of the scanned resource, for DAST, this must be 'url'.", - "examples": [ - "url" - ] - } - } - } - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability.", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "evidence": { - "type": "object", - "properties": { - "source": { - "type": "object", - "description": "Source of evidence", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "Unique source identifier", - "examples": [ - "assert:LogAnalysis", - "assert:StatusCode" - ] - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Source display name", - "examples": [ - "Log Analysis", - "Status Code" - ] - }, - "url": { - "type": "string", - "description": "Link to additional information", - "examples": [ - "https://docs.gitlab.com/ee/development/integrations/secure.html" - ] - } - } - }, - "summary": { - "type": "string", - "description": "Human readable string containing evidence of the vulnerability.", - "examples": [ - "Credit card 4111111111111111 found", - "Server leaked information nginx/1.17.6" - ] - }, - "request": { - "type": "object", - "description": "An HTTP request.", - "required": [ - "headers", - "method", - "url" - ], - "properties": { - "headers": { - "type": "array", - "description": "HTTP headers present on the request.", - "items": { - "type": "object", - "required": [ - "name", - "value" - ], - "properties": { - "name": { - "type": "string", - "minLength": 1, - "description": "Name of the HTTP header.", - "examples": [ - "Accept", - "Content-Length", - "Content-Type" - ] - }, - "value": { - "type": "string", - "minLength": 1, - "description": "Value of the HTTP header.", - "examples": [ - "*/*", - "560", - "application/json; charset=utf-8" - ] - } - } - } - }, - "method": { - "type": "string", - "minLength": 1, - "description": "HTTP method used in the request.", - "examples": [ - "GET", - "POST" - ] - }, - "url": { - "type": "string", - "minLength": 1, - "description": "URL of the request.", - "examples": [ - "http://my.site.com/vulnerable-endpoint?show-credit-card" - ] - }, - "body": { - "type": "string", - "description": "Body of the request for display purposes. Body must be suitable for display (not binary), and truncated to a reasonable size.", - "examples": [ - "user=jsmith&first=%27&last=smith" - ] - } - } - }, - "response": { - "type": "object", - "description": "An HTTP response.", - "required": [ - "headers", - "reason_phrase", - "status_code" - ], - "properties": { - "headers": { - "type": "array", - "description": "HTTP headers present on the request.", - "items": { - "type": "object", - "required": [ - "name", - "value" - ], - "properties": { - "name": { - "type": "string", - "minLength": 1, - "description": "Name of the HTTP header.", - "examples": [ - "Accept", - "Content-Length", - "Content-Type" - ] - }, - "value": { - "type": "string", - "minLength": 1, - "description": "Value of the HTTP header.", - "examples": [ - "*/*", - "560", - "application/json; charset=utf-8" - ] - } - } - } - }, - "reason_phrase": { - "type": "string", - "description": "HTTP reason phrase of the response.", - "examples": [ - "OK", - "Internal Server Error" - ] - }, - "status_code": { - "type": "integer", - "description": "HTTP status code of the response.", - "examples": [ - 200, - 500 - ] - }, - "body": { - "type": "string", - "description": "Body of the response for display purposes. Body must be suitable for display (not binary), and truncated to a reasonable size.", - "examples": [ - "{\"user_id\": 2}" - ] - } - } - }, - "supporting_messages": { - "type": "array", - "description": "Array of supporting http messages.", - "items": { - "type": "object", - "description": "A supporting http message.", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "minLength": 1, - "description": "Message display name.", - "examples": [ - "Unmodified", - "Recorded" - ] - }, - "request": { - "type": "object", - "description": "An HTTP request.", - "required": [ - "headers", - "method", - "url" - ], - "properties": { - "headers": { - "type": "array", - "description": "HTTP headers present on the request.", - "items": { - "type": "object", - "required": [ - "name", - "value" - ], - "properties": { - "name": { - "type": "string", - "minLength": 1, - "description": "Name of the HTTP header.", - "examples": [ - "Accept", - "Content-Length", - "Content-Type" - ] - }, - "value": { - "type": "string", - "minLength": 1, - "description": "Value of the HTTP header.", - "examples": [ - "*/*", - "560", - "application/json; charset=utf-8" - ] - } - } - } - }, - "method": { - "type": "string", - "minLength": 1, - "description": "HTTP method used in the request.", - "examples": [ - "GET", - "POST" - ] - }, - "url": { - "type": "string", - "minLength": 1, - "description": "URL of the request.", - "examples": [ - "http://my.site.com/vulnerable-endpoint?show-credit-card" - ] - }, - "body": { - "type": "string", - "description": "Body of the request for display purposes. Body must be suitable for display (not binary), and truncated to a reasonable size.", - "examples": [ - "user=jsmith&first=%27&last=smith" - ] - } - } - }, - "response": { - "type": "object", - "description": "An HTTP response.", - "required": [ - "headers", - "reason_phrase", - "status_code" - ], - "properties": { - "headers": { - "type": "array", - "description": "HTTP headers present on the request.", - "items": { - "type": "object", - "required": [ - "name", - "value" - ], - "properties": { - "name": { - "type": "string", - "minLength": 1, - "description": "Name of the HTTP header.", - "examples": [ - "Accept", - "Content-Length", - "Content-Type" - ] - }, - "value": { - "type": "string", - "minLength": 1, - "description": "Value of the HTTP header.", - "examples": [ - "*/*", - "560", - "application/json; charset=utf-8" - ] - } - } - } - }, - "reason_phrase": { - "type": "string", - "description": "HTTP reason phrase of the response.", - "examples": [ - "OK", - "Internal Server Error" - ] - }, - "status_code": { - "type": "integer", - "description": "HTTP status code of the response.", - "examples": [ - 200, - 500 - ] - }, - "body": { - "type": "string", - "description": "Body of the response for display purposes. Body must be suitable for display (not binary), and truncated to a reasonable size.", - "examples": [ - "{\"user_id\": 2}" - ] - } - } - } - } - } - } - } - }, - "location": { - "type": "object", - "description": "Identifies the vulnerability's location.", - "properties": { - "hostname": { - "type": "string", - "description": "The protocol, domain, and port of the application where the vulnerability was found." - }, - "method": { - "type": "string", - "description": "The HTTP method that was used to request the URL where the vulnerability was found." - }, - "param": { - "type": "string", - "description": "A value provided by a vulnerability rule related to the found vulnerability. Examples include a header value, or a parameter used in a HTTP POST." - }, - "path": { - "type": "string", - "description": "The path of the URL where the vulnerability was found. Typically, this would start with a forward slash." - } - } - }, - "assets": { - "type": "array", - "description": "Array of build assets associated with vulnerability.", - "items": { - "type": "object", - "description": "Describes an asset associated with vulnerability.", - "required": [ - "type", - "name", - "url" - ], - "properties": { - "type": { - "type": "string", - "description": "The type of asset", - "enum": [ - "http_session", - "postman" - ] - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Display name for asset", - "examples": [ - "HTTP Messages", - "Postman Collection" - ] - }, - "url": { - "type": "string", - "minLength": 1, - "description": "Link to asset in build artifacts", - "examples": [ - "https://gitlab.com/gitlab-org/security-products/dast/-/jobs/626397001/artifacts/file//output/zap_session.data" - ] - } - } - } - }, - "discovered_at": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss.sss, representing when the vulnerability was discovered", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}\\.\\d{3}$", - "examples": [ - "2020-01-28T03:26:02.956" - ] - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.1/dependency-scanning-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.0.1/dependency-scanning-report-format.json deleted file mode 100644 index c83d5195be4..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.1/dependency-scanning-report-format.json +++ /dev/null @@ -1,873 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab Dependency Scanning", - "description": "This schema provides the the report format for Dependency Scanning analyzers (https://docs.gitlab.com/ee/user/application_security/dependency_scanning).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.0.1" - }, - "required": [ - "dependency_files", - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "type": "object", - "description": "The vendor/maintainer of the scanner.", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "dependency_scanning" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability.", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "location": { - "type": "object", - "description": "Identifies the vulnerability's location.", - "required": [ - "file", - "dependency" - ], - "properties": { - "file": { - "type": "string", - "minLength": 1, - "description": "Path to the manifest or lock file where the dependency is declared (such as yarn.lock)." - }, - "dependency": { - "type": "object", - "description": "Describes the dependency of a project where the vulnerability is located.", - "properties": { - "package": { - "type": "object", - "description": "Provides information on the package where the vulnerability is located.", - "properties": { - "name": { - "type": "string", - "description": "Name of the package where the vulnerability is located." - } - } - }, - "version": { - "type": "string", - "description": "Version of the vulnerable package." - }, - "iid": { - "description": "ID that identifies the dependency in the scope of a dependency file.", - "type": "number" - }, - "direct": { - "type": "boolean", - "description": "Tells whether this is a direct, top-level dependency of the scanned project." - }, - "dependency_path": { - "type": "array", - "description": "Ancestors of the dependency, starting from a direct project dependency, and ending with an immediate parent of the dependency. The dependency itself is excluded from the path. Direct dependencies have no path.", - "items": { - "type": "object", - "required": [ - "iid" - ], - "properties": { - "iid": { - "type": "number", - "description": "ID that is unique in the scope of a parent object, and specific to the resource type." - } - } - } - } - } - } - } - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - }, - "dependency_files": { - "type": "array", - "description": "List of dependency files identified in the project.", - "items": { - "type": "object", - "required": [ - "path", - "package_manager", - "dependencies" - ], - "properties": { - "path": { - "type": "string", - "minLength": 1 - }, - "package_manager": { - "type": "string", - "minLength": 1 - }, - "dependencies": { - "type": "array", - "items": { - "type": "object", - "description": "Describes the dependency of a project where the vulnerability is located.", - "properties": { - "package": { - "type": "object", - "description": "Provides information on the package where the vulnerability is located.", - "properties": { - "name": { - "type": "string", - "description": "Name of the package where the vulnerability is located." - } - } - }, - "version": { - "type": "string", - "description": "Version of the vulnerable package." - }, - "iid": { - "description": "ID that identifies the dependency in the scope of a dependency file.", - "type": "number" - }, - "direct": { - "type": "boolean", - "description": "Tells whether this is a direct, top-level dependency of the scanned project." - }, - "dependency_path": { - "type": "array", - "description": "Ancestors of the dependency, starting from a direct project dependency, and ending with an immediate parent of the dependency. The dependency itself is excluded from the path. Direct dependencies have no path.", - "items": { - "type": "object", - "required": [ - "iid" - ], - "properties": { - "iid": { - "type": "number", - "description": "ID that is unique in the scope of a parent object, and specific to the resource type." - } - } - } - } - } - } - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.1/sast-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.0.1/sast-report-format.json deleted file mode 100644 index 7c2cd2b78cf..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.1/sast-report-format.json +++ /dev/null @@ -1,774 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab SAST", - "description": "This schema provides the report format for Static Application Security Testing analyzers (https://docs.gitlab.com/ee/user/application_security/sast).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.0.1" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "type": "object", - "description": "The vendor/maintainer of the scanner.", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "sast" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability.", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "location": { - "type": "object", - "description": "Identifies the vulnerability's location.", - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the code affected by the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the code affected by the vulnerability." - }, - "class": { - "type": "string", - "description": "Provides the name of the class where the vulnerability is located." - }, - "method": { - "type": "string", - "description": "Provides the name of the method where the vulnerability is located." - } - } - }, - "raw_source_code_extract": { - "type": "string", - "description": "Provides an unsanitized excerpt of the affected source code." - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.1/secret-detection-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.0.1/secret-detection-report-format.json deleted file mode 100644 index b4449d0d59c..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.1/secret-detection-report-format.json +++ /dev/null @@ -1,797 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab Secret Detection", - "description": "This schema provides the the report format for the Secret Detection analyzer (https://docs.gitlab.com/ee/user/application_security/secret_detection)", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.0.1" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "type": "object", - "description": "The vendor/maintainer of the scanner.", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "secret_detection" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability.", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "location": { - "required": [ - "commit" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located" - }, - "commit": { - "type": "object", - "description": "Represents the commit in which the vulnerability was detected", - "required": [ - "sha" - ], - "properties": { - "author": { - "type": "string" - }, - "date": { - "type": "string" - }, - "message": { - "type": "string" - }, - "sha": { - "type": "string", - "minLength": 1 - } - } - }, - "start_line": { - "type": "number", - "description": "The first line of the code affected by the vulnerability" - }, - "end_line": { - "type": "number", - "description": "The last line of the code affected by the vulnerability" - }, - "class": { - "type": "string", - "description": "Provides the name of the class where the vulnerability is located" - }, - "method": { - "type": "string", - "description": "Provides the name of the method where the vulnerability is located" - } - } - }, - "raw_source_code_extract": { - "type": "string", - "description": "Provides an unsanitized excerpt of the affected source code." - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.2/container-scanning-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.0.2/container-scanning-report-format.json deleted file mode 100644 index 696fa214abd..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.2/container-scanning-report-format.json +++ /dev/null @@ -1,871 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab Container Scanning", - "description": "This schema provides the the report format for Container Scanning (https://docs.gitlab.com/ee/user/application_security/container_scanning).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.0.2" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "container_scanning" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability.", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "location": { - "type": "object", - "description": "Identifies the vulnerability's location.", - "required": [ - "dependency", - "operating_system", - "image" - ], - "properties": { - "dependency": { - "type": "object", - "description": "Describes the dependency of a project where the vulnerability is located.", - "properties": { - "package": { - "type": "object", - "description": "Provides information on the package where the vulnerability is located.", - "properties": { - "name": { - "type": "string", - "description": "Name of the package where the vulnerability is located." - } - } - }, - "version": { - "type": "string", - "description": "Version of the vulnerable package." - }, - "iid": { - "description": "ID that identifies the dependency in the scope of a dependency file.", - "type": "number" - }, - "direct": { - "type": "boolean", - "description": "Tells whether this is a direct, top-level dependency of the scanned project." - }, - "dependency_path": { - "type": "array", - "description": "Ancestors of the dependency, starting from a direct project dependency, and ending with an immediate parent of the dependency. The dependency itself is excluded from the path. Direct dependencies have no path.", - "items": { - "type": "object", - "required": [ - "iid" - ], - "properties": { - "iid": { - "type": "number", - "description": "ID that is unique in the scope of a parent object, and specific to the resource type." - } - } - } - } - } - }, - "operating_system": { - "type": "string", - "minLength": 1, - "description": "The operating system that contains the vulnerable package." - }, - "image": { - "type": "string", - "minLength": 1, - "description": "The analyzed Docker image." - } - } - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.2/coverage-fuzzing-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.0.2/coverage-fuzzing-report-format.json deleted file mode 100644 index 1312696d642..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.2/coverage-fuzzing-report-format.json +++ /dev/null @@ -1,841 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab Fuzz Testing", - "description": "This schema provides the report format for Coverage Guided Fuzz Testing (https://docs.gitlab.com/ee/user/application_security/coverage_fuzzing).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.0.2" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "coverage_fuzzing" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability.", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "location": { - "description": "The location of the error", - "type": "object", - "properties": { - "crash_address": { - "type": "string", - "description": "The relative address in memory were the crash occurred.", - "examples": [ - "0xabababab" - ] - }, - "stacktrace_snippet": { - "type": "string", - "description": "The stack trace recorded during fuzzing resulting the crash.", - "examples": [ - "func_a+0xabcd\nfunc_b+0xabcc" - ] - }, - "crash_state": { - "type": "string", - "description": "Minimised and normalized crash stack-trace (called crash_state).", - "examples": [ - "func_a+0xa\nfunc_b+0xb\nfunc_c+0xc" - ] - }, - "crash_type": { - "type": "string", - "description": "Type of the crash.", - "examples": [ - "Heap-Buffer-overflow", - "Division-by-zero" - ] - } - } - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.2/dast-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.0.2/dast-report-format.json deleted file mode 100644 index a7e9f83e557..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.2/dast-report-format.json +++ /dev/null @@ -1,1258 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab DAST", - "description": "This schema provides the the report format for Dynamic Application Security Testing (https://docs.gitlab.com/ee/user/application_security/dast).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.0.2" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanned_resources", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "dast", - "api_fuzzing" - ] - }, - "scanned_resources": { - "type": "array", - "description": "The attack surface scanned by DAST.", - "items": { - "type": "object", - "required": [ - "method", - "url", - "type" - ], - "properties": { - "method": { - "type": "string", - "minLength": 1, - "description": "HTTP method of the scanned resource.", - "examples": [ - "GET", - "POST", - "HEAD" - ] - }, - "url": { - "type": "string", - "minLength": 1, - "description": "URL of the scanned resource.", - "examples": [ - "http://my.site.com/a-page" - ] - }, - "type": { - "type": "string", - "minLength": 1, - "description": "Type of the scanned resource, for DAST, this must be 'url'.", - "examples": [ - "url" - ] - } - } - } - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability.", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "evidence": { - "type": "object", - "properties": { - "source": { - "type": "object", - "description": "Source of evidence", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "Unique source identifier", - "examples": [ - "assert:LogAnalysis", - "assert:StatusCode" - ] - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Source display name", - "examples": [ - "Log Analysis", - "Status Code" - ] - }, - "url": { - "type": "string", - "description": "Link to additional information", - "examples": [ - "https://docs.gitlab.com/ee/development/integrations/secure.html" - ] - } - } - }, - "summary": { - "type": "string", - "description": "Human readable string containing evidence of the vulnerability.", - "examples": [ - "Credit card 4111111111111111 found", - "Server leaked information nginx/1.17.6" - ] - }, - "request": { - "type": "object", - "description": "An HTTP request.", - "required": [ - "headers", - "method", - "url" - ], - "properties": { - "headers": { - "type": "array", - "description": "HTTP headers present on the request.", - "items": { - "type": "object", - "required": [ - "name", - "value" - ], - "properties": { - "name": { - "type": "string", - "minLength": 1, - "description": "Name of the HTTP header.", - "examples": [ - "Accept", - "Content-Length", - "Content-Type" - ] - }, - "value": { - "type": "string", - "minLength": 1, - "description": "Value of the HTTP header.", - "examples": [ - "*/*", - "560", - "application/json; charset=utf-8" - ] - } - } - } - }, - "method": { - "type": "string", - "minLength": 1, - "description": "HTTP method used in the request.", - "examples": [ - "GET", - "POST" - ] - }, - "url": { - "type": "string", - "minLength": 1, - "description": "URL of the request.", - "examples": [ - "http://my.site.com/vulnerable-endpoint?show-credit-card" - ] - }, - "body": { - "type": "string", - "description": "Body of the request for display purposes. Body must be suitable for display (not binary), and truncated to a reasonable size.", - "examples": [ - "user=jsmith&first=%27&last=smith" - ] - } - } - }, - "response": { - "type": "object", - "description": "An HTTP response.", - "required": [ - "headers", - "reason_phrase", - "status_code" - ], - "properties": { - "headers": { - "type": "array", - "description": "HTTP headers present on the request.", - "items": { - "type": "object", - "required": [ - "name", - "value" - ], - "properties": { - "name": { - "type": "string", - "minLength": 1, - "description": "Name of the HTTP header.", - "examples": [ - "Accept", - "Content-Length", - "Content-Type" - ] - }, - "value": { - "type": "string", - "minLength": 1, - "description": "Value of the HTTP header.", - "examples": [ - "*/*", - "560", - "application/json; charset=utf-8" - ] - } - } - } - }, - "reason_phrase": { - "type": "string", - "description": "HTTP reason phrase of the response.", - "examples": [ - "OK", - "Internal Server Error" - ] - }, - "status_code": { - "type": "integer", - "description": "HTTP status code of the response.", - "examples": [ - 200, - 500 - ] - }, - "body": { - "type": "string", - "description": "Body of the response for display purposes. Body must be suitable for display (not binary), and truncated to a reasonable size.", - "examples": [ - "{\"user_id\": 2}" - ] - } - } - }, - "supporting_messages": { - "type": "array", - "description": "Array of supporting http messages.", - "items": { - "type": "object", - "description": "A supporting http message.", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "minLength": 1, - "description": "Message display name.", - "examples": [ - "Unmodified", - "Recorded" - ] - }, - "request": { - "type": "object", - "description": "An HTTP request.", - "required": [ - "headers", - "method", - "url" - ], - "properties": { - "headers": { - "type": "array", - "description": "HTTP headers present on the request.", - "items": { - "type": "object", - "required": [ - "name", - "value" - ], - "properties": { - "name": { - "type": "string", - "minLength": 1, - "description": "Name of the HTTP header.", - "examples": [ - "Accept", - "Content-Length", - "Content-Type" - ] - }, - "value": { - "type": "string", - "minLength": 1, - "description": "Value of the HTTP header.", - "examples": [ - "*/*", - "560", - "application/json; charset=utf-8" - ] - } - } - } - }, - "method": { - "type": "string", - "minLength": 1, - "description": "HTTP method used in the request.", - "examples": [ - "GET", - "POST" - ] - }, - "url": { - "type": "string", - "minLength": 1, - "description": "URL of the request.", - "examples": [ - "http://my.site.com/vulnerable-endpoint?show-credit-card" - ] - }, - "body": { - "type": "string", - "description": "Body of the request for display purposes. Body must be suitable for display (not binary), and truncated to a reasonable size.", - "examples": [ - "user=jsmith&first=%27&last=smith" - ] - } - } - }, - "response": { - "type": "object", - "description": "An HTTP response.", - "required": [ - "headers", - "reason_phrase", - "status_code" - ], - "properties": { - "headers": { - "type": "array", - "description": "HTTP headers present on the request.", - "items": { - "type": "object", - "required": [ - "name", - "value" - ], - "properties": { - "name": { - "type": "string", - "minLength": 1, - "description": "Name of the HTTP header.", - "examples": [ - "Accept", - "Content-Length", - "Content-Type" - ] - }, - "value": { - "type": "string", - "minLength": 1, - "description": "Value of the HTTP header.", - "examples": [ - "*/*", - "560", - "application/json; charset=utf-8" - ] - } - } - } - }, - "reason_phrase": { - "type": "string", - "description": "HTTP reason phrase of the response.", - "examples": [ - "OK", - "Internal Server Error" - ] - }, - "status_code": { - "type": "integer", - "description": "HTTP status code of the response.", - "examples": [ - 200, - 500 - ] - }, - "body": { - "type": "string", - "description": "Body of the response for display purposes. Body must be suitable for display (not binary), and truncated to a reasonable size.", - "examples": [ - "{\"user_id\": 2}" - ] - } - } - } - } - } - } - } - }, - "location": { - "type": "object", - "description": "Identifies the vulnerability's location.", - "properties": { - "hostname": { - "type": "string", - "description": "The protocol, domain, and port of the application where the vulnerability was found." - }, - "method": { - "type": "string", - "description": "The HTTP method that was used to request the URL where the vulnerability was found." - }, - "param": { - "type": "string", - "description": "A value provided by a vulnerability rule related to the found vulnerability. Examples include a header value, or a parameter used in a HTTP POST." - }, - "path": { - "type": "string", - "description": "The path of the URL where the vulnerability was found. Typically, this would start with a forward slash." - } - } - }, - "assets": { - "type": "array", - "description": "Array of build assets associated with vulnerability.", - "items": { - "type": "object", - "description": "Describes an asset associated with vulnerability.", - "required": [ - "type", - "name", - "url" - ], - "properties": { - "type": { - "type": "string", - "description": "The type of asset", - "enum": [ - "http_session", - "postman" - ] - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Display name for asset", - "examples": [ - "HTTP Messages", - "Postman Collection" - ] - }, - "url": { - "type": "string", - "minLength": 1, - "description": "Link to asset in build artifacts", - "examples": [ - "https://gitlab.com/gitlab-org/security-products/dast/-/jobs/626397001/artifacts/file//output/zap_session.data" - ] - } - } - } - }, - "discovered_at": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss.sss, representing when the vulnerability was discovered", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}\\.\\d{3}$", - "examples": [ - "2020-01-28T03:26:02.956" - ] - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.2/dependency-scanning-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.0.2/dependency-scanning-report-format.json deleted file mode 100644 index d6ff5248358..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.2/dependency-scanning-report-format.json +++ /dev/null @@ -1,935 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab Dependency Scanning", - "description": "This schema provides the the report format for Dependency Scanning analyzers (https://docs.gitlab.com/ee/user/application_security/dependency_scanning).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.0.2" - }, - "required": [ - "dependency_files", - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "dependency_scanning" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability.", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "location": { - "type": "object", - "description": "Identifies the vulnerability's location.", - "required": [ - "file", - "dependency" - ], - "properties": { - "file": { - "type": "string", - "minLength": 1, - "description": "Path to the manifest or lock file where the dependency is declared (such as yarn.lock)." - }, - "dependency": { - "type": "object", - "description": "Describes the dependency of a project where the vulnerability is located.", - "properties": { - "package": { - "type": "object", - "description": "Provides information on the package where the vulnerability is located.", - "properties": { - "name": { - "type": "string", - "description": "Name of the package where the vulnerability is located." - } - } - }, - "version": { - "type": "string", - "description": "Version of the vulnerable package." - }, - "iid": { - "description": "ID that identifies the dependency in the scope of a dependency file.", - "type": "number" - }, - "direct": { - "type": "boolean", - "description": "Tells whether this is a direct, top-level dependency of the scanned project." - }, - "dependency_path": { - "type": "array", - "description": "Ancestors of the dependency, starting from a direct project dependency, and ending with an immediate parent of the dependency. The dependency itself is excluded from the path. Direct dependencies have no path.", - "items": { - "type": "object", - "required": [ - "iid" - ], - "properties": { - "iid": { - "type": "number", - "description": "ID that is unique in the scope of a parent object, and specific to the resource type." - } - } - } - } - } - } - } - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - }, - "dependency_files": { - "type": "array", - "description": "List of dependency files identified in the project.", - "items": { - "type": "object", - "required": [ - "path", - "package_manager", - "dependencies" - ], - "properties": { - "path": { - "type": "string", - "minLength": 1 - }, - "package_manager": { - "type": "string", - "minLength": 1 - }, - "dependencies": { - "type": "array", - "items": { - "type": "object", - "description": "Describes the dependency of a project where the vulnerability is located.", - "properties": { - "package": { - "type": "object", - "description": "Provides information on the package where the vulnerability is located.", - "properties": { - "name": { - "type": "string", - "description": "Name of the package where the vulnerability is located." - } - } - }, - "version": { - "type": "string", - "description": "Version of the vulnerable package." - }, - "iid": { - "description": "ID that identifies the dependency in the scope of a dependency file.", - "type": "number" - }, - "direct": { - "type": "boolean", - "description": "Tells whether this is a direct, top-level dependency of the scanned project." - }, - "dependency_path": { - "type": "array", - "description": "Ancestors of the dependency, starting from a direct project dependency, and ending with an immediate parent of the dependency. The dependency itself is excluded from the path. Direct dependencies have no path.", - "items": { - "type": "object", - "required": [ - "iid" - ], - "properties": { - "iid": { - "type": "number", - "description": "ID that is unique in the scope of a parent object, and specific to the resource type." - } - } - } - } - } - } - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.2/sast-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.0.2/sast-report-format.json deleted file mode 100644 index 2be6801d2f6..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.2/sast-report-format.json +++ /dev/null @@ -1,836 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab SAST", - "description": "This schema provides the report format for Static Application Security Testing analyzers (https://docs.gitlab.com/ee/user/application_security/sast).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.0.2" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "sast" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability.", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "location": { - "type": "object", - "description": "Identifies the vulnerability's location.", - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the code affected by the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the code affected by the vulnerability." - }, - "class": { - "type": "string", - "description": "Provides the name of the class where the vulnerability is located." - }, - "method": { - "type": "string", - "description": "Provides the name of the method where the vulnerability is located." - } - } - }, - "raw_source_code_extract": { - "type": "string", - "description": "Provides an unsanitized excerpt of the affected source code." - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.2/secret-detection-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.0.2/secret-detection-report-format.json deleted file mode 100644 index c44554489ce..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.2/secret-detection-report-format.json +++ /dev/null @@ -1,859 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab Secret Detection", - "description": "This schema provides the the report format for the Secret Detection analyzer (https://docs.gitlab.com/ee/user/application_security/secret_detection)", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.0.2" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "secret_detection" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability.", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "location": { - "required": [ - "commit" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located" - }, - "commit": { - "type": "object", - "description": "Represents the commit in which the vulnerability was detected", - "required": [ - "sha" - ], - "properties": { - "author": { - "type": "string" - }, - "date": { - "type": "string" - }, - "message": { - "type": "string" - }, - "sha": { - "type": "string", - "minLength": 1 - } - } - }, - "start_line": { - "type": "number", - "description": "The first line of the code affected by the vulnerability" - }, - "end_line": { - "type": "number", - "description": "The last line of the code affected by the vulnerability" - }, - "class": { - "type": "string", - "description": "Provides the name of the class where the vulnerability is located" - }, - "method": { - "type": "string", - "description": "Provides the name of the method where the vulnerability is located" - } - } - }, - "raw_source_code_extract": { - "type": "string", - "description": "Provides an unsanitized excerpt of the affected source code." - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.3/container-scanning-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.0.3/container-scanning-report-format.json deleted file mode 100644 index 959b7b8f6f2..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.3/container-scanning-report-format.json +++ /dev/null @@ -1,904 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab Container Scanning", - "description": "This schema provides the the report format for Container Scanning (https://docs.gitlab.com/ee/user/application_security/container_scanning).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.0.3" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "container_scanning" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability.", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "flags": { - "description": "Flags that can be attached to vulnerabilities.", - "type": "array", - "items": { - "type": "object", - "description": "Informational flags identified and assigned to a vulnerability.", - "required": [ - "type", - "origin", - "description" - ], - "properties": { - "type": { - "type": "string", - "minLength": 1, - "description": "Result of the scan.", - "enum": [ - "flagged-as-likely-false-positive" - ] - }, - "origin": { - "minLength": 1, - "description": "Tool that issued the flag.", - "type": "string" - }, - "description": { - "minLength": 1, - "description": "What the flag is about.", - "type": "string" - } - } - } - }, - "location": { - "type": "object", - "description": "Identifies the vulnerability's location.", - "required": [ - "dependency", - "operating_system", - "image" - ], - "properties": { - "dependency": { - "type": "object", - "description": "Describes the dependency of a project where the vulnerability is located.", - "properties": { - "package": { - "type": "object", - "description": "Provides information on the package where the vulnerability is located.", - "properties": { - "name": { - "type": "string", - "description": "Name of the package where the vulnerability is located." - } - } - }, - "version": { - "type": "string", - "description": "Version of the vulnerable package." - }, - "iid": { - "description": "ID that identifies the dependency in the scope of a dependency file.", - "type": "number" - }, - "direct": { - "type": "boolean", - "description": "Tells whether this is a direct, top-level dependency of the scanned project." - }, - "dependency_path": { - "type": "array", - "description": "Ancestors of the dependency, starting from a direct project dependency, and ending with an immediate parent of the dependency. The dependency itself is excluded from the path. Direct dependencies have no path.", - "items": { - "type": "object", - "required": [ - "iid" - ], - "properties": { - "iid": { - "type": "number", - "description": "ID that is unique in the scope of a parent object, and specific to the resource type." - } - } - } - } - } - }, - "operating_system": { - "type": "string", - "minLength": 1, - "description": "The operating system that contains the vulnerable package." - }, - "image": { - "type": "string", - "minLength": 1, - "description": "The analyzed Docker image." - } - } - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.3/coverage-fuzzing-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.0.3/coverage-fuzzing-report-format.json deleted file mode 100644 index 20038dcb21c..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.3/coverage-fuzzing-report-format.json +++ /dev/null @@ -1,874 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab Fuzz Testing", - "description": "This schema provides the report format for Coverage Guided Fuzz Testing (https://docs.gitlab.com/ee/user/application_security/coverage_fuzzing).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.0.3" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "coverage_fuzzing" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability.", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "flags": { - "description": "Flags that can be attached to vulnerabilities.", - "type": "array", - "items": { - "type": "object", - "description": "Informational flags identified and assigned to a vulnerability.", - "required": [ - "type", - "origin", - "description" - ], - "properties": { - "type": { - "type": "string", - "minLength": 1, - "description": "Result of the scan.", - "enum": [ - "flagged-as-likely-false-positive" - ] - }, - "origin": { - "minLength": 1, - "description": "Tool that issued the flag.", - "type": "string" - }, - "description": { - "minLength": 1, - "description": "What the flag is about.", - "type": "string" - } - } - } - }, - "location": { - "description": "The location of the error", - "type": "object", - "properties": { - "crash_address": { - "type": "string", - "description": "The relative address in memory were the crash occurred.", - "examples": [ - "0xabababab" - ] - }, - "stacktrace_snippet": { - "type": "string", - "description": "The stack trace recorded during fuzzing resulting the crash.", - "examples": [ - "func_a+0xabcd\nfunc_b+0xabcc" - ] - }, - "crash_state": { - "type": "string", - "description": "Minimised and normalized crash stack-trace (called crash_state).", - "examples": [ - "func_a+0xa\nfunc_b+0xb\nfunc_c+0xc" - ] - }, - "crash_type": { - "type": "string", - "description": "Type of the crash.", - "examples": [ - "Heap-Buffer-overflow", - "Division-by-zero" - ] - } - } - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.3/dast-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.0.3/dast-report-format.json deleted file mode 100644 index 37b98a73233..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.3/dast-report-format.json +++ /dev/null @@ -1,1291 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab DAST", - "description": "This schema provides the the report format for Dynamic Application Security Testing (https://docs.gitlab.com/ee/user/application_security/dast).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.0.3" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanned_resources", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "dast", - "api_fuzzing" - ] - }, - "scanned_resources": { - "type": "array", - "description": "The attack surface scanned by DAST.", - "items": { - "type": "object", - "required": [ - "method", - "url", - "type" - ], - "properties": { - "method": { - "type": "string", - "minLength": 1, - "description": "HTTP method of the scanned resource.", - "examples": [ - "GET", - "POST", - "HEAD" - ] - }, - "url": { - "type": "string", - "minLength": 1, - "description": "URL of the scanned resource.", - "examples": [ - "http://my.site.com/a-page" - ] - }, - "type": { - "type": "string", - "minLength": 1, - "description": "Type of the scanned resource, for DAST, this must be 'url'.", - "examples": [ - "url" - ] - } - } - } - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability.", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "flags": { - "description": "Flags that can be attached to vulnerabilities.", - "type": "array", - "items": { - "type": "object", - "description": "Informational flags identified and assigned to a vulnerability.", - "required": [ - "type", - "origin", - "description" - ], - "properties": { - "type": { - "type": "string", - "minLength": 1, - "description": "Result of the scan.", - "enum": [ - "flagged-as-likely-false-positive" - ] - }, - "origin": { - "minLength": 1, - "description": "Tool that issued the flag.", - "type": "string" - }, - "description": { - "minLength": 1, - "description": "What the flag is about.", - "type": "string" - } - } - } - }, - "evidence": { - "type": "object", - "properties": { - "source": { - "type": "object", - "description": "Source of evidence", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "Unique source identifier", - "examples": [ - "assert:LogAnalysis", - "assert:StatusCode" - ] - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Source display name", - "examples": [ - "Log Analysis", - "Status Code" - ] - }, - "url": { - "type": "string", - "description": "Link to additional information", - "examples": [ - "https://docs.gitlab.com/ee/development/integrations/secure.html" - ] - } - } - }, - "summary": { - "type": "string", - "description": "Human readable string containing evidence of the vulnerability.", - "examples": [ - "Credit card 4111111111111111 found", - "Server leaked information nginx/1.17.6" - ] - }, - "request": { - "type": "object", - "description": "An HTTP request.", - "required": [ - "headers", - "method", - "url" - ], - "properties": { - "headers": { - "type": "array", - "description": "HTTP headers present on the request.", - "items": { - "type": "object", - "required": [ - "name", - "value" - ], - "properties": { - "name": { - "type": "string", - "minLength": 1, - "description": "Name of the HTTP header.", - "examples": [ - "Accept", - "Content-Length", - "Content-Type" - ] - }, - "value": { - "type": "string", - "minLength": 1, - "description": "Value of the HTTP header.", - "examples": [ - "*/*", - "560", - "application/json; charset=utf-8" - ] - } - } - } - }, - "method": { - "type": "string", - "minLength": 1, - "description": "HTTP method used in the request.", - "examples": [ - "GET", - "POST" - ] - }, - "url": { - "type": "string", - "minLength": 1, - "description": "URL of the request.", - "examples": [ - "http://my.site.com/vulnerable-endpoint?show-credit-card" - ] - }, - "body": { - "type": "string", - "description": "Body of the request for display purposes. Body must be suitable for display (not binary), and truncated to a reasonable size.", - "examples": [ - "user=jsmith&first=%27&last=smith" - ] - } - } - }, - "response": { - "type": "object", - "description": "An HTTP response.", - "required": [ - "headers", - "reason_phrase", - "status_code" - ], - "properties": { - "headers": { - "type": "array", - "description": "HTTP headers present on the request.", - "items": { - "type": "object", - "required": [ - "name", - "value" - ], - "properties": { - "name": { - "type": "string", - "minLength": 1, - "description": "Name of the HTTP header.", - "examples": [ - "Accept", - "Content-Length", - "Content-Type" - ] - }, - "value": { - "type": "string", - "minLength": 1, - "description": "Value of the HTTP header.", - "examples": [ - "*/*", - "560", - "application/json; charset=utf-8" - ] - } - } - } - }, - "reason_phrase": { - "type": "string", - "description": "HTTP reason phrase of the response.", - "examples": [ - "OK", - "Internal Server Error" - ] - }, - "status_code": { - "type": "integer", - "description": "HTTP status code of the response.", - "examples": [ - 200, - 500 - ] - }, - "body": { - "type": "string", - "description": "Body of the response for display purposes. Body must be suitable for display (not binary), and truncated to a reasonable size.", - "examples": [ - "{\"user_id\": 2}" - ] - } - } - }, - "supporting_messages": { - "type": "array", - "description": "Array of supporting http messages.", - "items": { - "type": "object", - "description": "A supporting http message.", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "minLength": 1, - "description": "Message display name.", - "examples": [ - "Unmodified", - "Recorded" - ] - }, - "request": { - "type": "object", - "description": "An HTTP request.", - "required": [ - "headers", - "method", - "url" - ], - "properties": { - "headers": { - "type": "array", - "description": "HTTP headers present on the request.", - "items": { - "type": "object", - "required": [ - "name", - "value" - ], - "properties": { - "name": { - "type": "string", - "minLength": 1, - "description": "Name of the HTTP header.", - "examples": [ - "Accept", - "Content-Length", - "Content-Type" - ] - }, - "value": { - "type": "string", - "minLength": 1, - "description": "Value of the HTTP header.", - "examples": [ - "*/*", - "560", - "application/json; charset=utf-8" - ] - } - } - } - }, - "method": { - "type": "string", - "minLength": 1, - "description": "HTTP method used in the request.", - "examples": [ - "GET", - "POST" - ] - }, - "url": { - "type": "string", - "minLength": 1, - "description": "URL of the request.", - "examples": [ - "http://my.site.com/vulnerable-endpoint?show-credit-card" - ] - }, - "body": { - "type": "string", - "description": "Body of the request for display purposes. Body must be suitable for display (not binary), and truncated to a reasonable size.", - "examples": [ - "user=jsmith&first=%27&last=smith" - ] - } - } - }, - "response": { - "type": "object", - "description": "An HTTP response.", - "required": [ - "headers", - "reason_phrase", - "status_code" - ], - "properties": { - "headers": { - "type": "array", - "description": "HTTP headers present on the request.", - "items": { - "type": "object", - "required": [ - "name", - "value" - ], - "properties": { - "name": { - "type": "string", - "minLength": 1, - "description": "Name of the HTTP header.", - "examples": [ - "Accept", - "Content-Length", - "Content-Type" - ] - }, - "value": { - "type": "string", - "minLength": 1, - "description": "Value of the HTTP header.", - "examples": [ - "*/*", - "560", - "application/json; charset=utf-8" - ] - } - } - } - }, - "reason_phrase": { - "type": "string", - "description": "HTTP reason phrase of the response.", - "examples": [ - "OK", - "Internal Server Error" - ] - }, - "status_code": { - "type": "integer", - "description": "HTTP status code of the response.", - "examples": [ - 200, - 500 - ] - }, - "body": { - "type": "string", - "description": "Body of the response for display purposes. Body must be suitable for display (not binary), and truncated to a reasonable size.", - "examples": [ - "{\"user_id\": 2}" - ] - } - } - } - } - } - } - } - }, - "location": { - "type": "object", - "description": "Identifies the vulnerability's location.", - "properties": { - "hostname": { - "type": "string", - "description": "The protocol, domain, and port of the application where the vulnerability was found." - }, - "method": { - "type": "string", - "description": "The HTTP method that was used to request the URL where the vulnerability was found." - }, - "param": { - "type": "string", - "description": "A value provided by a vulnerability rule related to the found vulnerability. Examples include a header value, or a parameter used in a HTTP POST." - }, - "path": { - "type": "string", - "description": "The path of the URL where the vulnerability was found. Typically, this would start with a forward slash." - } - } - }, - "assets": { - "type": "array", - "description": "Array of build assets associated with vulnerability.", - "items": { - "type": "object", - "description": "Describes an asset associated with vulnerability.", - "required": [ - "type", - "name", - "url" - ], - "properties": { - "type": { - "type": "string", - "description": "The type of asset", - "enum": [ - "http_session", - "postman" - ] - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Display name for asset", - "examples": [ - "HTTP Messages", - "Postman Collection" - ] - }, - "url": { - "type": "string", - "minLength": 1, - "description": "Link to asset in build artifacts", - "examples": [ - "https://gitlab.com/gitlab-org/security-products/dast/-/jobs/626397001/artifacts/file//output/zap_session.data" - ] - } - } - } - }, - "discovered_at": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss.sss, representing when the vulnerability was discovered", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}\\.\\d{3}$", - "examples": [ - "2020-01-28T03:26:02.956" - ] - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.3/dependency-scanning-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.0.3/dependency-scanning-report-format.json deleted file mode 100644 index 5e9bbeec1a9..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.3/dependency-scanning-report-format.json +++ /dev/null @@ -1,968 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab Dependency Scanning", - "description": "This schema provides the the report format for Dependency Scanning analyzers (https://docs.gitlab.com/ee/user/application_security/dependency_scanning).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.0.3" - }, - "required": [ - "dependency_files", - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "dependency_scanning" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability.", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "flags": { - "description": "Flags that can be attached to vulnerabilities.", - "type": "array", - "items": { - "type": "object", - "description": "Informational flags identified and assigned to a vulnerability.", - "required": [ - "type", - "origin", - "description" - ], - "properties": { - "type": { - "type": "string", - "minLength": 1, - "description": "Result of the scan.", - "enum": [ - "flagged-as-likely-false-positive" - ] - }, - "origin": { - "minLength": 1, - "description": "Tool that issued the flag.", - "type": "string" - }, - "description": { - "minLength": 1, - "description": "What the flag is about.", - "type": "string" - } - } - } - }, - "location": { - "type": "object", - "description": "Identifies the vulnerability's location.", - "required": [ - "file", - "dependency" - ], - "properties": { - "file": { - "type": "string", - "minLength": 1, - "description": "Path to the manifest or lock file where the dependency is declared (such as yarn.lock)." - }, - "dependency": { - "type": "object", - "description": "Describes the dependency of a project where the vulnerability is located.", - "properties": { - "package": { - "type": "object", - "description": "Provides information on the package where the vulnerability is located.", - "properties": { - "name": { - "type": "string", - "description": "Name of the package where the vulnerability is located." - } - } - }, - "version": { - "type": "string", - "description": "Version of the vulnerable package." - }, - "iid": { - "description": "ID that identifies the dependency in the scope of a dependency file.", - "type": "number" - }, - "direct": { - "type": "boolean", - "description": "Tells whether this is a direct, top-level dependency of the scanned project." - }, - "dependency_path": { - "type": "array", - "description": "Ancestors of the dependency, starting from a direct project dependency, and ending with an immediate parent of the dependency. The dependency itself is excluded from the path. Direct dependencies have no path.", - "items": { - "type": "object", - "required": [ - "iid" - ], - "properties": { - "iid": { - "type": "number", - "description": "ID that is unique in the scope of a parent object, and specific to the resource type." - } - } - } - } - } - } - } - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - }, - "dependency_files": { - "type": "array", - "description": "List of dependency files identified in the project.", - "items": { - "type": "object", - "required": [ - "path", - "package_manager", - "dependencies" - ], - "properties": { - "path": { - "type": "string", - "minLength": 1 - }, - "package_manager": { - "type": "string", - "minLength": 1 - }, - "dependencies": { - "type": "array", - "items": { - "type": "object", - "description": "Describes the dependency of a project where the vulnerability is located.", - "properties": { - "package": { - "type": "object", - "description": "Provides information on the package where the vulnerability is located.", - "properties": { - "name": { - "type": "string", - "description": "Name of the package where the vulnerability is located." - } - } - }, - "version": { - "type": "string", - "description": "Version of the vulnerable package." - }, - "iid": { - "description": "ID that identifies the dependency in the scope of a dependency file.", - "type": "number" - }, - "direct": { - "type": "boolean", - "description": "Tells whether this is a direct, top-level dependency of the scanned project." - }, - "dependency_path": { - "type": "array", - "description": "Ancestors of the dependency, starting from a direct project dependency, and ending with an immediate parent of the dependency. The dependency itself is excluded from the path. Direct dependencies have no path.", - "items": { - "type": "object", - "required": [ - "iid" - ], - "properties": { - "iid": { - "type": "number", - "description": "ID that is unique in the scope of a parent object, and specific to the resource type." - } - } - } - } - } - } - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.3/sast-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.0.3/sast-report-format.json deleted file mode 100644 index 8aa98646818..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.3/sast-report-format.json +++ /dev/null @@ -1,869 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab SAST", - "description": "This schema provides the report format for Static Application Security Testing analyzers (https://docs.gitlab.com/ee/user/application_security/sast).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.0.3" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "sast" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability.", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "flags": { - "description": "Flags that can be attached to vulnerabilities.", - "type": "array", - "items": { - "type": "object", - "description": "Informational flags identified and assigned to a vulnerability.", - "required": [ - "type", - "origin", - "description" - ], - "properties": { - "type": { - "type": "string", - "minLength": 1, - "description": "Result of the scan.", - "enum": [ - "flagged-as-likely-false-positive" - ] - }, - "origin": { - "minLength": 1, - "description": "Tool that issued the flag.", - "type": "string" - }, - "description": { - "minLength": 1, - "description": "What the flag is about.", - "type": "string" - } - } - } - }, - "location": { - "type": "object", - "description": "Identifies the vulnerability's location.", - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the code affected by the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the code affected by the vulnerability." - }, - "class": { - "type": "string", - "description": "Provides the name of the class where the vulnerability is located." - }, - "method": { - "type": "string", - "description": "Provides the name of the method where the vulnerability is located." - } - } - }, - "raw_source_code_extract": { - "type": "string", - "description": "Provides an unsanitized excerpt of the affected source code." - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.3/secret-detection-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.0.3/secret-detection-report-format.json deleted file mode 100644 index 5a315e39385..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.3/secret-detection-report-format.json +++ /dev/null @@ -1,892 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab Secret Detection", - "description": "This schema provides the the report format for the Secret Detection analyzer (https://docs.gitlab.com/ee/user/application_security/secret_detection)", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.0.3" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "secret_detection" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability.", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "flags": { - "description": "Flags that can be attached to vulnerabilities.", - "type": "array", - "items": { - "type": "object", - "description": "Informational flags identified and assigned to a vulnerability.", - "required": [ - "type", - "origin", - "description" - ], - "properties": { - "type": { - "type": "string", - "minLength": 1, - "description": "Result of the scan.", - "enum": [ - "flagged-as-likely-false-positive" - ] - }, - "origin": { - "minLength": 1, - "description": "Tool that issued the flag.", - "type": "string" - }, - "description": { - "minLength": 1, - "description": "What the flag is about.", - "type": "string" - } - } - } - }, - "location": { - "required": [ - "commit" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located" - }, - "commit": { - "type": "object", - "description": "Represents the commit in which the vulnerability was detected", - "required": [ - "sha" - ], - "properties": { - "author": { - "type": "string" - }, - "date": { - "type": "string" - }, - "message": { - "type": "string" - }, - "sha": { - "type": "string", - "minLength": 1 - } - } - }, - "start_line": { - "type": "number", - "description": "The first line of the code affected by the vulnerability" - }, - "end_line": { - "type": "number", - "description": "The last line of the code affected by the vulnerability" - }, - "class": { - "type": "string", - "description": "Provides the name of the class where the vulnerability is located" - }, - "method": { - "type": "string", - "description": "Provides the name of the method where the vulnerability is located" - } - } - }, - "raw_source_code_extract": { - "type": "string", - "description": "Provides an unsanitized excerpt of the affected source code." - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.4/cluster-image-scanning-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.0.4/cluster-image-scanning-report-format.json deleted file mode 100644 index 3736eac0ba0..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.4/cluster-image-scanning-report-format.json +++ /dev/null @@ -1,977 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab Cluster Image Scanning", - "description": "This schema provides the the report format for Cluster Image Scanning (https://docs.gitlab.com/ee/user/application_security/cluster_image_scanning/).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.0.4" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "cluster_image_scanning" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability.", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "flags": { - "description": "Flags that can be attached to vulnerabilities.", - "type": "array", - "items": { - "type": "object", - "description": "Informational flags identified and assigned to a vulnerability.", - "required": [ - "type", - "origin", - "description" - ], - "properties": { - "type": { - "type": "string", - "minLength": 1, - "description": "Result of the scan.", - "enum": [ - "flagged-as-likely-false-positive" - ] - }, - "origin": { - "minLength": 1, - "description": "Tool that issued the flag.", - "type": "string" - }, - "description": { - "minLength": 1, - "description": "What the flag is about.", - "type": "string" - } - } - } - }, - "location": { - "type": "object", - "description": "Identifies the vulnerability's location.", - "required": [ - "dependency", - "image", - "kubernetes_resource" - ], - "properties": { - "dependency": { - "type": "object", - "description": "Describes the dependency of a project where the vulnerability is located.", - "properties": { - "package": { - "type": "object", - "description": "Provides information on the package where the vulnerability is located.", - "properties": { - "name": { - "type": "string", - "description": "Name of the package where the vulnerability is located." - } - } - }, - "version": { - "type": "string", - "description": "Version of the vulnerable package." - }, - "iid": { - "description": "ID that identifies the dependency in the scope of a dependency file.", - "type": "number" - }, - "direct": { - "type": "boolean", - "description": "Tells whether this is a direct, top-level dependency of the scanned project." - }, - "dependency_path": { - "type": "array", - "description": "Ancestors of the dependency, starting from a direct project dependency, and ending with an immediate parent of the dependency. The dependency itself is excluded from the path. Direct dependencies have no path.", - "items": { - "type": "object", - "required": [ - "iid" - ], - "properties": { - "iid": { - "type": "number", - "description": "ID that is unique in the scope of a parent object, and specific to the resource type." - } - } - } - } - } - }, - "operating_system": { - "type": "string", - "minLength": 1, - "maxLength": 255, - "description": "The operating system that contains the vulnerable package." - }, - "image": { - "type": "string", - "minLength": 1, - "description": "The analyzed Docker image.", - "examples": [ - "index.docker.io/library/nginx:1.21" - ] - }, - "kubernetes_resource": { - "type": "object", - "description": "The specific Kubernetes resource that was scanned.", - "required": [ - "namespace", - "kind", - "name", - "container_name" - ], - "properties": { - "namespace": { - "type": "string", - "minLength": 1, - "maxLength": 255, - "description": "The Kubernetes namespace the resource that had its image scanned.", - "examples": [ - "default", - "staging", - "production" - ] - }, - "kind": { - "type": "string", - "minLength": 1, - "maxLength": 255, - "description": "The Kubernetes kind the resource that had its image scanned.", - "examples": [ - "Deployment", - "DaemonSet" - ] - }, - "name": { - "type": "string", - "minLength": 1, - "maxLength": 255, - "description": "The name of the resource that had its image scanned.", - "examples": [ - "nginx-ingress" - ] - }, - "container_name": { - "type": "string", - "minLength": 1, - "maxLength": 255, - "description": "The name of the container that had its image scanned.", - "examples": [ - "nginx" - ] - }, - "agent_id": { - "type": "string", - "minLength": 1, - "maxLength": 255, - "description": "The GitLab ID of the Kubernetes Agent which performed the scan.", - "examples": [ - "1234" - ] - }, - "cluster_id": { - "type": "string", - "minLength": 1, - "maxLength": 255, - "description": "The GitLab ID of the Kubernetes cluster when using cluster integration.", - "examples": [ - "1234" - ] - } - } - } - } - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.4/container-scanning-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.0.4/container-scanning-report-format.json deleted file mode 100644 index e324201b04b..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.4/container-scanning-report-format.json +++ /dev/null @@ -1,904 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab Container Scanning", - "description": "This schema provides the the report format for Container Scanning (https://docs.gitlab.com/ee/user/application_security/container_scanning).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.0.4" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "container_scanning" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability.", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "flags": { - "description": "Flags that can be attached to vulnerabilities.", - "type": "array", - "items": { - "type": "object", - "description": "Informational flags identified and assigned to a vulnerability.", - "required": [ - "type", - "origin", - "description" - ], - "properties": { - "type": { - "type": "string", - "minLength": 1, - "description": "Result of the scan.", - "enum": [ - "flagged-as-likely-false-positive" - ] - }, - "origin": { - "minLength": 1, - "description": "Tool that issued the flag.", - "type": "string" - }, - "description": { - "minLength": 1, - "description": "What the flag is about.", - "type": "string" - } - } - } - }, - "location": { - "type": "object", - "description": "Identifies the vulnerability's location.", - "required": [ - "dependency", - "operating_system", - "image" - ], - "properties": { - "dependency": { - "type": "object", - "description": "Describes the dependency of a project where the vulnerability is located.", - "properties": { - "package": { - "type": "object", - "description": "Provides information on the package where the vulnerability is located.", - "properties": { - "name": { - "type": "string", - "description": "Name of the package where the vulnerability is located." - } - } - }, - "version": { - "type": "string", - "description": "Version of the vulnerable package." - }, - "iid": { - "description": "ID that identifies the dependency in the scope of a dependency file.", - "type": "number" - }, - "direct": { - "type": "boolean", - "description": "Tells whether this is a direct, top-level dependency of the scanned project." - }, - "dependency_path": { - "type": "array", - "description": "Ancestors of the dependency, starting from a direct project dependency, and ending with an immediate parent of the dependency. The dependency itself is excluded from the path. Direct dependencies have no path.", - "items": { - "type": "object", - "required": [ - "iid" - ], - "properties": { - "iid": { - "type": "number", - "description": "ID that is unique in the scope of a parent object, and specific to the resource type." - } - } - } - } - } - }, - "operating_system": { - "type": "string", - "minLength": 1, - "description": "The operating system that contains the vulnerable package." - }, - "image": { - "type": "string", - "minLength": 1, - "description": "The analyzed Docker image." - } - } - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.4/coverage-fuzzing-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.0.4/coverage-fuzzing-report-format.json deleted file mode 100644 index 7ac5d2b7783..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.4/coverage-fuzzing-report-format.json +++ /dev/null @@ -1,874 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab Fuzz Testing", - "description": "This schema provides the report format for Coverage Guided Fuzz Testing (https://docs.gitlab.com/ee/user/application_security/coverage_fuzzing).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.0.4" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "coverage_fuzzing" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability.", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "flags": { - "description": "Flags that can be attached to vulnerabilities.", - "type": "array", - "items": { - "type": "object", - "description": "Informational flags identified and assigned to a vulnerability.", - "required": [ - "type", - "origin", - "description" - ], - "properties": { - "type": { - "type": "string", - "minLength": 1, - "description": "Result of the scan.", - "enum": [ - "flagged-as-likely-false-positive" - ] - }, - "origin": { - "minLength": 1, - "description": "Tool that issued the flag.", - "type": "string" - }, - "description": { - "minLength": 1, - "description": "What the flag is about.", - "type": "string" - } - } - } - }, - "location": { - "description": "The location of the error", - "type": "object", - "properties": { - "crash_address": { - "type": "string", - "description": "The relative address in memory were the crash occurred.", - "examples": [ - "0xabababab" - ] - }, - "stacktrace_snippet": { - "type": "string", - "description": "The stack trace recorded during fuzzing resulting the crash.", - "examples": [ - "func_a+0xabcd\nfunc_b+0xabcc" - ] - }, - "crash_state": { - "type": "string", - "description": "Minimised and normalized crash stack-trace (called crash_state).", - "examples": [ - "func_a+0xa\nfunc_b+0xb\nfunc_c+0xc" - ] - }, - "crash_type": { - "type": "string", - "description": "Type of the crash.", - "examples": [ - "Heap-Buffer-overflow", - "Division-by-zero" - ] - } - } - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.4/dast-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.0.4/dast-report-format.json deleted file mode 100644 index b3ce7609aea..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.4/dast-report-format.json +++ /dev/null @@ -1,1291 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab DAST", - "description": "This schema provides the the report format for Dynamic Application Security Testing (https://docs.gitlab.com/ee/user/application_security/dast).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.0.4" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanned_resources", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "dast", - "api_fuzzing" - ] - }, - "scanned_resources": { - "type": "array", - "description": "The attack surface scanned by DAST.", - "items": { - "type": "object", - "required": [ - "method", - "url", - "type" - ], - "properties": { - "method": { - "type": "string", - "minLength": 1, - "description": "HTTP method of the scanned resource.", - "examples": [ - "GET", - "POST", - "HEAD" - ] - }, - "url": { - "type": "string", - "minLength": 1, - "description": "URL of the scanned resource.", - "examples": [ - "http://my.site.com/a-page" - ] - }, - "type": { - "type": "string", - "minLength": 1, - "description": "Type of the scanned resource, for DAST, this must be 'url'.", - "examples": [ - "url" - ] - } - } - } - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability.", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "flags": { - "description": "Flags that can be attached to vulnerabilities.", - "type": "array", - "items": { - "type": "object", - "description": "Informational flags identified and assigned to a vulnerability.", - "required": [ - "type", - "origin", - "description" - ], - "properties": { - "type": { - "type": "string", - "minLength": 1, - "description": "Result of the scan.", - "enum": [ - "flagged-as-likely-false-positive" - ] - }, - "origin": { - "minLength": 1, - "description": "Tool that issued the flag.", - "type": "string" - }, - "description": { - "minLength": 1, - "description": "What the flag is about.", - "type": "string" - } - } - } - }, - "evidence": { - "type": "object", - "properties": { - "source": { - "type": "object", - "description": "Source of evidence", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "Unique source identifier", - "examples": [ - "assert:LogAnalysis", - "assert:StatusCode" - ] - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Source display name", - "examples": [ - "Log Analysis", - "Status Code" - ] - }, - "url": { - "type": "string", - "description": "Link to additional information", - "examples": [ - "https://docs.gitlab.com/ee/development/integrations/secure.html" - ] - } - } - }, - "summary": { - "type": "string", - "description": "Human readable string containing evidence of the vulnerability.", - "examples": [ - "Credit card 4111111111111111 found", - "Server leaked information nginx/1.17.6" - ] - }, - "request": { - "type": "object", - "description": "An HTTP request.", - "required": [ - "headers", - "method", - "url" - ], - "properties": { - "headers": { - "type": "array", - "description": "HTTP headers present on the request.", - "items": { - "type": "object", - "required": [ - "name", - "value" - ], - "properties": { - "name": { - "type": "string", - "minLength": 1, - "description": "Name of the HTTP header.", - "examples": [ - "Accept", - "Content-Length", - "Content-Type" - ] - }, - "value": { - "type": "string", - "minLength": 1, - "description": "Value of the HTTP header.", - "examples": [ - "*/*", - "560", - "application/json; charset=utf-8" - ] - } - } - } - }, - "method": { - "type": "string", - "minLength": 1, - "description": "HTTP method used in the request.", - "examples": [ - "GET", - "POST" - ] - }, - "url": { - "type": "string", - "minLength": 1, - "description": "URL of the request.", - "examples": [ - "http://my.site.com/vulnerable-endpoint?show-credit-card" - ] - }, - "body": { - "type": "string", - "description": "Body of the request for display purposes. Body must be suitable for display (not binary), and truncated to a reasonable size.", - "examples": [ - "user=jsmith&first=%27&last=smith" - ] - } - } - }, - "response": { - "type": "object", - "description": "An HTTP response.", - "required": [ - "headers", - "reason_phrase", - "status_code" - ], - "properties": { - "headers": { - "type": "array", - "description": "HTTP headers present on the request.", - "items": { - "type": "object", - "required": [ - "name", - "value" - ], - "properties": { - "name": { - "type": "string", - "minLength": 1, - "description": "Name of the HTTP header.", - "examples": [ - "Accept", - "Content-Length", - "Content-Type" - ] - }, - "value": { - "type": "string", - "minLength": 1, - "description": "Value of the HTTP header.", - "examples": [ - "*/*", - "560", - "application/json; charset=utf-8" - ] - } - } - } - }, - "reason_phrase": { - "type": "string", - "description": "HTTP reason phrase of the response.", - "examples": [ - "OK", - "Internal Server Error" - ] - }, - "status_code": { - "type": "integer", - "description": "HTTP status code of the response.", - "examples": [ - 200, - 500 - ] - }, - "body": { - "type": "string", - "description": "Body of the response for display purposes. Body must be suitable for display (not binary), and truncated to a reasonable size.", - "examples": [ - "{\"user_id\": 2}" - ] - } - } - }, - "supporting_messages": { - "type": "array", - "description": "Array of supporting http messages.", - "items": { - "type": "object", - "description": "A supporting http message.", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "minLength": 1, - "description": "Message display name.", - "examples": [ - "Unmodified", - "Recorded" - ] - }, - "request": { - "type": "object", - "description": "An HTTP request.", - "required": [ - "headers", - "method", - "url" - ], - "properties": { - "headers": { - "type": "array", - "description": "HTTP headers present on the request.", - "items": { - "type": "object", - "required": [ - "name", - "value" - ], - "properties": { - "name": { - "type": "string", - "minLength": 1, - "description": "Name of the HTTP header.", - "examples": [ - "Accept", - "Content-Length", - "Content-Type" - ] - }, - "value": { - "type": "string", - "minLength": 1, - "description": "Value of the HTTP header.", - "examples": [ - "*/*", - "560", - "application/json; charset=utf-8" - ] - } - } - } - }, - "method": { - "type": "string", - "minLength": 1, - "description": "HTTP method used in the request.", - "examples": [ - "GET", - "POST" - ] - }, - "url": { - "type": "string", - "minLength": 1, - "description": "URL of the request.", - "examples": [ - "http://my.site.com/vulnerable-endpoint?show-credit-card" - ] - }, - "body": { - "type": "string", - "description": "Body of the request for display purposes. Body must be suitable for display (not binary), and truncated to a reasonable size.", - "examples": [ - "user=jsmith&first=%27&last=smith" - ] - } - } - }, - "response": { - "type": "object", - "description": "An HTTP response.", - "required": [ - "headers", - "reason_phrase", - "status_code" - ], - "properties": { - "headers": { - "type": "array", - "description": "HTTP headers present on the request.", - "items": { - "type": "object", - "required": [ - "name", - "value" - ], - "properties": { - "name": { - "type": "string", - "minLength": 1, - "description": "Name of the HTTP header.", - "examples": [ - "Accept", - "Content-Length", - "Content-Type" - ] - }, - "value": { - "type": "string", - "minLength": 1, - "description": "Value of the HTTP header.", - "examples": [ - "*/*", - "560", - "application/json; charset=utf-8" - ] - } - } - } - }, - "reason_phrase": { - "type": "string", - "description": "HTTP reason phrase of the response.", - "examples": [ - "OK", - "Internal Server Error" - ] - }, - "status_code": { - "type": "integer", - "description": "HTTP status code of the response.", - "examples": [ - 200, - 500 - ] - }, - "body": { - "type": "string", - "description": "Body of the response for display purposes. Body must be suitable for display (not binary), and truncated to a reasonable size.", - "examples": [ - "{\"user_id\": 2}" - ] - } - } - } - } - } - } - } - }, - "location": { - "type": "object", - "description": "Identifies the vulnerability's location.", - "properties": { - "hostname": { - "type": "string", - "description": "The protocol, domain, and port of the application where the vulnerability was found." - }, - "method": { - "type": "string", - "description": "The HTTP method that was used to request the URL where the vulnerability was found." - }, - "param": { - "type": "string", - "description": "A value provided by a vulnerability rule related to the found vulnerability. Examples include a header value, or a parameter used in a HTTP POST." - }, - "path": { - "type": "string", - "description": "The path of the URL where the vulnerability was found. Typically, this would start with a forward slash." - } - } - }, - "assets": { - "type": "array", - "description": "Array of build assets associated with vulnerability.", - "items": { - "type": "object", - "description": "Describes an asset associated with vulnerability.", - "required": [ - "type", - "name", - "url" - ], - "properties": { - "type": { - "type": "string", - "description": "The type of asset", - "enum": [ - "http_session", - "postman" - ] - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Display name for asset", - "examples": [ - "HTTP Messages", - "Postman Collection" - ] - }, - "url": { - "type": "string", - "minLength": 1, - "description": "Link to asset in build artifacts", - "examples": [ - "https://gitlab.com/gitlab-org/security-products/dast/-/jobs/626397001/artifacts/file//output/zap_session.data" - ] - } - } - } - }, - "discovered_at": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss.sss, representing when the vulnerability was discovered", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}\\.\\d{3}$", - "examples": [ - "2020-01-28T03:26:02.956" - ] - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.4/dependency-scanning-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.0.4/dependency-scanning-report-format.json deleted file mode 100644 index 605d379e497..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.4/dependency-scanning-report-format.json +++ /dev/null @@ -1,968 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab Dependency Scanning", - "description": "This schema provides the the report format for Dependency Scanning analyzers (https://docs.gitlab.com/ee/user/application_security/dependency_scanning).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.0.4" - }, - "required": [ - "dependency_files", - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "dependency_scanning" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability.", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "flags": { - "description": "Flags that can be attached to vulnerabilities.", - "type": "array", - "items": { - "type": "object", - "description": "Informational flags identified and assigned to a vulnerability.", - "required": [ - "type", - "origin", - "description" - ], - "properties": { - "type": { - "type": "string", - "minLength": 1, - "description": "Result of the scan.", - "enum": [ - "flagged-as-likely-false-positive" - ] - }, - "origin": { - "minLength": 1, - "description": "Tool that issued the flag.", - "type": "string" - }, - "description": { - "minLength": 1, - "description": "What the flag is about.", - "type": "string" - } - } - } - }, - "location": { - "type": "object", - "description": "Identifies the vulnerability's location.", - "required": [ - "file", - "dependency" - ], - "properties": { - "file": { - "type": "string", - "minLength": 1, - "description": "Path to the manifest or lock file where the dependency is declared (such as yarn.lock)." - }, - "dependency": { - "type": "object", - "description": "Describes the dependency of a project where the vulnerability is located.", - "properties": { - "package": { - "type": "object", - "description": "Provides information on the package where the vulnerability is located.", - "properties": { - "name": { - "type": "string", - "description": "Name of the package where the vulnerability is located." - } - } - }, - "version": { - "type": "string", - "description": "Version of the vulnerable package." - }, - "iid": { - "description": "ID that identifies the dependency in the scope of a dependency file.", - "type": "number" - }, - "direct": { - "type": "boolean", - "description": "Tells whether this is a direct, top-level dependency of the scanned project." - }, - "dependency_path": { - "type": "array", - "description": "Ancestors of the dependency, starting from a direct project dependency, and ending with an immediate parent of the dependency. The dependency itself is excluded from the path. Direct dependencies have no path.", - "items": { - "type": "object", - "required": [ - "iid" - ], - "properties": { - "iid": { - "type": "number", - "description": "ID that is unique in the scope of a parent object, and specific to the resource type." - } - } - } - } - } - } - } - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - }, - "dependency_files": { - "type": "array", - "description": "List of dependency files identified in the project.", - "items": { - "type": "object", - "required": [ - "path", - "package_manager", - "dependencies" - ], - "properties": { - "path": { - "type": "string", - "minLength": 1 - }, - "package_manager": { - "type": "string", - "minLength": 1 - }, - "dependencies": { - "type": "array", - "items": { - "type": "object", - "description": "Describes the dependency of a project where the vulnerability is located.", - "properties": { - "package": { - "type": "object", - "description": "Provides information on the package where the vulnerability is located.", - "properties": { - "name": { - "type": "string", - "description": "Name of the package where the vulnerability is located." - } - } - }, - "version": { - "type": "string", - "description": "Version of the vulnerable package." - }, - "iid": { - "description": "ID that identifies the dependency in the scope of a dependency file.", - "type": "number" - }, - "direct": { - "type": "boolean", - "description": "Tells whether this is a direct, top-level dependency of the scanned project." - }, - "dependency_path": { - "type": "array", - "description": "Ancestors of the dependency, starting from a direct project dependency, and ending with an immediate parent of the dependency. The dependency itself is excluded from the path. Direct dependencies have no path.", - "items": { - "type": "object", - "required": [ - "iid" - ], - "properties": { - "iid": { - "type": "number", - "description": "ID that is unique in the scope of a parent object, and specific to the resource type." - } - } - } - } - } - } - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.4/sast-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.0.4/sast-report-format.json deleted file mode 100644 index 2d9e1af6663..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.4/sast-report-format.json +++ /dev/null @@ -1,869 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab SAST", - "description": "This schema provides the report format for Static Application Security Testing analyzers (https://docs.gitlab.com/ee/user/application_security/sast).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.0.4" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "sast" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability.", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "flags": { - "description": "Flags that can be attached to vulnerabilities.", - "type": "array", - "items": { - "type": "object", - "description": "Informational flags identified and assigned to a vulnerability.", - "required": [ - "type", - "origin", - "description" - ], - "properties": { - "type": { - "type": "string", - "minLength": 1, - "description": "Result of the scan.", - "enum": [ - "flagged-as-likely-false-positive" - ] - }, - "origin": { - "minLength": 1, - "description": "Tool that issued the flag.", - "type": "string" - }, - "description": { - "minLength": 1, - "description": "What the flag is about.", - "type": "string" - } - } - } - }, - "location": { - "type": "object", - "description": "Identifies the vulnerability's location.", - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the code affected by the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the code affected by the vulnerability." - }, - "class": { - "type": "string", - "description": "Provides the name of the class where the vulnerability is located." - }, - "method": { - "type": "string", - "description": "Provides the name of the method where the vulnerability is located." - } - } - }, - "raw_source_code_extract": { - "type": "string", - "description": "Provides an unsanitized excerpt of the affected source code." - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.4/secret-detection-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.0.4/secret-detection-report-format.json deleted file mode 100644 index 70f22b243c6..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.4/secret-detection-report-format.json +++ /dev/null @@ -1,892 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab Secret Detection", - "description": "This schema provides the the report format for the Secret Detection analyzer (https://docs.gitlab.com/ee/user/application_security/secret_detection)", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.0.4" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "secret_detection" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability.", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "flags": { - "description": "Flags that can be attached to vulnerabilities.", - "type": "array", - "items": { - "type": "object", - "description": "Informational flags identified and assigned to a vulnerability.", - "required": [ - "type", - "origin", - "description" - ], - "properties": { - "type": { - "type": "string", - "minLength": 1, - "description": "Result of the scan.", - "enum": [ - "flagged-as-likely-false-positive" - ] - }, - "origin": { - "minLength": 1, - "description": "Tool that issued the flag.", - "type": "string" - }, - "description": { - "minLength": 1, - "description": "What the flag is about.", - "type": "string" - } - } - } - }, - "location": { - "required": [ - "commit" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located" - }, - "commit": { - "type": "object", - "description": "Represents the commit in which the vulnerability was detected", - "required": [ - "sha" - ], - "properties": { - "author": { - "type": "string" - }, - "date": { - "type": "string" - }, - "message": { - "type": "string" - }, - "sha": { - "type": "string", - "minLength": 1 - } - } - }, - "start_line": { - "type": "number", - "description": "The first line of the code affected by the vulnerability" - }, - "end_line": { - "type": "number", - "description": "The last line of the code affected by the vulnerability" - }, - "class": { - "type": "string", - "description": "Provides the name of the class where the vulnerability is located" - }, - "method": { - "type": "string", - "description": "Provides the name of the method where the vulnerability is located" - } - } - }, - "raw_source_code_extract": { - "type": "string", - "description": "Provides an unsanitized excerpt of the affected source code." - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.5/cluster-image-scanning-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.0.5/cluster-image-scanning-report-format.json deleted file mode 100644 index 882a21e430a..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.5/cluster-image-scanning-report-format.json +++ /dev/null @@ -1,977 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab Cluster Image Scanning", - "description": "This schema provides the the report format for Cluster Image Scanning (https://docs.gitlab.com/ee/user/application_security/cluster_image_scanning/).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.0.5" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "cluster_image_scanning" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability.", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "flags": { - "description": "Flags that can be attached to vulnerabilities.", - "type": "array", - "items": { - "type": "object", - "description": "Informational flags identified and assigned to a vulnerability.", - "required": [ - "type", - "origin", - "description" - ], - "properties": { - "type": { - "type": "string", - "minLength": 1, - "description": "Result of the scan.", - "enum": [ - "flagged-as-likely-false-positive" - ] - }, - "origin": { - "minLength": 1, - "description": "Tool that issued the flag.", - "type": "string" - }, - "description": { - "minLength": 1, - "description": "What the flag is about.", - "type": "string" - } - } - } - }, - "location": { - "type": "object", - "description": "Identifies the vulnerability's location.", - "required": [ - "dependency", - "image", - "kubernetes_resource" - ], - "properties": { - "dependency": { - "type": "object", - "description": "Describes the dependency of a project where the vulnerability is located.", - "properties": { - "package": { - "type": "object", - "description": "Provides information on the package where the vulnerability is located.", - "properties": { - "name": { - "type": "string", - "description": "Name of the package where the vulnerability is located." - } - } - }, - "version": { - "type": "string", - "description": "Version of the vulnerable package." - }, - "iid": { - "description": "ID that identifies the dependency in the scope of a dependency file.", - "type": "number" - }, - "direct": { - "type": "boolean", - "description": "Tells whether this is a direct, top-level dependency of the scanned project." - }, - "dependency_path": { - "type": "array", - "description": "Ancestors of the dependency, starting from a direct project dependency, and ending with an immediate parent of the dependency. The dependency itself is excluded from the path. Direct dependencies have no path.", - "items": { - "type": "object", - "required": [ - "iid" - ], - "properties": { - "iid": { - "type": "number", - "description": "ID that is unique in the scope of a parent object, and specific to the resource type." - } - } - } - } - } - }, - "operating_system": { - "type": "string", - "minLength": 1, - "maxLength": 255, - "description": "The operating system that contains the vulnerable package." - }, - "image": { - "type": "string", - "minLength": 1, - "description": "The analyzed Docker image.", - "examples": [ - "index.docker.io/library/nginx:1.21" - ] - }, - "kubernetes_resource": { - "type": "object", - "description": "The specific Kubernetes resource that was scanned.", - "required": [ - "namespace", - "kind", - "name", - "container_name" - ], - "properties": { - "namespace": { - "type": "string", - "minLength": 1, - "maxLength": 255, - "description": "The Kubernetes namespace the resource that had its image scanned.", - "examples": [ - "default", - "staging", - "production" - ] - }, - "kind": { - "type": "string", - "minLength": 1, - "maxLength": 255, - "description": "The Kubernetes kind the resource that had its image scanned.", - "examples": [ - "Deployment", - "DaemonSet" - ] - }, - "name": { - "type": "string", - "minLength": 1, - "maxLength": 255, - "description": "The name of the resource that had its image scanned.", - "examples": [ - "nginx-ingress" - ] - }, - "container_name": { - "type": "string", - "minLength": 1, - "maxLength": 255, - "description": "The name of the container that had its image scanned.", - "examples": [ - "nginx" - ] - }, - "agent_id": { - "type": "string", - "minLength": 1, - "maxLength": 255, - "description": "The GitLab ID of the Kubernetes Agent which performed the scan.", - "examples": [ - "1234" - ] - }, - "cluster_id": { - "type": "string", - "minLength": 1, - "maxLength": 255, - "description": "The GitLab ID of the Kubernetes cluster when using cluster integration.", - "examples": [ - "1234" - ] - } - } - } - } - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.5/container-scanning-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.0.5/container-scanning-report-format.json deleted file mode 100644 index 08f38650340..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.5/container-scanning-report-format.json +++ /dev/null @@ -1,910 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab Container Scanning", - "description": "This schema provides the the report format for Container Scanning (https://docs.gitlab.com/ee/user/application_security/container_scanning).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.0.5" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "container_scanning" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability.", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "flags": { - "description": "Flags that can be attached to vulnerabilities.", - "type": "array", - "items": { - "type": "object", - "description": "Informational flags identified and assigned to a vulnerability.", - "required": [ - "type", - "origin", - "description" - ], - "properties": { - "type": { - "type": "string", - "minLength": 1, - "description": "Result of the scan.", - "enum": [ - "flagged-as-likely-false-positive" - ] - }, - "origin": { - "minLength": 1, - "description": "Tool that issued the flag.", - "type": "string" - }, - "description": { - "minLength": 1, - "description": "What the flag is about.", - "type": "string" - } - } - } - }, - "location": { - "type": "object", - "description": "Identifies the vulnerability's location.", - "required": [ - "dependency", - "operating_system", - "image" - ], - "properties": { - "dependency": { - "type": "object", - "description": "Describes the dependency of a project where the vulnerability is located.", - "properties": { - "package": { - "type": "object", - "description": "Provides information on the package where the vulnerability is located.", - "properties": { - "name": { - "type": "string", - "description": "Name of the package where the vulnerability is located." - } - } - }, - "version": { - "type": "string", - "description": "Version of the vulnerable package." - }, - "iid": { - "description": "ID that identifies the dependency in the scope of a dependency file.", - "type": "number" - }, - "direct": { - "type": "boolean", - "description": "Tells whether this is a direct, top-level dependency of the scanned project." - }, - "dependency_path": { - "type": "array", - "description": "Ancestors of the dependency, starting from a direct project dependency, and ending with an immediate parent of the dependency. The dependency itself is excluded from the path. Direct dependencies have no path.", - "items": { - "type": "object", - "required": [ - "iid" - ], - "properties": { - "iid": { - "type": "number", - "description": "ID that is unique in the scope of a parent object, and specific to the resource type." - } - } - } - } - } - }, - "operating_system": { - "type": "string", - "minLength": 1, - "description": "The operating system that contains the vulnerable package." - }, - "image": { - "type": "string", - "minLength": 1, - "description": "The analyzed Docker image." - }, - "default_branch_image": { - "type": "string", - "maxLength": 255, - "pattern": "^[a-zA-Z0-9/_.-]+:[a-zA-Z0-9_.-]+$", - "description": "The name of the image on the default branch." - } - } - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.5/coverage-fuzzing-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.0.5/coverage-fuzzing-report-format.json deleted file mode 100644 index a442d38c134..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.5/coverage-fuzzing-report-format.json +++ /dev/null @@ -1,874 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab Fuzz Testing", - "description": "This schema provides the report format for Coverage Guided Fuzz Testing (https://docs.gitlab.com/ee/user/application_security/coverage_fuzzing).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.0.5" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "coverage_fuzzing" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability.", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "flags": { - "description": "Flags that can be attached to vulnerabilities.", - "type": "array", - "items": { - "type": "object", - "description": "Informational flags identified and assigned to a vulnerability.", - "required": [ - "type", - "origin", - "description" - ], - "properties": { - "type": { - "type": "string", - "minLength": 1, - "description": "Result of the scan.", - "enum": [ - "flagged-as-likely-false-positive" - ] - }, - "origin": { - "minLength": 1, - "description": "Tool that issued the flag.", - "type": "string" - }, - "description": { - "minLength": 1, - "description": "What the flag is about.", - "type": "string" - } - } - } - }, - "location": { - "description": "The location of the error", - "type": "object", - "properties": { - "crash_address": { - "type": "string", - "description": "The relative address in memory were the crash occurred.", - "examples": [ - "0xabababab" - ] - }, - "stacktrace_snippet": { - "type": "string", - "description": "The stack trace recorded during fuzzing resulting the crash.", - "examples": [ - "func_a+0xabcd\nfunc_b+0xabcc" - ] - }, - "crash_state": { - "type": "string", - "description": "Minimised and normalized crash stack-trace (called crash_state).", - "examples": [ - "func_a+0xa\nfunc_b+0xb\nfunc_c+0xc" - ] - }, - "crash_type": { - "type": "string", - "description": "Type of the crash.", - "examples": [ - "Heap-Buffer-overflow", - "Division-by-zero" - ] - } - } - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.5/dast-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.0.5/dast-report-format.json deleted file mode 100644 index 9a4d1515bc2..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.5/dast-report-format.json +++ /dev/null @@ -1,1291 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab DAST", - "description": "This schema provides the the report format for Dynamic Application Security Testing (https://docs.gitlab.com/ee/user/application_security/dast).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.0.5" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanned_resources", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "dast", - "api_fuzzing" - ] - }, - "scanned_resources": { - "type": "array", - "description": "The attack surface scanned by DAST.", - "items": { - "type": "object", - "required": [ - "method", - "url", - "type" - ], - "properties": { - "method": { - "type": "string", - "minLength": 1, - "description": "HTTP method of the scanned resource.", - "examples": [ - "GET", - "POST", - "HEAD" - ] - }, - "url": { - "type": "string", - "minLength": 1, - "description": "URL of the scanned resource.", - "examples": [ - "http://my.site.com/a-page" - ] - }, - "type": { - "type": "string", - "minLength": 1, - "description": "Type of the scanned resource, for DAST, this must be 'url'.", - "examples": [ - "url" - ] - } - } - } - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability.", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "flags": { - "description": "Flags that can be attached to vulnerabilities.", - "type": "array", - "items": { - "type": "object", - "description": "Informational flags identified and assigned to a vulnerability.", - "required": [ - "type", - "origin", - "description" - ], - "properties": { - "type": { - "type": "string", - "minLength": 1, - "description": "Result of the scan.", - "enum": [ - "flagged-as-likely-false-positive" - ] - }, - "origin": { - "minLength": 1, - "description": "Tool that issued the flag.", - "type": "string" - }, - "description": { - "minLength": 1, - "description": "What the flag is about.", - "type": "string" - } - } - } - }, - "evidence": { - "type": "object", - "properties": { - "source": { - "type": "object", - "description": "Source of evidence", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "Unique source identifier", - "examples": [ - "assert:LogAnalysis", - "assert:StatusCode" - ] - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Source display name", - "examples": [ - "Log Analysis", - "Status Code" - ] - }, - "url": { - "type": "string", - "description": "Link to additional information", - "examples": [ - "https://docs.gitlab.com/ee/development/integrations/secure.html" - ] - } - } - }, - "summary": { - "type": "string", - "description": "Human readable string containing evidence of the vulnerability.", - "examples": [ - "Credit card 4111111111111111 found", - "Server leaked information nginx/1.17.6" - ] - }, - "request": { - "type": "object", - "description": "An HTTP request.", - "required": [ - "headers", - "method", - "url" - ], - "properties": { - "headers": { - "type": "array", - "description": "HTTP headers present on the request.", - "items": { - "type": "object", - "required": [ - "name", - "value" - ], - "properties": { - "name": { - "type": "string", - "minLength": 1, - "description": "Name of the HTTP header.", - "examples": [ - "Accept", - "Content-Length", - "Content-Type" - ] - }, - "value": { - "type": "string", - "minLength": 1, - "description": "Value of the HTTP header.", - "examples": [ - "*/*", - "560", - "application/json; charset=utf-8" - ] - } - } - } - }, - "method": { - "type": "string", - "minLength": 1, - "description": "HTTP method used in the request.", - "examples": [ - "GET", - "POST" - ] - }, - "url": { - "type": "string", - "minLength": 1, - "description": "URL of the request.", - "examples": [ - "http://my.site.com/vulnerable-endpoint?show-credit-card" - ] - }, - "body": { - "type": "string", - "description": "Body of the request for display purposes. Body must be suitable for display (not binary), and truncated to a reasonable size.", - "examples": [ - "user=jsmith&first=%27&last=smith" - ] - } - } - }, - "response": { - "type": "object", - "description": "An HTTP response.", - "required": [ - "headers", - "reason_phrase", - "status_code" - ], - "properties": { - "headers": { - "type": "array", - "description": "HTTP headers present on the request.", - "items": { - "type": "object", - "required": [ - "name", - "value" - ], - "properties": { - "name": { - "type": "string", - "minLength": 1, - "description": "Name of the HTTP header.", - "examples": [ - "Accept", - "Content-Length", - "Content-Type" - ] - }, - "value": { - "type": "string", - "minLength": 1, - "description": "Value of the HTTP header.", - "examples": [ - "*/*", - "560", - "application/json; charset=utf-8" - ] - } - } - } - }, - "reason_phrase": { - "type": "string", - "description": "HTTP reason phrase of the response.", - "examples": [ - "OK", - "Internal Server Error" - ] - }, - "status_code": { - "type": "integer", - "description": "HTTP status code of the response.", - "examples": [ - 200, - 500 - ] - }, - "body": { - "type": "string", - "description": "Body of the response for display purposes. Body must be suitable for display (not binary), and truncated to a reasonable size.", - "examples": [ - "{\"user_id\": 2}" - ] - } - } - }, - "supporting_messages": { - "type": "array", - "description": "Array of supporting http messages.", - "items": { - "type": "object", - "description": "A supporting http message.", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "minLength": 1, - "description": "Message display name.", - "examples": [ - "Unmodified", - "Recorded" - ] - }, - "request": { - "type": "object", - "description": "An HTTP request.", - "required": [ - "headers", - "method", - "url" - ], - "properties": { - "headers": { - "type": "array", - "description": "HTTP headers present on the request.", - "items": { - "type": "object", - "required": [ - "name", - "value" - ], - "properties": { - "name": { - "type": "string", - "minLength": 1, - "description": "Name of the HTTP header.", - "examples": [ - "Accept", - "Content-Length", - "Content-Type" - ] - }, - "value": { - "type": "string", - "minLength": 1, - "description": "Value of the HTTP header.", - "examples": [ - "*/*", - "560", - "application/json; charset=utf-8" - ] - } - } - } - }, - "method": { - "type": "string", - "minLength": 1, - "description": "HTTP method used in the request.", - "examples": [ - "GET", - "POST" - ] - }, - "url": { - "type": "string", - "minLength": 1, - "description": "URL of the request.", - "examples": [ - "http://my.site.com/vulnerable-endpoint?show-credit-card" - ] - }, - "body": { - "type": "string", - "description": "Body of the request for display purposes. Body must be suitable for display (not binary), and truncated to a reasonable size.", - "examples": [ - "user=jsmith&first=%27&last=smith" - ] - } - } - }, - "response": { - "type": "object", - "description": "An HTTP response.", - "required": [ - "headers", - "reason_phrase", - "status_code" - ], - "properties": { - "headers": { - "type": "array", - "description": "HTTP headers present on the request.", - "items": { - "type": "object", - "required": [ - "name", - "value" - ], - "properties": { - "name": { - "type": "string", - "minLength": 1, - "description": "Name of the HTTP header.", - "examples": [ - "Accept", - "Content-Length", - "Content-Type" - ] - }, - "value": { - "type": "string", - "minLength": 1, - "description": "Value of the HTTP header.", - "examples": [ - "*/*", - "560", - "application/json; charset=utf-8" - ] - } - } - } - }, - "reason_phrase": { - "type": "string", - "description": "HTTP reason phrase of the response.", - "examples": [ - "OK", - "Internal Server Error" - ] - }, - "status_code": { - "type": "integer", - "description": "HTTP status code of the response.", - "examples": [ - 200, - 500 - ] - }, - "body": { - "type": "string", - "description": "Body of the response for display purposes. Body must be suitable for display (not binary), and truncated to a reasonable size.", - "examples": [ - "{\"user_id\": 2}" - ] - } - } - } - } - } - } - } - }, - "location": { - "type": "object", - "description": "Identifies the vulnerability's location.", - "properties": { - "hostname": { - "type": "string", - "description": "The protocol, domain, and port of the application where the vulnerability was found." - }, - "method": { - "type": "string", - "description": "The HTTP method that was used to request the URL where the vulnerability was found." - }, - "param": { - "type": "string", - "description": "A value provided by a vulnerability rule related to the found vulnerability. Examples include a header value, or a parameter used in a HTTP POST." - }, - "path": { - "type": "string", - "description": "The path of the URL where the vulnerability was found. Typically, this would start with a forward slash." - } - } - }, - "assets": { - "type": "array", - "description": "Array of build assets associated with vulnerability.", - "items": { - "type": "object", - "description": "Describes an asset associated with vulnerability.", - "required": [ - "type", - "name", - "url" - ], - "properties": { - "type": { - "type": "string", - "description": "The type of asset", - "enum": [ - "http_session", - "postman" - ] - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Display name for asset", - "examples": [ - "HTTP Messages", - "Postman Collection" - ] - }, - "url": { - "type": "string", - "minLength": 1, - "description": "Link to asset in build artifacts", - "examples": [ - "https://gitlab.com/gitlab-org/security-products/dast/-/jobs/626397001/artifacts/file//output/zap_session.data" - ] - } - } - } - }, - "discovered_at": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss.sss, representing when the vulnerability was discovered", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}\\.\\d{3}$", - "examples": [ - "2020-01-28T03:26:02.956" - ] - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.5/dependency-scanning-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.0.5/dependency-scanning-report-format.json deleted file mode 100644 index e84dd9c87d8..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.5/dependency-scanning-report-format.json +++ /dev/null @@ -1,968 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab Dependency Scanning", - "description": "This schema provides the the report format for Dependency Scanning analyzers (https://docs.gitlab.com/ee/user/application_security/dependency_scanning).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.0.5" - }, - "required": [ - "dependency_files", - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "dependency_scanning" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability.", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "flags": { - "description": "Flags that can be attached to vulnerabilities.", - "type": "array", - "items": { - "type": "object", - "description": "Informational flags identified and assigned to a vulnerability.", - "required": [ - "type", - "origin", - "description" - ], - "properties": { - "type": { - "type": "string", - "minLength": 1, - "description": "Result of the scan.", - "enum": [ - "flagged-as-likely-false-positive" - ] - }, - "origin": { - "minLength": 1, - "description": "Tool that issued the flag.", - "type": "string" - }, - "description": { - "minLength": 1, - "description": "What the flag is about.", - "type": "string" - } - } - } - }, - "location": { - "type": "object", - "description": "Identifies the vulnerability's location.", - "required": [ - "file", - "dependency" - ], - "properties": { - "file": { - "type": "string", - "minLength": 1, - "description": "Path to the manifest or lock file where the dependency is declared (such as yarn.lock)." - }, - "dependency": { - "type": "object", - "description": "Describes the dependency of a project where the vulnerability is located.", - "properties": { - "package": { - "type": "object", - "description": "Provides information on the package where the vulnerability is located.", - "properties": { - "name": { - "type": "string", - "description": "Name of the package where the vulnerability is located." - } - } - }, - "version": { - "type": "string", - "description": "Version of the vulnerable package." - }, - "iid": { - "description": "ID that identifies the dependency in the scope of a dependency file.", - "type": "number" - }, - "direct": { - "type": "boolean", - "description": "Tells whether this is a direct, top-level dependency of the scanned project." - }, - "dependency_path": { - "type": "array", - "description": "Ancestors of the dependency, starting from a direct project dependency, and ending with an immediate parent of the dependency. The dependency itself is excluded from the path. Direct dependencies have no path.", - "items": { - "type": "object", - "required": [ - "iid" - ], - "properties": { - "iid": { - "type": "number", - "description": "ID that is unique in the scope of a parent object, and specific to the resource type." - } - } - } - } - } - } - } - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - }, - "dependency_files": { - "type": "array", - "description": "List of dependency files identified in the project.", - "items": { - "type": "object", - "required": [ - "path", - "package_manager", - "dependencies" - ], - "properties": { - "path": { - "type": "string", - "minLength": 1 - }, - "package_manager": { - "type": "string", - "minLength": 1 - }, - "dependencies": { - "type": "array", - "items": { - "type": "object", - "description": "Describes the dependency of a project where the vulnerability is located.", - "properties": { - "package": { - "type": "object", - "description": "Provides information on the package where the vulnerability is located.", - "properties": { - "name": { - "type": "string", - "description": "Name of the package where the vulnerability is located." - } - } - }, - "version": { - "type": "string", - "description": "Version of the vulnerable package." - }, - "iid": { - "description": "ID that identifies the dependency in the scope of a dependency file.", - "type": "number" - }, - "direct": { - "type": "boolean", - "description": "Tells whether this is a direct, top-level dependency of the scanned project." - }, - "dependency_path": { - "type": "array", - "description": "Ancestors of the dependency, starting from a direct project dependency, and ending with an immediate parent of the dependency. The dependency itself is excluded from the path. Direct dependencies have no path.", - "items": { - "type": "object", - "required": [ - "iid" - ], - "properties": { - "iid": { - "type": "number", - "description": "ID that is unique in the scope of a parent object, and specific to the resource type." - } - } - } - } - } - } - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.5/sast-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.0.5/sast-report-format.json deleted file mode 100644 index b10b199a97c..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.5/sast-report-format.json +++ /dev/null @@ -1,869 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab SAST", - "description": "This schema provides the report format for Static Application Security Testing analyzers (https://docs.gitlab.com/ee/user/application_security/sast).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.0.5" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "sast" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability.", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "flags": { - "description": "Flags that can be attached to vulnerabilities.", - "type": "array", - "items": { - "type": "object", - "description": "Informational flags identified and assigned to a vulnerability.", - "required": [ - "type", - "origin", - "description" - ], - "properties": { - "type": { - "type": "string", - "minLength": 1, - "description": "Result of the scan.", - "enum": [ - "flagged-as-likely-false-positive" - ] - }, - "origin": { - "minLength": 1, - "description": "Tool that issued the flag.", - "type": "string" - }, - "description": { - "minLength": 1, - "description": "What the flag is about.", - "type": "string" - } - } - } - }, - "location": { - "type": "object", - "description": "Identifies the vulnerability's location.", - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the code affected by the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the code affected by the vulnerability." - }, - "class": { - "type": "string", - "description": "Provides the name of the class where the vulnerability is located." - }, - "method": { - "type": "string", - "description": "Provides the name of the method where the vulnerability is located." - } - } - }, - "raw_source_code_extract": { - "type": "string", - "description": "Provides an unsanitized excerpt of the affected source code." - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.5/secret-detection-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.0.5/secret-detection-report-format.json deleted file mode 100644 index 5bd945c8ab5..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.5/secret-detection-report-format.json +++ /dev/null @@ -1,892 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab Secret Detection", - "description": "This schema provides the the report format for the Secret Detection analyzer (https://docs.gitlab.com/ee/user/application_security/secret_detection)", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.0.5" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "secret_detection" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability.", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "flags": { - "description": "Flags that can be attached to vulnerabilities.", - "type": "array", - "items": { - "type": "object", - "description": "Informational flags identified and assigned to a vulnerability.", - "required": [ - "type", - "origin", - "description" - ], - "properties": { - "type": { - "type": "string", - "minLength": 1, - "description": "Result of the scan.", - "enum": [ - "flagged-as-likely-false-positive" - ] - }, - "origin": { - "minLength": 1, - "description": "Tool that issued the flag.", - "type": "string" - }, - "description": { - "minLength": 1, - "description": "What the flag is about.", - "type": "string" - } - } - } - }, - "location": { - "required": [ - "commit" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located" - }, - "commit": { - "type": "object", - "description": "Represents the commit in which the vulnerability was detected", - "required": [ - "sha" - ], - "properties": { - "author": { - "type": "string" - }, - "date": { - "type": "string" - }, - "message": { - "type": "string" - }, - "sha": { - "type": "string", - "minLength": 1 - } - } - }, - "start_line": { - "type": "number", - "description": "The first line of the code affected by the vulnerability" - }, - "end_line": { - "type": "number", - "description": "The last line of the code affected by the vulnerability" - }, - "class": { - "type": "string", - "description": "Provides the name of the class where the vulnerability is located" - }, - "method": { - "type": "string", - "description": "Provides the name of the method where the vulnerability is located" - } - } - }, - "raw_source_code_extract": { - "type": "string", - "description": "Provides an unsanitized excerpt of the affected source code." - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.6/cluster-image-scanning-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.0.6/cluster-image-scanning-report-format.json deleted file mode 100644 index 951b0fea013..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.6/cluster-image-scanning-report-format.json +++ /dev/null @@ -1,977 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab Cluster Image Scanning", - "description": "This schema provides the the report format for Cluster Image Scanning (https://docs.gitlab.com/ee/user/application_security/cluster_image_scanning/).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.0.6" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "cluster_image_scanning" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability using GitLab Flavored Markdown", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "flags": { - "description": "Flags that can be attached to vulnerabilities.", - "type": "array", - "items": { - "type": "object", - "description": "Informational flags identified and assigned to a vulnerability.", - "required": [ - "type", - "origin", - "description" - ], - "properties": { - "type": { - "type": "string", - "minLength": 1, - "description": "Result of the scan.", - "enum": [ - "flagged-as-likely-false-positive" - ] - }, - "origin": { - "minLength": 1, - "description": "Tool that issued the flag.", - "type": "string" - }, - "description": { - "minLength": 1, - "description": "What the flag is about.", - "type": "string" - } - } - } - }, - "location": { - "type": "object", - "description": "Identifies the vulnerability's location.", - "required": [ - "dependency", - "image", - "kubernetes_resource" - ], - "properties": { - "dependency": { - "type": "object", - "description": "Describes the dependency of a project where the vulnerability is located.", - "properties": { - "package": { - "type": "object", - "description": "Provides information on the package where the vulnerability is located.", - "properties": { - "name": { - "type": "string", - "description": "Name of the package where the vulnerability is located." - } - } - }, - "version": { - "type": "string", - "description": "Version of the vulnerable package." - }, - "iid": { - "description": "ID that identifies the dependency in the scope of a dependency file.", - "type": "number" - }, - "direct": { - "type": "boolean", - "description": "Tells whether this is a direct, top-level dependency of the scanned project." - }, - "dependency_path": { - "type": "array", - "description": "Ancestors of the dependency, starting from a direct project dependency, and ending with an immediate parent of the dependency. The dependency itself is excluded from the path. Direct dependencies have no path.", - "items": { - "type": "object", - "required": [ - "iid" - ], - "properties": { - "iid": { - "type": "number", - "description": "ID that is unique in the scope of a parent object, and specific to the resource type." - } - } - } - } - } - }, - "operating_system": { - "type": "string", - "minLength": 1, - "maxLength": 255, - "description": "The operating system that contains the vulnerable package." - }, - "image": { - "type": "string", - "minLength": 1, - "description": "The analyzed Docker image.", - "examples": [ - "index.docker.io/library/nginx:1.21" - ] - }, - "kubernetes_resource": { - "type": "object", - "description": "The specific Kubernetes resource that was scanned.", - "required": [ - "namespace", - "kind", - "name", - "container_name" - ], - "properties": { - "namespace": { - "type": "string", - "minLength": 1, - "maxLength": 255, - "description": "The Kubernetes namespace the resource that had its image scanned.", - "examples": [ - "default", - "staging", - "production" - ] - }, - "kind": { - "type": "string", - "minLength": 1, - "maxLength": 255, - "description": "The Kubernetes kind the resource that had its image scanned.", - "examples": [ - "Deployment", - "DaemonSet" - ] - }, - "name": { - "type": "string", - "minLength": 1, - "maxLength": 255, - "description": "The name of the resource that had its image scanned.", - "examples": [ - "nginx-ingress" - ] - }, - "container_name": { - "type": "string", - "minLength": 1, - "maxLength": 255, - "description": "The name of the container that had its image scanned.", - "examples": [ - "nginx" - ] - }, - "agent_id": { - "type": "string", - "minLength": 1, - "maxLength": 255, - "description": "The GitLab ID of the Kubernetes Agent which performed the scan.", - "examples": [ - "1234" - ] - }, - "cluster_id": { - "type": "string", - "minLength": 1, - "maxLength": 255, - "description": "The GitLab ID of the Kubernetes cluster when using cluster integration.", - "examples": [ - "1234" - ] - } - } - } - } - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.6/coverage-fuzzing-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.0.6/coverage-fuzzing-report-format.json deleted file mode 100644 index de79d4b52ab..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.6/coverage-fuzzing-report-format.json +++ /dev/null @@ -1,874 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab Fuzz Testing", - "description": "This schema provides the report format for Coverage Guided Fuzz Testing (https://docs.gitlab.com/ee/user/application_security/coverage_fuzzing).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.0.6" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "coverage_fuzzing" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability using GitLab Flavored Markdown", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "flags": { - "description": "Flags that can be attached to vulnerabilities.", - "type": "array", - "items": { - "type": "object", - "description": "Informational flags identified and assigned to a vulnerability.", - "required": [ - "type", - "origin", - "description" - ], - "properties": { - "type": { - "type": "string", - "minLength": 1, - "description": "Result of the scan.", - "enum": [ - "flagged-as-likely-false-positive" - ] - }, - "origin": { - "minLength": 1, - "description": "Tool that issued the flag.", - "type": "string" - }, - "description": { - "minLength": 1, - "description": "What the flag is about.", - "type": "string" - } - } - } - }, - "location": { - "description": "The location of the error", - "type": "object", - "properties": { - "crash_address": { - "type": "string", - "description": "The relative address in memory were the crash occurred.", - "examples": [ - "0xabababab" - ] - }, - "stacktrace_snippet": { - "type": "string", - "description": "The stack trace recorded during fuzzing resulting the crash.", - "examples": [ - "func_a+0xabcd\nfunc_b+0xabcc" - ] - }, - "crash_state": { - "type": "string", - "description": "Minimised and normalized crash stack-trace (called crash_state).", - "examples": [ - "func_a+0xa\nfunc_b+0xb\nfunc_c+0xc" - ] - }, - "crash_type": { - "type": "string", - "description": "Type of the crash.", - "examples": [ - "Heap-Buffer-overflow", - "Division-by-zero" - ] - } - } - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.6/dependency-scanning-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.0.6/dependency-scanning-report-format.json deleted file mode 100644 index 80d6fc9c7d2..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.6/dependency-scanning-report-format.json +++ /dev/null @@ -1,968 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab Dependency Scanning", - "description": "This schema provides the the report format for Dependency Scanning analyzers (https://docs.gitlab.com/ee/user/application_security/dependency_scanning).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.0.6" - }, - "required": [ - "dependency_files", - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "dependency_scanning" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability using GitLab Flavored Markdown", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "flags": { - "description": "Flags that can be attached to vulnerabilities.", - "type": "array", - "items": { - "type": "object", - "description": "Informational flags identified and assigned to a vulnerability.", - "required": [ - "type", - "origin", - "description" - ], - "properties": { - "type": { - "type": "string", - "minLength": 1, - "description": "Result of the scan.", - "enum": [ - "flagged-as-likely-false-positive" - ] - }, - "origin": { - "minLength": 1, - "description": "Tool that issued the flag.", - "type": "string" - }, - "description": { - "minLength": 1, - "description": "What the flag is about.", - "type": "string" - } - } - } - }, - "location": { - "type": "object", - "description": "Identifies the vulnerability's location.", - "required": [ - "file", - "dependency" - ], - "properties": { - "file": { - "type": "string", - "minLength": 1, - "description": "Path to the manifest or lock file where the dependency is declared (such as yarn.lock)." - }, - "dependency": { - "type": "object", - "description": "Describes the dependency of a project where the vulnerability is located.", - "properties": { - "package": { - "type": "object", - "description": "Provides information on the package where the vulnerability is located.", - "properties": { - "name": { - "type": "string", - "description": "Name of the package where the vulnerability is located." - } - } - }, - "version": { - "type": "string", - "description": "Version of the vulnerable package." - }, - "iid": { - "description": "ID that identifies the dependency in the scope of a dependency file.", - "type": "number" - }, - "direct": { - "type": "boolean", - "description": "Tells whether this is a direct, top-level dependency of the scanned project." - }, - "dependency_path": { - "type": "array", - "description": "Ancestors of the dependency, starting from a direct project dependency, and ending with an immediate parent of the dependency. The dependency itself is excluded from the path. Direct dependencies have no path.", - "items": { - "type": "object", - "required": [ - "iid" - ], - "properties": { - "iid": { - "type": "number", - "description": "ID that is unique in the scope of a parent object, and specific to the resource type." - } - } - } - } - } - } - } - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - }, - "dependency_files": { - "type": "array", - "description": "List of dependency files identified in the project.", - "items": { - "type": "object", - "required": [ - "path", - "package_manager", - "dependencies" - ], - "properties": { - "path": { - "type": "string", - "minLength": 1 - }, - "package_manager": { - "type": "string", - "minLength": 1 - }, - "dependencies": { - "type": "array", - "items": { - "type": "object", - "description": "Describes the dependency of a project where the vulnerability is located.", - "properties": { - "package": { - "type": "object", - "description": "Provides information on the package where the vulnerability is located.", - "properties": { - "name": { - "type": "string", - "description": "Name of the package where the vulnerability is located." - } - } - }, - "version": { - "type": "string", - "description": "Version of the vulnerable package." - }, - "iid": { - "description": "ID that identifies the dependency in the scope of a dependency file.", - "type": "number" - }, - "direct": { - "type": "boolean", - "description": "Tells whether this is a direct, top-level dependency of the scanned project." - }, - "dependency_path": { - "type": "array", - "description": "Ancestors of the dependency, starting from a direct project dependency, and ending with an immediate parent of the dependency. The dependency itself is excluded from the path. Direct dependencies have no path.", - "items": { - "type": "object", - "required": [ - "iid" - ], - "properties": { - "iid": { - "type": "number", - "description": "ID that is unique in the scope of a parent object, and specific to the resource type." - } - } - } - } - } - } - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.6/sast-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.0.6/sast-report-format.json deleted file mode 100644 index b87182bb237..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.6/sast-report-format.json +++ /dev/null @@ -1,869 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab SAST", - "description": "This schema provides the report format for Static Application Security Testing analyzers (https://docs.gitlab.com/ee/user/application_security/sast).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.0.6" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "sast" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability using GitLab Flavored Markdown", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "flags": { - "description": "Flags that can be attached to vulnerabilities.", - "type": "array", - "items": { - "type": "object", - "description": "Informational flags identified and assigned to a vulnerability.", - "required": [ - "type", - "origin", - "description" - ], - "properties": { - "type": { - "type": "string", - "minLength": 1, - "description": "Result of the scan.", - "enum": [ - "flagged-as-likely-false-positive" - ] - }, - "origin": { - "minLength": 1, - "description": "Tool that issued the flag.", - "type": "string" - }, - "description": { - "minLength": 1, - "description": "What the flag is about.", - "type": "string" - } - } - } - }, - "location": { - "type": "object", - "description": "Identifies the vulnerability's location.", - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the code affected by the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the code affected by the vulnerability." - }, - "class": { - "type": "string", - "description": "Provides the name of the class where the vulnerability is located." - }, - "method": { - "type": "string", - "description": "Provides the name of the method where the vulnerability is located." - } - } - }, - "raw_source_code_extract": { - "type": "string", - "description": "Provides an unsanitized excerpt of the affected source code." - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.6/secret-detection-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.0.6/secret-detection-report-format.json deleted file mode 100644 index 191d94aad5f..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.6/secret-detection-report-format.json +++ /dev/null @@ -1,892 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab Secret Detection", - "description": "This schema provides the the report format for the Secret Detection analyzer (https://docs.gitlab.com/ee/user/application_security/secret_detection)", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.0.6" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "secret_detection" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability using GitLab Flavored Markdown", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "flags": { - "description": "Flags that can be attached to vulnerabilities.", - "type": "array", - "items": { - "type": "object", - "description": "Informational flags identified and assigned to a vulnerability.", - "required": [ - "type", - "origin", - "description" - ], - "properties": { - "type": { - "type": "string", - "minLength": 1, - "description": "Result of the scan.", - "enum": [ - "flagged-as-likely-false-positive" - ] - }, - "origin": { - "minLength": 1, - "description": "Tool that issued the flag.", - "type": "string" - }, - "description": { - "minLength": 1, - "description": "What the flag is about.", - "type": "string" - } - } - } - }, - "location": { - "required": [ - "commit" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located" - }, - "commit": { - "type": "object", - "description": "Represents the commit in which the vulnerability was detected", - "required": [ - "sha" - ], - "properties": { - "author": { - "type": "string" - }, - "date": { - "type": "string" - }, - "message": { - "type": "string" - }, - "sha": { - "type": "string", - "minLength": 1 - } - } - }, - "start_line": { - "type": "number", - "description": "The first line of the code affected by the vulnerability" - }, - "end_line": { - "type": "number", - "description": "The last line of the code affected by the vulnerability" - }, - "class": { - "type": "string", - "description": "Provides the name of the class where the vulnerability is located" - }, - "method": { - "type": "string", - "description": "Provides the name of the method where the vulnerability is located" - } - } - }, - "raw_source_code_extract": { - "type": "string", - "description": "Provides an unsanitized excerpt of the affected source code." - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.0/cluster-image-scanning-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.1.0/cluster-image-scanning-report-format.json deleted file mode 100644 index 3f78ff0354f..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.0/cluster-image-scanning-report-format.json +++ /dev/null @@ -1,977 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab Cluster Image Scanning", - "description": "This schema provides the the report format for Cluster Image Scanning (https://docs.gitlab.com/ee/user/application_security/cluster_image_scanning/).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.1.0" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "cluster_image_scanning" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability using GitLab Flavored Markdown", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "flags": { - "description": "Flags that can be attached to vulnerabilities.", - "type": "array", - "items": { - "type": "object", - "description": "Informational flags identified and assigned to a vulnerability.", - "required": [ - "type", - "origin", - "description" - ], - "properties": { - "type": { - "type": "string", - "minLength": 1, - "description": "Result of the scan.", - "enum": [ - "flagged-as-likely-false-positive" - ] - }, - "origin": { - "minLength": 1, - "description": "Tool that issued the flag.", - "type": "string" - }, - "description": { - "minLength": 1, - "description": "What the flag is about.", - "type": "string" - } - } - } - }, - "location": { - "type": "object", - "description": "Identifies the vulnerability's location.", - "required": [ - "dependency", - "image", - "kubernetes_resource" - ], - "properties": { - "dependency": { - "type": "object", - "description": "Describes the dependency of a project where the vulnerability is located.", - "properties": { - "package": { - "type": "object", - "description": "Provides information on the package where the vulnerability is located.", - "properties": { - "name": { - "type": "string", - "description": "Name of the package where the vulnerability is located." - } - } - }, - "version": { - "type": "string", - "description": "Version of the vulnerable package." - }, - "iid": { - "description": "ID that identifies the dependency in the scope of a dependency file.", - "type": "number" - }, - "direct": { - "type": "boolean", - "description": "Tells whether this is a direct, top-level dependency of the scanned project." - }, - "dependency_path": { - "type": "array", - "description": "Ancestors of the dependency, starting from a direct project dependency, and ending with an immediate parent of the dependency. The dependency itself is excluded from the path. Direct dependencies have no path.", - "items": { - "type": "object", - "required": [ - "iid" - ], - "properties": { - "iid": { - "type": "number", - "description": "ID that is unique in the scope of a parent object, and specific to the resource type." - } - } - } - } - } - }, - "operating_system": { - "type": "string", - "minLength": 1, - "maxLength": 255, - "description": "The operating system that contains the vulnerable package." - }, - "image": { - "type": "string", - "minLength": 1, - "description": "The analyzed Docker image.", - "examples": [ - "index.docker.io/library/nginx:1.21" - ] - }, - "kubernetes_resource": { - "type": "object", - "description": "The specific Kubernetes resource that was scanned.", - "required": [ - "namespace", - "kind", - "name", - "container_name" - ], - "properties": { - "namespace": { - "type": "string", - "minLength": 1, - "maxLength": 255, - "description": "The Kubernetes namespace the resource that had its image scanned.", - "examples": [ - "default", - "staging", - "production" - ] - }, - "kind": { - "type": "string", - "minLength": 1, - "maxLength": 255, - "description": "The Kubernetes kind the resource that had its image scanned.", - "examples": [ - "Deployment", - "DaemonSet" - ] - }, - "name": { - "type": "string", - "minLength": 1, - "maxLength": 255, - "description": "The name of the resource that had its image scanned.", - "examples": [ - "nginx-ingress" - ] - }, - "container_name": { - "type": "string", - "minLength": 1, - "maxLength": 255, - "description": "The name of the container that had its image scanned.", - "examples": [ - "nginx" - ] - }, - "agent_id": { - "type": "string", - "minLength": 1, - "maxLength": 255, - "description": "The GitLab ID of the Kubernetes Agent which performed the scan.", - "examples": [ - "1234" - ] - }, - "cluster_id": { - "type": "string", - "minLength": 1, - "maxLength": 255, - "description": "The GitLab ID of the Kubernetes cluster when using cluster integration.", - "examples": [ - "1234" - ] - } - } - } - } - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.0/container-scanning-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.1.0/container-scanning-report-format.json deleted file mode 100644 index 6e8a1c54fb4..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.0/container-scanning-report-format.json +++ /dev/null @@ -1,911 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab Container Scanning", - "description": "This schema provides the the report format for Container Scanning (https://docs.gitlab.com/ee/user/application_security/container_scanning).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.1.0" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "container_scanning" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability using GitLab Flavored Markdown", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "flags": { - "description": "Flags that can be attached to vulnerabilities.", - "type": "array", - "items": { - "type": "object", - "description": "Informational flags identified and assigned to a vulnerability.", - "required": [ - "type", - "origin", - "description" - ], - "properties": { - "type": { - "type": "string", - "minLength": 1, - "description": "Result of the scan.", - "enum": [ - "flagged-as-likely-false-positive" - ] - }, - "origin": { - "minLength": 1, - "description": "Tool that issued the flag.", - "type": "string" - }, - "description": { - "minLength": 1, - "description": "What the flag is about.", - "type": "string" - } - } - } - }, - "location": { - "type": "object", - "description": "Identifies the vulnerability's location.", - "required": [ - "dependency", - "operating_system", - "image" - ], - "properties": { - "dependency": { - "type": "object", - "description": "Describes the dependency of a project where the vulnerability is located.", - "properties": { - "package": { - "type": "object", - "description": "Provides information on the package where the vulnerability is located.", - "properties": { - "name": { - "type": "string", - "description": "Name of the package where the vulnerability is located." - } - } - }, - "version": { - "type": "string", - "description": "Version of the vulnerable package." - }, - "iid": { - "description": "ID that identifies the dependency in the scope of a dependency file.", - "type": "number" - }, - "direct": { - "type": "boolean", - "description": "Tells whether this is a direct, top-level dependency of the scanned project." - }, - "dependency_path": { - "type": "array", - "description": "Ancestors of the dependency, starting from a direct project dependency, and ending with an immediate parent of the dependency. The dependency itself is excluded from the path. Direct dependencies have no path.", - "items": { - "type": "object", - "required": [ - "iid" - ], - "properties": { - "iid": { - "type": "number", - "description": "ID that is unique in the scope of a parent object, and specific to the resource type." - } - } - } - } - } - }, - "operating_system": { - "type": "string", - "minLength": 1, - "description": "The operating system that contains the vulnerable package." - }, - "image": { - "type": "string", - "minLength": 1, - "pattern": "^[^:]+(:\\d+[^:]*)?:[^:]+$", - "description": "The analyzed Docker image." - }, - "default_branch_image": { - "type": "string", - "maxLength": 255, - "pattern": "^[a-zA-Z0-9/_.-]+(:\\d+[a-zA-Z0-9/_.-]*)?:[a-zA-Z0-9_.-]+$", - "description": "The name of the image on the default branch." - } - } - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.0/dast-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.1.0/dast-report-format.json deleted file mode 100644 index 73c03082d32..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.0/dast-report-format.json +++ /dev/null @@ -1,1291 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab DAST", - "description": "This schema provides the the report format for Dynamic Application Security Testing (https://docs.gitlab.com/ee/user/application_security/dast).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.1.0" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanned_resources", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "dast", - "api_fuzzing" - ] - }, - "scanned_resources": { - "type": "array", - "description": "The attack surface scanned by DAST.", - "items": { - "type": "object", - "required": [ - "method", - "url", - "type" - ], - "properties": { - "method": { - "type": "string", - "minLength": 1, - "description": "HTTP method of the scanned resource.", - "examples": [ - "GET", - "POST", - "HEAD" - ] - }, - "url": { - "type": "string", - "minLength": 1, - "description": "URL of the scanned resource.", - "examples": [ - "http://my.site.com/a-page" - ] - }, - "type": { - "type": "string", - "minLength": 1, - "description": "Type of the scanned resource, for DAST, this must be 'url'.", - "examples": [ - "url" - ] - } - } - } - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability using GitLab Flavored Markdown", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "flags": { - "description": "Flags that can be attached to vulnerabilities.", - "type": "array", - "items": { - "type": "object", - "description": "Informational flags identified and assigned to a vulnerability.", - "required": [ - "type", - "origin", - "description" - ], - "properties": { - "type": { - "type": "string", - "minLength": 1, - "description": "Result of the scan.", - "enum": [ - "flagged-as-likely-false-positive" - ] - }, - "origin": { - "minLength": 1, - "description": "Tool that issued the flag.", - "type": "string" - }, - "description": { - "minLength": 1, - "description": "What the flag is about.", - "type": "string" - } - } - } - }, - "evidence": { - "type": "object", - "properties": { - "source": { - "type": "object", - "description": "Source of evidence", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "Unique source identifier", - "examples": [ - "assert:LogAnalysis", - "assert:StatusCode" - ] - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Source display name", - "examples": [ - "Log Analysis", - "Status Code" - ] - }, - "url": { - "type": "string", - "description": "Link to additional information", - "examples": [ - "https://docs.gitlab.com/ee/development/integrations/secure.html" - ] - } - } - }, - "summary": { - "type": "string", - "description": "Human readable string containing evidence of the vulnerability.", - "examples": [ - "Credit card 4111111111111111 found", - "Server leaked information nginx/1.17.6" - ] - }, - "request": { - "type": "object", - "description": "An HTTP request.", - "required": [ - "headers", - "method", - "url" - ], - "properties": { - "headers": { - "type": "array", - "description": "HTTP headers present on the request.", - "items": { - "type": "object", - "required": [ - "name", - "value" - ], - "properties": { - "name": { - "type": "string", - "minLength": 1, - "description": "Name of the HTTP header.", - "examples": [ - "Accept", - "Content-Length", - "Content-Type" - ] - }, - "value": { - "type": "string", - "minLength": 1, - "description": "Value of the HTTP header.", - "examples": [ - "*/*", - "560", - "application/json; charset=utf-8" - ] - } - } - } - }, - "method": { - "type": "string", - "minLength": 1, - "description": "HTTP method used in the request.", - "examples": [ - "GET", - "POST" - ] - }, - "url": { - "type": "string", - "minLength": 1, - "description": "URL of the request.", - "examples": [ - "http://my.site.com/vulnerable-endpoint?show-credit-card" - ] - }, - "body": { - "type": "string", - "description": "Body of the request for display purposes. Body must be suitable for display (not binary), and truncated to a reasonable size.", - "examples": [ - "user=jsmith&first=%27&last=smith" - ] - } - } - }, - "response": { - "type": "object", - "description": "An HTTP response.", - "required": [ - "headers", - "reason_phrase", - "status_code" - ], - "properties": { - "headers": { - "type": "array", - "description": "HTTP headers present on the request.", - "items": { - "type": "object", - "required": [ - "name", - "value" - ], - "properties": { - "name": { - "type": "string", - "minLength": 1, - "description": "Name of the HTTP header.", - "examples": [ - "Accept", - "Content-Length", - "Content-Type" - ] - }, - "value": { - "type": "string", - "minLength": 1, - "description": "Value of the HTTP header.", - "examples": [ - "*/*", - "560", - "application/json; charset=utf-8" - ] - } - } - } - }, - "reason_phrase": { - "type": "string", - "description": "HTTP reason phrase of the response.", - "examples": [ - "OK", - "Internal Server Error" - ] - }, - "status_code": { - "type": "integer", - "description": "HTTP status code of the response.", - "examples": [ - 200, - 500 - ] - }, - "body": { - "type": "string", - "description": "Body of the response for display purposes. Body must be suitable for display (not binary), and truncated to a reasonable size.", - "examples": [ - "{\"user_id\": 2}" - ] - } - } - }, - "supporting_messages": { - "type": "array", - "description": "Array of supporting http messages.", - "items": { - "type": "object", - "description": "A supporting http message.", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "minLength": 1, - "description": "Message display name.", - "examples": [ - "Unmodified", - "Recorded" - ] - }, - "request": { - "type": "object", - "description": "An HTTP request.", - "required": [ - "headers", - "method", - "url" - ], - "properties": { - "headers": { - "type": "array", - "description": "HTTP headers present on the request.", - "items": { - "type": "object", - "required": [ - "name", - "value" - ], - "properties": { - "name": { - "type": "string", - "minLength": 1, - "description": "Name of the HTTP header.", - "examples": [ - "Accept", - "Content-Length", - "Content-Type" - ] - }, - "value": { - "type": "string", - "minLength": 1, - "description": "Value of the HTTP header.", - "examples": [ - "*/*", - "560", - "application/json; charset=utf-8" - ] - } - } - } - }, - "method": { - "type": "string", - "minLength": 1, - "description": "HTTP method used in the request.", - "examples": [ - "GET", - "POST" - ] - }, - "url": { - "type": "string", - "minLength": 1, - "description": "URL of the request.", - "examples": [ - "http://my.site.com/vulnerable-endpoint?show-credit-card" - ] - }, - "body": { - "type": "string", - "description": "Body of the request for display purposes. Body must be suitable for display (not binary), and truncated to a reasonable size.", - "examples": [ - "user=jsmith&first=%27&last=smith" - ] - } - } - }, - "response": { - "type": "object", - "description": "An HTTP response.", - "required": [ - "headers", - "reason_phrase", - "status_code" - ], - "properties": { - "headers": { - "type": "array", - "description": "HTTP headers present on the request.", - "items": { - "type": "object", - "required": [ - "name", - "value" - ], - "properties": { - "name": { - "type": "string", - "minLength": 1, - "description": "Name of the HTTP header.", - "examples": [ - "Accept", - "Content-Length", - "Content-Type" - ] - }, - "value": { - "type": "string", - "minLength": 1, - "description": "Value of the HTTP header.", - "examples": [ - "*/*", - "560", - "application/json; charset=utf-8" - ] - } - } - } - }, - "reason_phrase": { - "type": "string", - "description": "HTTP reason phrase of the response.", - "examples": [ - "OK", - "Internal Server Error" - ] - }, - "status_code": { - "type": "integer", - "description": "HTTP status code of the response.", - "examples": [ - 200, - 500 - ] - }, - "body": { - "type": "string", - "description": "Body of the response for display purposes. Body must be suitable for display (not binary), and truncated to a reasonable size.", - "examples": [ - "{\"user_id\": 2}" - ] - } - } - } - } - } - } - } - }, - "location": { - "type": "object", - "description": "Identifies the vulnerability's location.", - "properties": { - "hostname": { - "type": "string", - "description": "The protocol, domain, and port of the application where the vulnerability was found." - }, - "method": { - "type": "string", - "description": "The HTTP method that was used to request the URL where the vulnerability was found." - }, - "param": { - "type": "string", - "description": "A value provided by a vulnerability rule related to the found vulnerability. Examples include a header value, or a parameter used in a HTTP POST." - }, - "path": { - "type": "string", - "description": "The path of the URL where the vulnerability was found. Typically, this would start with a forward slash." - } - } - }, - "assets": { - "type": "array", - "description": "Array of build assets associated with vulnerability.", - "items": { - "type": "object", - "description": "Describes an asset associated with vulnerability.", - "required": [ - "type", - "name", - "url" - ], - "properties": { - "type": { - "type": "string", - "description": "The type of asset", - "enum": [ - "http_session", - "postman" - ] - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Display name for asset", - "examples": [ - "HTTP Messages", - "Postman Collection" - ] - }, - "url": { - "type": "string", - "minLength": 1, - "description": "Link to asset in build artifacts", - "examples": [ - "https://gitlab.com/gitlab-org/security-products/dast/-/jobs/626397001/artifacts/file//output/zap_session.data" - ] - } - } - } - }, - "discovered_at": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss.sss, representing when the vulnerability was discovered", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}\\.\\d{3}$", - "examples": [ - "2020-01-28T03:26:02.956" - ] - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.1/container-scanning-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.1.1/container-scanning-report-format.json deleted file mode 100644 index a13e0418499..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.1/container-scanning-report-format.json +++ /dev/null @@ -1,911 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab Container Scanning", - "description": "This schema provides the the report format for Container Scanning (https://docs.gitlab.com/ee/user/application_security/container_scanning).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.1.1" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "container_scanning" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability using GitLab Flavored Markdown", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "flags": { - "description": "Flags that can be attached to vulnerabilities.", - "type": "array", - "items": { - "type": "object", - "description": "Informational flags identified and assigned to a vulnerability.", - "required": [ - "type", - "origin", - "description" - ], - "properties": { - "type": { - "type": "string", - "minLength": 1, - "description": "Result of the scan.", - "enum": [ - "flagged-as-likely-false-positive" - ] - }, - "origin": { - "minLength": 1, - "description": "Tool that issued the flag.", - "type": "string" - }, - "description": { - "minLength": 1, - "description": "What the flag is about.", - "type": "string" - } - } - } - }, - "location": { - "type": "object", - "description": "Identifies the vulnerability's location.", - "required": [ - "dependency", - "operating_system", - "image" - ], - "properties": { - "dependency": { - "type": "object", - "description": "Describes the dependency of a project where the vulnerability is located.", - "properties": { - "package": { - "type": "object", - "description": "Provides information on the package where the vulnerability is located.", - "properties": { - "name": { - "type": "string", - "description": "Name of the package where the vulnerability is located." - } - } - }, - "version": { - "type": "string", - "description": "Version of the vulnerable package." - }, - "iid": { - "description": "ID that identifies the dependency in the scope of a dependency file.", - "type": "number" - }, - "direct": { - "type": "boolean", - "description": "Tells whether this is a direct, top-level dependency of the scanned project." - }, - "dependency_path": { - "type": "array", - "description": "Ancestors of the dependency, starting from a direct project dependency, and ending with an immediate parent of the dependency. The dependency itself is excluded from the path. Direct dependencies have no path.", - "items": { - "type": "object", - "required": [ - "iid" - ], - "properties": { - "iid": { - "type": "number", - "description": "ID that is unique in the scope of a parent object, and specific to the resource type." - } - } - } - } - } - }, - "operating_system": { - "type": "string", - "minLength": 1, - "description": "The operating system that contains the vulnerable package." - }, - "image": { - "type": "string", - "minLength": 1, - "pattern": "^[^:]+(:\\d+[^:]*)?:[^:]+$", - "description": "The analyzed Docker image." - }, - "default_branch_image": { - "type": "string", - "maxLength": 255, - "pattern": "^[a-zA-Z0-9/_.-]+(:\\d+[a-zA-Z0-9/_.-]*)?:[a-zA-Z0-9_.-]+$", - "description": "The name of the image on the default branch." - } - } - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.1/coverage-fuzzing-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.1.1/coverage-fuzzing-report-format.json deleted file mode 100644 index 050c34669b3..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.1/coverage-fuzzing-report-format.json +++ /dev/null @@ -1,874 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab Fuzz Testing", - "description": "This schema provides the report format for Coverage Guided Fuzz Testing (https://docs.gitlab.com/ee/user/application_security/coverage_fuzzing).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.1.1" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "coverage_fuzzing" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability using GitLab Flavored Markdown", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "flags": { - "description": "Flags that can be attached to vulnerabilities.", - "type": "array", - "items": { - "type": "object", - "description": "Informational flags identified and assigned to a vulnerability.", - "required": [ - "type", - "origin", - "description" - ], - "properties": { - "type": { - "type": "string", - "minLength": 1, - "description": "Result of the scan.", - "enum": [ - "flagged-as-likely-false-positive" - ] - }, - "origin": { - "minLength": 1, - "description": "Tool that issued the flag.", - "type": "string" - }, - "description": { - "minLength": 1, - "description": "What the flag is about.", - "type": "string" - } - } - } - }, - "location": { - "description": "The location of the error", - "type": "object", - "properties": { - "crash_address": { - "type": "string", - "description": "The relative address in memory were the crash occurred.", - "examples": [ - "0xabababab" - ] - }, - "stacktrace_snippet": { - "type": "string", - "description": "The stack trace recorded during fuzzing resulting the crash.", - "examples": [ - "func_a+0xabcd\nfunc_b+0xabcc" - ] - }, - "crash_state": { - "type": "string", - "description": "Minimised and normalized crash stack-trace (called crash_state).", - "examples": [ - "func_a+0xa\nfunc_b+0xb\nfunc_c+0xc" - ] - }, - "crash_type": { - "type": "string", - "description": "Type of the crash.", - "examples": [ - "Heap-Buffer-overflow", - "Division-by-zero" - ] - } - } - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.1/dast-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.1.1/dast-report-format.json deleted file mode 100644 index 62ed293ad44..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.1/dast-report-format.json +++ /dev/null @@ -1,1291 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab DAST", - "description": "This schema provides the the report format for Dynamic Application Security Testing (https://docs.gitlab.com/ee/user/application_security/dast).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.1.1" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanned_resources", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "dast", - "api_fuzzing" - ] - }, - "scanned_resources": { - "type": "array", - "description": "The attack surface scanned by DAST.", - "items": { - "type": "object", - "required": [ - "method", - "url", - "type" - ], - "properties": { - "method": { - "type": "string", - "minLength": 1, - "description": "HTTP method of the scanned resource.", - "examples": [ - "GET", - "POST", - "HEAD" - ] - }, - "url": { - "type": "string", - "minLength": 1, - "description": "URL of the scanned resource.", - "examples": [ - "http://my.site.com/a-page" - ] - }, - "type": { - "type": "string", - "minLength": 1, - "description": "Type of the scanned resource, for DAST, this must be 'url'.", - "examples": [ - "url" - ] - } - } - } - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability using GitLab Flavored Markdown", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "flags": { - "description": "Flags that can be attached to vulnerabilities.", - "type": "array", - "items": { - "type": "object", - "description": "Informational flags identified and assigned to a vulnerability.", - "required": [ - "type", - "origin", - "description" - ], - "properties": { - "type": { - "type": "string", - "minLength": 1, - "description": "Result of the scan.", - "enum": [ - "flagged-as-likely-false-positive" - ] - }, - "origin": { - "minLength": 1, - "description": "Tool that issued the flag.", - "type": "string" - }, - "description": { - "minLength": 1, - "description": "What the flag is about.", - "type": "string" - } - } - } - }, - "evidence": { - "type": "object", - "properties": { - "source": { - "type": "object", - "description": "Source of evidence", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "Unique source identifier", - "examples": [ - "assert:LogAnalysis", - "assert:StatusCode" - ] - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Source display name", - "examples": [ - "Log Analysis", - "Status Code" - ] - }, - "url": { - "type": "string", - "description": "Link to additional information", - "examples": [ - "https://docs.gitlab.com/ee/development/integrations/secure.html" - ] - } - } - }, - "summary": { - "type": "string", - "description": "Human readable string containing evidence of the vulnerability.", - "examples": [ - "Credit card 4111111111111111 found", - "Server leaked information nginx/1.17.6" - ] - }, - "request": { - "type": "object", - "description": "An HTTP request.", - "required": [ - "headers", - "method", - "url" - ], - "properties": { - "headers": { - "type": "array", - "description": "HTTP headers present on the request.", - "items": { - "type": "object", - "required": [ - "name", - "value" - ], - "properties": { - "name": { - "type": "string", - "minLength": 1, - "description": "Name of the HTTP header.", - "examples": [ - "Accept", - "Content-Length", - "Content-Type" - ] - }, - "value": { - "type": "string", - "minLength": 1, - "description": "Value of the HTTP header.", - "examples": [ - "*/*", - "560", - "application/json; charset=utf-8" - ] - } - } - } - }, - "method": { - "type": "string", - "minLength": 1, - "description": "HTTP method used in the request.", - "examples": [ - "GET", - "POST" - ] - }, - "url": { - "type": "string", - "minLength": 1, - "description": "URL of the request.", - "examples": [ - "http://my.site.com/vulnerable-endpoint?show-credit-card" - ] - }, - "body": { - "type": "string", - "description": "Body of the request for display purposes. Body must be suitable for display (not binary), and truncated to a reasonable size.", - "examples": [ - "user=jsmith&first=%27&last=smith" - ] - } - } - }, - "response": { - "type": "object", - "description": "An HTTP response.", - "required": [ - "headers", - "reason_phrase", - "status_code" - ], - "properties": { - "headers": { - "type": "array", - "description": "HTTP headers present on the request.", - "items": { - "type": "object", - "required": [ - "name", - "value" - ], - "properties": { - "name": { - "type": "string", - "minLength": 1, - "description": "Name of the HTTP header.", - "examples": [ - "Accept", - "Content-Length", - "Content-Type" - ] - }, - "value": { - "type": "string", - "minLength": 1, - "description": "Value of the HTTP header.", - "examples": [ - "*/*", - "560", - "application/json; charset=utf-8" - ] - } - } - } - }, - "reason_phrase": { - "type": "string", - "description": "HTTP reason phrase of the response.", - "examples": [ - "OK", - "Internal Server Error" - ] - }, - "status_code": { - "type": "integer", - "description": "HTTP status code of the response.", - "examples": [ - 200, - 500 - ] - }, - "body": { - "type": "string", - "description": "Body of the response for display purposes. Body must be suitable for display (not binary), and truncated to a reasonable size.", - "examples": [ - "{\"user_id\": 2}" - ] - } - } - }, - "supporting_messages": { - "type": "array", - "description": "Array of supporting http messages.", - "items": { - "type": "object", - "description": "A supporting http message.", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "minLength": 1, - "description": "Message display name.", - "examples": [ - "Unmodified", - "Recorded" - ] - }, - "request": { - "type": "object", - "description": "An HTTP request.", - "required": [ - "headers", - "method", - "url" - ], - "properties": { - "headers": { - "type": "array", - "description": "HTTP headers present on the request.", - "items": { - "type": "object", - "required": [ - "name", - "value" - ], - "properties": { - "name": { - "type": "string", - "minLength": 1, - "description": "Name of the HTTP header.", - "examples": [ - "Accept", - "Content-Length", - "Content-Type" - ] - }, - "value": { - "type": "string", - "minLength": 1, - "description": "Value of the HTTP header.", - "examples": [ - "*/*", - "560", - "application/json; charset=utf-8" - ] - } - } - } - }, - "method": { - "type": "string", - "minLength": 1, - "description": "HTTP method used in the request.", - "examples": [ - "GET", - "POST" - ] - }, - "url": { - "type": "string", - "minLength": 1, - "description": "URL of the request.", - "examples": [ - "http://my.site.com/vulnerable-endpoint?show-credit-card" - ] - }, - "body": { - "type": "string", - "description": "Body of the request for display purposes. Body must be suitable for display (not binary), and truncated to a reasonable size.", - "examples": [ - "user=jsmith&first=%27&last=smith" - ] - } - } - }, - "response": { - "type": "object", - "description": "An HTTP response.", - "required": [ - "headers", - "reason_phrase", - "status_code" - ], - "properties": { - "headers": { - "type": "array", - "description": "HTTP headers present on the request.", - "items": { - "type": "object", - "required": [ - "name", - "value" - ], - "properties": { - "name": { - "type": "string", - "minLength": 1, - "description": "Name of the HTTP header.", - "examples": [ - "Accept", - "Content-Length", - "Content-Type" - ] - }, - "value": { - "type": "string", - "minLength": 1, - "description": "Value of the HTTP header.", - "examples": [ - "*/*", - "560", - "application/json; charset=utf-8" - ] - } - } - } - }, - "reason_phrase": { - "type": "string", - "description": "HTTP reason phrase of the response.", - "examples": [ - "OK", - "Internal Server Error" - ] - }, - "status_code": { - "type": "integer", - "description": "HTTP status code of the response.", - "examples": [ - 200, - 500 - ] - }, - "body": { - "type": "string", - "description": "Body of the response for display purposes. Body must be suitable for display (not binary), and truncated to a reasonable size.", - "examples": [ - "{\"user_id\": 2}" - ] - } - } - } - } - } - } - } - }, - "location": { - "type": "object", - "description": "Identifies the vulnerability's location.", - "properties": { - "hostname": { - "type": "string", - "description": "The protocol, domain, and port of the application where the vulnerability was found." - }, - "method": { - "type": "string", - "description": "The HTTP method that was used to request the URL where the vulnerability was found." - }, - "param": { - "type": "string", - "description": "A value provided by a vulnerability rule related to the found vulnerability. Examples include a header value, or a parameter used in a HTTP POST." - }, - "path": { - "type": "string", - "description": "The path of the URL where the vulnerability was found. Typically, this would start with a forward slash." - } - } - }, - "assets": { - "type": "array", - "description": "Array of build assets associated with vulnerability.", - "items": { - "type": "object", - "description": "Describes an asset associated with vulnerability.", - "required": [ - "type", - "name", - "url" - ], - "properties": { - "type": { - "type": "string", - "description": "The type of asset", - "enum": [ - "http_session", - "postman" - ] - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Display name for asset", - "examples": [ - "HTTP Messages", - "Postman Collection" - ] - }, - "url": { - "type": "string", - "minLength": 1, - "description": "Link to asset in build artifacts", - "examples": [ - "https://gitlab.com/gitlab-org/security-products/dast/-/jobs/626397001/artifacts/file//output/zap_session.data" - ] - } - } - } - }, - "discovered_at": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss.sss, representing when the vulnerability was discovered", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}\\.\\d{3}$", - "examples": [ - "2020-01-28T03:26:02.956" - ] - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.1/dependency-scanning-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.1.1/dependency-scanning-report-format.json deleted file mode 100644 index 1e3f4188845..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.1/dependency-scanning-report-format.json +++ /dev/null @@ -1,968 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab Dependency Scanning", - "description": "This schema provides the the report format for Dependency Scanning analyzers (https://docs.gitlab.com/ee/user/application_security/dependency_scanning).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.1.1" - }, - "required": [ - "dependency_files", - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "dependency_scanning" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability using GitLab Flavored Markdown", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "flags": { - "description": "Flags that can be attached to vulnerabilities.", - "type": "array", - "items": { - "type": "object", - "description": "Informational flags identified and assigned to a vulnerability.", - "required": [ - "type", - "origin", - "description" - ], - "properties": { - "type": { - "type": "string", - "minLength": 1, - "description": "Result of the scan.", - "enum": [ - "flagged-as-likely-false-positive" - ] - }, - "origin": { - "minLength": 1, - "description": "Tool that issued the flag.", - "type": "string" - }, - "description": { - "minLength": 1, - "description": "What the flag is about.", - "type": "string" - } - } - } - }, - "location": { - "type": "object", - "description": "Identifies the vulnerability's location.", - "required": [ - "file", - "dependency" - ], - "properties": { - "file": { - "type": "string", - "minLength": 1, - "description": "Path to the manifest or lock file where the dependency is declared (such as yarn.lock)." - }, - "dependency": { - "type": "object", - "description": "Describes the dependency of a project where the vulnerability is located.", - "properties": { - "package": { - "type": "object", - "description": "Provides information on the package where the vulnerability is located.", - "properties": { - "name": { - "type": "string", - "description": "Name of the package where the vulnerability is located." - } - } - }, - "version": { - "type": "string", - "description": "Version of the vulnerable package." - }, - "iid": { - "description": "ID that identifies the dependency in the scope of a dependency file.", - "type": "number" - }, - "direct": { - "type": "boolean", - "description": "Tells whether this is a direct, top-level dependency of the scanned project." - }, - "dependency_path": { - "type": "array", - "description": "Ancestors of the dependency, starting from a direct project dependency, and ending with an immediate parent of the dependency. The dependency itself is excluded from the path. Direct dependencies have no path.", - "items": { - "type": "object", - "required": [ - "iid" - ], - "properties": { - "iid": { - "type": "number", - "description": "ID that is unique in the scope of a parent object, and specific to the resource type." - } - } - } - } - } - } - } - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - }, - "dependency_files": { - "type": "array", - "description": "List of dependency files identified in the project.", - "items": { - "type": "object", - "required": [ - "path", - "package_manager", - "dependencies" - ], - "properties": { - "path": { - "type": "string", - "minLength": 1 - }, - "package_manager": { - "type": "string", - "minLength": 1 - }, - "dependencies": { - "type": "array", - "items": { - "type": "object", - "description": "Describes the dependency of a project where the vulnerability is located.", - "properties": { - "package": { - "type": "object", - "description": "Provides information on the package where the vulnerability is located.", - "properties": { - "name": { - "type": "string", - "description": "Name of the package where the vulnerability is located." - } - } - }, - "version": { - "type": "string", - "description": "Version of the vulnerable package." - }, - "iid": { - "description": "ID that identifies the dependency in the scope of a dependency file.", - "type": "number" - }, - "direct": { - "type": "boolean", - "description": "Tells whether this is a direct, top-level dependency of the scanned project." - }, - "dependency_path": { - "type": "array", - "description": "Ancestors of the dependency, starting from a direct project dependency, and ending with an immediate parent of the dependency. The dependency itself is excluded from the path. Direct dependencies have no path.", - "items": { - "type": "object", - "required": [ - "iid" - ], - "properties": { - "iid": { - "type": "number", - "description": "ID that is unique in the scope of a parent object, and specific to the resource type." - } - } - } - } - } - } - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.1/sast-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.1.1/sast-report-format.json deleted file mode 100644 index 4c57d20dbaa..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.1/sast-report-format.json +++ /dev/null @@ -1,869 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab SAST", - "description": "This schema provides the report format for Static Application Security Testing analyzers (https://docs.gitlab.com/ee/user/application_security/sast).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.1.1" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "sast" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability using GitLab Flavored Markdown", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "flags": { - "description": "Flags that can be attached to vulnerabilities.", - "type": "array", - "items": { - "type": "object", - "description": "Informational flags identified and assigned to a vulnerability.", - "required": [ - "type", - "origin", - "description" - ], - "properties": { - "type": { - "type": "string", - "minLength": 1, - "description": "Result of the scan.", - "enum": [ - "flagged-as-likely-false-positive" - ] - }, - "origin": { - "minLength": 1, - "description": "Tool that issued the flag.", - "type": "string" - }, - "description": { - "minLength": 1, - "description": "What the flag is about.", - "type": "string" - } - } - } - }, - "location": { - "type": "object", - "description": "Identifies the vulnerability's location.", - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the code affected by the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the code affected by the vulnerability." - }, - "class": { - "type": "string", - "description": "Provides the name of the class where the vulnerability is located." - }, - "method": { - "type": "string", - "description": "Provides the name of the method where the vulnerability is located." - } - } - }, - "raw_source_code_extract": { - "type": "string", - "description": "Provides an unsanitized excerpt of the affected source code." - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.1/secret-detection-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.1.1/secret-detection-report-format.json deleted file mode 100644 index b1337954e97..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.1/secret-detection-report-format.json +++ /dev/null @@ -1,892 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab Secret Detection", - "description": "This schema provides the the report format for the Secret Detection analyzer (https://docs.gitlab.com/ee/user/application_security/secret_detection)", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.1.1" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "secret_detection" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability using GitLab Flavored Markdown", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "flags": { - "description": "Flags that can be attached to vulnerabilities.", - "type": "array", - "items": { - "type": "object", - "description": "Informational flags identified and assigned to a vulnerability.", - "required": [ - "type", - "origin", - "description" - ], - "properties": { - "type": { - "type": "string", - "minLength": 1, - "description": "Result of the scan.", - "enum": [ - "flagged-as-likely-false-positive" - ] - }, - "origin": { - "minLength": 1, - "description": "Tool that issued the flag.", - "type": "string" - }, - "description": { - "minLength": 1, - "description": "What the flag is about.", - "type": "string" - } - } - } - }, - "location": { - "required": [ - "commit" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located" - }, - "commit": { - "type": "object", - "description": "Represents the commit in which the vulnerability was detected", - "required": [ - "sha" - ], - "properties": { - "author": { - "type": "string" - }, - "date": { - "type": "string" - }, - "message": { - "type": "string" - }, - "sha": { - "type": "string", - "minLength": 1 - } - } - }, - "start_line": { - "type": "number", - "description": "The first line of the code affected by the vulnerability" - }, - "end_line": { - "type": "number", - "description": "The last line of the code affected by the vulnerability" - }, - "class": { - "type": "string", - "description": "Provides the name of the class where the vulnerability is located" - }, - "method": { - "type": "string", - "description": "Provides the name of the method where the vulnerability is located" - } - } - }, - "raw_source_code_extract": { - "type": "string", - "description": "Provides an unsanitized excerpt of the affected source code." - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.2/cluster-image-scanning-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.1.2/cluster-image-scanning-report-format.json deleted file mode 100644 index 31840a7e914..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.2/cluster-image-scanning-report-format.json +++ /dev/null @@ -1,977 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab Cluster Image Scanning", - "description": "This schema provides the the report format for Cluster Image Scanning (https://docs.gitlab.com/ee/user/application_security/cluster_image_scanning/).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.1.2" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "cluster_image_scanning" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability using GitLab Flavored Markdown", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "flags": { - "description": "Flags that can be attached to vulnerabilities.", - "type": "array", - "items": { - "type": "object", - "description": "Informational flags identified and assigned to a vulnerability.", - "required": [ - "type", - "origin", - "description" - ], - "properties": { - "type": { - "type": "string", - "minLength": 1, - "description": "Result of the scan.", - "enum": [ - "flagged-as-likely-false-positive" - ] - }, - "origin": { - "minLength": 1, - "description": "Tool that issued the flag.", - "type": "string" - }, - "description": { - "minLength": 1, - "description": "What the flag is about.", - "type": "string" - } - } - } - }, - "location": { - "type": "object", - "description": "Identifies the vulnerability's location.", - "required": [ - "dependency", - "image", - "kubernetes_resource" - ], - "properties": { - "dependency": { - "type": "object", - "description": "Describes the dependency of a project where the vulnerability is located.", - "properties": { - "package": { - "type": "object", - "description": "Provides information on the package where the vulnerability is located.", - "properties": { - "name": { - "type": "string", - "description": "Name of the package where the vulnerability is located." - } - } - }, - "version": { - "type": "string", - "description": "Version of the vulnerable package." - }, - "iid": { - "description": "ID that identifies the dependency in the scope of a dependency file.", - "type": "number" - }, - "direct": { - "type": "boolean", - "description": "Tells whether this is a direct, top-level dependency of the scanned project." - }, - "dependency_path": { - "type": "array", - "description": "Ancestors of the dependency, starting from a direct project dependency, and ending with an immediate parent of the dependency. The dependency itself is excluded from the path. Direct dependencies have no path.", - "items": { - "type": "object", - "required": [ - "iid" - ], - "properties": { - "iid": { - "type": "number", - "description": "ID that is unique in the scope of a parent object, and specific to the resource type." - } - } - } - } - } - }, - "operating_system": { - "type": "string", - "minLength": 1, - "maxLength": 255, - "description": "The operating system that contains the vulnerable package." - }, - "image": { - "type": "string", - "minLength": 1, - "description": "The analyzed Docker image.", - "examples": [ - "index.docker.io/library/nginx:1.21" - ] - }, - "kubernetes_resource": { - "type": "object", - "description": "The specific Kubernetes resource that was scanned.", - "required": [ - "namespace", - "kind", - "name", - "container_name" - ], - "properties": { - "namespace": { - "type": "string", - "minLength": 1, - "maxLength": 255, - "description": "The Kubernetes namespace the resource that had its image scanned.", - "examples": [ - "default", - "staging", - "production" - ] - }, - "kind": { - "type": "string", - "minLength": 1, - "maxLength": 255, - "description": "The Kubernetes kind the resource that had its image scanned.", - "examples": [ - "Deployment", - "DaemonSet" - ] - }, - "name": { - "type": "string", - "minLength": 1, - "maxLength": 255, - "description": "The name of the resource that had its image scanned.", - "examples": [ - "nginx-ingress" - ] - }, - "container_name": { - "type": "string", - "minLength": 1, - "maxLength": 255, - "description": "The name of the container that had its image scanned.", - "examples": [ - "nginx" - ] - }, - "agent_id": { - "type": "string", - "minLength": 1, - "maxLength": 255, - "description": "The GitLab ID of the Kubernetes Agent which performed the scan.", - "examples": [ - "1234" - ] - }, - "cluster_id": { - "type": "string", - "minLength": 1, - "maxLength": 255, - "description": "The GitLab ID of the Kubernetes cluster when using cluster integration.", - "examples": [ - "1234" - ] - } - } - } - } - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.2/container-scanning-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.1.2/container-scanning-report-format.json deleted file mode 100644 index c70628a0949..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.2/container-scanning-report-format.json +++ /dev/null @@ -1,911 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab Container Scanning", - "description": "This schema provides the the report format for Container Scanning (https://docs.gitlab.com/ee/user/application_security/container_scanning).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.1.2" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "container_scanning" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability using GitLab Flavored Markdown", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "flags": { - "description": "Flags that can be attached to vulnerabilities.", - "type": "array", - "items": { - "type": "object", - "description": "Informational flags identified and assigned to a vulnerability.", - "required": [ - "type", - "origin", - "description" - ], - "properties": { - "type": { - "type": "string", - "minLength": 1, - "description": "Result of the scan.", - "enum": [ - "flagged-as-likely-false-positive" - ] - }, - "origin": { - "minLength": 1, - "description": "Tool that issued the flag.", - "type": "string" - }, - "description": { - "minLength": 1, - "description": "What the flag is about.", - "type": "string" - } - } - } - }, - "location": { - "type": "object", - "description": "Identifies the vulnerability's location.", - "required": [ - "dependency", - "operating_system", - "image" - ], - "properties": { - "dependency": { - "type": "object", - "description": "Describes the dependency of a project where the vulnerability is located.", - "properties": { - "package": { - "type": "object", - "description": "Provides information on the package where the vulnerability is located.", - "properties": { - "name": { - "type": "string", - "description": "Name of the package where the vulnerability is located." - } - } - }, - "version": { - "type": "string", - "description": "Version of the vulnerable package." - }, - "iid": { - "description": "ID that identifies the dependency in the scope of a dependency file.", - "type": "number" - }, - "direct": { - "type": "boolean", - "description": "Tells whether this is a direct, top-level dependency of the scanned project." - }, - "dependency_path": { - "type": "array", - "description": "Ancestors of the dependency, starting from a direct project dependency, and ending with an immediate parent of the dependency. The dependency itself is excluded from the path. Direct dependencies have no path.", - "items": { - "type": "object", - "required": [ - "iid" - ], - "properties": { - "iid": { - "type": "number", - "description": "ID that is unique in the scope of a parent object, and specific to the resource type." - } - } - } - } - } - }, - "operating_system": { - "type": "string", - "minLength": 1, - "description": "The operating system that contains the vulnerable package." - }, - "image": { - "type": "string", - "minLength": 1, - "pattern": "^[^:]+(:\\d+[^:]*)?:[^:]+$", - "description": "The analyzed Docker image." - }, - "default_branch_image": { - "type": "string", - "maxLength": 255, - "pattern": "^[a-zA-Z0-9/_.-]+(:\\d+[a-zA-Z0-9/_.-]*)?:[a-zA-Z0-9_.-]+$", - "description": "The name of the image on the default branch." - } - } - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.2/coverage-fuzzing-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.1.2/coverage-fuzzing-report-format.json deleted file mode 100644 index fbc7b4ea733..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.2/coverage-fuzzing-report-format.json +++ /dev/null @@ -1,874 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab Fuzz Testing", - "description": "This schema provides the report format for Coverage Guided Fuzz Testing (https://docs.gitlab.com/ee/user/application_security/coverage_fuzzing).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.1.2" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "coverage_fuzzing" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability using GitLab Flavored Markdown", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "flags": { - "description": "Flags that can be attached to vulnerabilities.", - "type": "array", - "items": { - "type": "object", - "description": "Informational flags identified and assigned to a vulnerability.", - "required": [ - "type", - "origin", - "description" - ], - "properties": { - "type": { - "type": "string", - "minLength": 1, - "description": "Result of the scan.", - "enum": [ - "flagged-as-likely-false-positive" - ] - }, - "origin": { - "minLength": 1, - "description": "Tool that issued the flag.", - "type": "string" - }, - "description": { - "minLength": 1, - "description": "What the flag is about.", - "type": "string" - } - } - } - }, - "location": { - "description": "The location of the error", - "type": "object", - "properties": { - "crash_address": { - "type": "string", - "description": "The relative address in memory were the crash occurred.", - "examples": [ - "0xabababab" - ] - }, - "stacktrace_snippet": { - "type": "string", - "description": "The stack trace recorded during fuzzing resulting the crash.", - "examples": [ - "func_a+0xabcd\nfunc_b+0xabcc" - ] - }, - "crash_state": { - "type": "string", - "description": "Minimised and normalized crash stack-trace (called crash_state).", - "examples": [ - "func_a+0xa\nfunc_b+0xb\nfunc_c+0xc" - ] - }, - "crash_type": { - "type": "string", - "description": "Type of the crash.", - "examples": [ - "Heap-Buffer-overflow", - "Division-by-zero" - ] - } - } - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.2/dast-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.1.2/dast-report-format.json deleted file mode 100644 index 3c9db0546b1..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.2/dast-report-format.json +++ /dev/null @@ -1,1287 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab DAST", - "description": "This schema provides the the report format for Dynamic Application Security Testing (https://docs.gitlab.com/ee/user/application_security/dast).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.1.2" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanned_resources", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "dast", - "api_fuzzing" - ] - }, - "scanned_resources": { - "type": "array", - "description": "The attack surface scanned by DAST.", - "items": { - "type": "object", - "required": [ - "method", - "url", - "type" - ], - "properties": { - "method": { - "type": "string", - "minLength": 1, - "description": "HTTP method of the scanned resource.", - "examples": [ - "GET", - "POST", - "HEAD" - ] - }, - "url": { - "type": "string", - "minLength": 1, - "description": "URL of the scanned resource.", - "examples": [ - "http://my.site.com/a-page" - ] - }, - "type": { - "type": "string", - "minLength": 1, - "description": "Type of the scanned resource, for DAST, this must be 'url'.", - "examples": [ - "url" - ] - } - } - } - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability using GitLab Flavored Markdown", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "flags": { - "description": "Flags that can be attached to vulnerabilities.", - "type": "array", - "items": { - "type": "object", - "description": "Informational flags identified and assigned to a vulnerability.", - "required": [ - "type", - "origin", - "description" - ], - "properties": { - "type": { - "type": "string", - "minLength": 1, - "description": "Result of the scan.", - "enum": [ - "flagged-as-likely-false-positive" - ] - }, - "origin": { - "minLength": 1, - "description": "Tool that issued the flag.", - "type": "string" - }, - "description": { - "minLength": 1, - "description": "What the flag is about.", - "type": "string" - } - } - } - }, - "evidence": { - "type": "object", - "properties": { - "source": { - "type": "object", - "description": "Source of evidence", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "Unique source identifier", - "examples": [ - "assert:LogAnalysis", - "assert:StatusCode" - ] - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Source display name", - "examples": [ - "Log Analysis", - "Status Code" - ] - }, - "url": { - "type": "string", - "description": "Link to additional information", - "examples": [ - "https://docs.gitlab.com/ee/development/integrations/secure.html" - ] - } - } - }, - "summary": { - "type": "string", - "description": "Human readable string containing evidence of the vulnerability.", - "examples": [ - "Credit card 4111111111111111 found", - "Server leaked information nginx/1.17.6" - ] - }, - "request": { - "type": "object", - "description": "An HTTP request.", - "required": [ - "headers", - "method", - "url" - ], - "properties": { - "headers": { - "type": "array", - "description": "HTTP headers present on the request.", - "items": { - "type": "object", - "required": [ - "name", - "value" - ], - "properties": { - "name": { - "type": "string", - "minLength": 1, - "description": "Name of the HTTP header.", - "examples": [ - "Accept", - "Content-Length", - "Content-Type" - ] - }, - "value": { - "type": "string", - "description": "Value of the HTTP header.", - "examples": [ - "*/*", - "560", - "application/json; charset=utf-8" - ] - } - } - } - }, - "method": { - "type": "string", - "minLength": 1, - "description": "HTTP method used in the request.", - "examples": [ - "GET", - "POST" - ] - }, - "url": { - "type": "string", - "minLength": 1, - "description": "URL of the request.", - "examples": [ - "http://my.site.com/vulnerable-endpoint?show-credit-card" - ] - }, - "body": { - "type": "string", - "description": "Body of the request for display purposes. Body must be suitable for display (not binary), and truncated to a reasonable size.", - "examples": [ - "user=jsmith&first=%27&last=smith" - ] - } - } - }, - "response": { - "type": "object", - "description": "An HTTP response.", - "required": [ - "headers", - "reason_phrase", - "status_code" - ], - "properties": { - "headers": { - "type": "array", - "description": "HTTP headers present on the request.", - "items": { - "type": "object", - "required": [ - "name", - "value" - ], - "properties": { - "name": { - "type": "string", - "minLength": 1, - "description": "Name of the HTTP header.", - "examples": [ - "Accept", - "Content-Length", - "Content-Type" - ] - }, - "value": { - "type": "string", - "description": "Value of the HTTP header.", - "examples": [ - "*/*", - "560", - "application/json; charset=utf-8" - ] - } - } - } - }, - "reason_phrase": { - "type": "string", - "description": "HTTP reason phrase of the response.", - "examples": [ - "OK", - "Internal Server Error" - ] - }, - "status_code": { - "type": "integer", - "description": "HTTP status code of the response.", - "examples": [ - 200, - 500 - ] - }, - "body": { - "type": "string", - "description": "Body of the response for display purposes. Body must be suitable for display (not binary), and truncated to a reasonable size.", - "examples": [ - "{\"user_id\": 2}" - ] - } - } - }, - "supporting_messages": { - "type": "array", - "description": "Array of supporting http messages.", - "items": { - "type": "object", - "description": "A supporting http message.", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "minLength": 1, - "description": "Message display name.", - "examples": [ - "Unmodified", - "Recorded" - ] - }, - "request": { - "type": "object", - "description": "An HTTP request.", - "required": [ - "headers", - "method", - "url" - ], - "properties": { - "headers": { - "type": "array", - "description": "HTTP headers present on the request.", - "items": { - "type": "object", - "required": [ - "name", - "value" - ], - "properties": { - "name": { - "type": "string", - "minLength": 1, - "description": "Name of the HTTP header.", - "examples": [ - "Accept", - "Content-Length", - "Content-Type" - ] - }, - "value": { - "type": "string", - "description": "Value of the HTTP header.", - "examples": [ - "*/*", - "560", - "application/json; charset=utf-8" - ] - } - } - } - }, - "method": { - "type": "string", - "minLength": 1, - "description": "HTTP method used in the request.", - "examples": [ - "GET", - "POST" - ] - }, - "url": { - "type": "string", - "minLength": 1, - "description": "URL of the request.", - "examples": [ - "http://my.site.com/vulnerable-endpoint?show-credit-card" - ] - }, - "body": { - "type": "string", - "description": "Body of the request for display purposes. Body must be suitable for display (not binary), and truncated to a reasonable size.", - "examples": [ - "user=jsmith&first=%27&last=smith" - ] - } - } - }, - "response": { - "type": "object", - "description": "An HTTP response.", - "required": [ - "headers", - "reason_phrase", - "status_code" - ], - "properties": { - "headers": { - "type": "array", - "description": "HTTP headers present on the request.", - "items": { - "type": "object", - "required": [ - "name", - "value" - ], - "properties": { - "name": { - "type": "string", - "minLength": 1, - "description": "Name of the HTTP header.", - "examples": [ - "Accept", - "Content-Length", - "Content-Type" - ] - }, - "value": { - "type": "string", - "description": "Value of the HTTP header.", - "examples": [ - "*/*", - "560", - "application/json; charset=utf-8" - ] - } - } - } - }, - "reason_phrase": { - "type": "string", - "description": "HTTP reason phrase of the response.", - "examples": [ - "OK", - "Internal Server Error" - ] - }, - "status_code": { - "type": "integer", - "description": "HTTP status code of the response.", - "examples": [ - 200, - 500 - ] - }, - "body": { - "type": "string", - "description": "Body of the response for display purposes. Body must be suitable for display (not binary), and truncated to a reasonable size.", - "examples": [ - "{\"user_id\": 2}" - ] - } - } - } - } - } - } - } - }, - "location": { - "type": "object", - "description": "Identifies the vulnerability's location.", - "properties": { - "hostname": { - "type": "string", - "description": "The protocol, domain, and port of the application where the vulnerability was found." - }, - "method": { - "type": "string", - "description": "The HTTP method that was used to request the URL where the vulnerability was found." - }, - "param": { - "type": "string", - "description": "A value provided by a vulnerability rule related to the found vulnerability. Examples include a header value, or a parameter used in a HTTP POST." - }, - "path": { - "type": "string", - "description": "The path of the URL where the vulnerability was found. Typically, this would start with a forward slash." - } - } - }, - "assets": { - "type": "array", - "description": "Array of build assets associated with vulnerability.", - "items": { - "type": "object", - "description": "Describes an asset associated with vulnerability.", - "required": [ - "type", - "name", - "url" - ], - "properties": { - "type": { - "type": "string", - "description": "The type of asset", - "enum": [ - "http_session", - "postman" - ] - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Display name for asset", - "examples": [ - "HTTP Messages", - "Postman Collection" - ] - }, - "url": { - "type": "string", - "minLength": 1, - "description": "Link to asset in build artifacts", - "examples": [ - "https://gitlab.com/gitlab-org/security-products/dast/-/jobs/626397001/artifacts/file//output/zap_session.data" - ] - } - } - } - }, - "discovered_at": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss.sss, representing when the vulnerability was discovered", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}\\.\\d{3}$", - "examples": [ - "2020-01-28T03:26:02.956" - ] - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.2/dependency-scanning-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.1.2/dependency-scanning-report-format.json deleted file mode 100644 index c7459216faf..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.2/dependency-scanning-report-format.json +++ /dev/null @@ -1,968 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab Dependency Scanning", - "description": "This schema provides the the report format for Dependency Scanning analyzers (https://docs.gitlab.com/ee/user/application_security/dependency_scanning).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.1.2" - }, - "required": [ - "dependency_files", - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "dependency_scanning" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability using GitLab Flavored Markdown", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "flags": { - "description": "Flags that can be attached to vulnerabilities.", - "type": "array", - "items": { - "type": "object", - "description": "Informational flags identified and assigned to a vulnerability.", - "required": [ - "type", - "origin", - "description" - ], - "properties": { - "type": { - "type": "string", - "minLength": 1, - "description": "Result of the scan.", - "enum": [ - "flagged-as-likely-false-positive" - ] - }, - "origin": { - "minLength": 1, - "description": "Tool that issued the flag.", - "type": "string" - }, - "description": { - "minLength": 1, - "description": "What the flag is about.", - "type": "string" - } - } - } - }, - "location": { - "type": "object", - "description": "Identifies the vulnerability's location.", - "required": [ - "file", - "dependency" - ], - "properties": { - "file": { - "type": "string", - "minLength": 1, - "description": "Path to the manifest or lock file where the dependency is declared (such as yarn.lock)." - }, - "dependency": { - "type": "object", - "description": "Describes the dependency of a project where the vulnerability is located.", - "properties": { - "package": { - "type": "object", - "description": "Provides information on the package where the vulnerability is located.", - "properties": { - "name": { - "type": "string", - "description": "Name of the package where the vulnerability is located." - } - } - }, - "version": { - "type": "string", - "description": "Version of the vulnerable package." - }, - "iid": { - "description": "ID that identifies the dependency in the scope of a dependency file.", - "type": "number" - }, - "direct": { - "type": "boolean", - "description": "Tells whether this is a direct, top-level dependency of the scanned project." - }, - "dependency_path": { - "type": "array", - "description": "Ancestors of the dependency, starting from a direct project dependency, and ending with an immediate parent of the dependency. The dependency itself is excluded from the path. Direct dependencies have no path.", - "items": { - "type": "object", - "required": [ - "iid" - ], - "properties": { - "iid": { - "type": "number", - "description": "ID that is unique in the scope of a parent object, and specific to the resource type." - } - } - } - } - } - } - } - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - }, - "dependency_files": { - "type": "array", - "description": "List of dependency files identified in the project.", - "items": { - "type": "object", - "required": [ - "path", - "package_manager", - "dependencies" - ], - "properties": { - "path": { - "type": "string", - "minLength": 1 - }, - "package_manager": { - "type": "string", - "minLength": 1 - }, - "dependencies": { - "type": "array", - "items": { - "type": "object", - "description": "Describes the dependency of a project where the vulnerability is located.", - "properties": { - "package": { - "type": "object", - "description": "Provides information on the package where the vulnerability is located.", - "properties": { - "name": { - "type": "string", - "description": "Name of the package where the vulnerability is located." - } - } - }, - "version": { - "type": "string", - "description": "Version of the vulnerable package." - }, - "iid": { - "description": "ID that identifies the dependency in the scope of a dependency file.", - "type": "number" - }, - "direct": { - "type": "boolean", - "description": "Tells whether this is a direct, top-level dependency of the scanned project." - }, - "dependency_path": { - "type": "array", - "description": "Ancestors of the dependency, starting from a direct project dependency, and ending with an immediate parent of the dependency. The dependency itself is excluded from the path. Direct dependencies have no path.", - "items": { - "type": "object", - "required": [ - "iid" - ], - "properties": { - "iid": { - "type": "number", - "description": "ID that is unique in the scope of a parent object, and specific to the resource type." - } - } - } - } - } - } - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.2/sast-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.1.2/sast-report-format.json deleted file mode 100644 index 20818792652..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.2/sast-report-format.json +++ /dev/null @@ -1,869 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab SAST", - "description": "This schema provides the report format for Static Application Security Testing analyzers (https://docs.gitlab.com/ee/user/application_security/sast).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.1.2" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "sast" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability using GitLab Flavored Markdown", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "flags": { - "description": "Flags that can be attached to vulnerabilities.", - "type": "array", - "items": { - "type": "object", - "description": "Informational flags identified and assigned to a vulnerability.", - "required": [ - "type", - "origin", - "description" - ], - "properties": { - "type": { - "type": "string", - "minLength": 1, - "description": "Result of the scan.", - "enum": [ - "flagged-as-likely-false-positive" - ] - }, - "origin": { - "minLength": 1, - "description": "Tool that issued the flag.", - "type": "string" - }, - "description": { - "minLength": 1, - "description": "What the flag is about.", - "type": "string" - } - } - } - }, - "location": { - "type": "object", - "description": "Identifies the vulnerability's location.", - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the code affected by the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the code affected by the vulnerability." - }, - "class": { - "type": "string", - "description": "Provides the name of the class where the vulnerability is located." - }, - "method": { - "type": "string", - "description": "Provides the name of the method where the vulnerability is located." - } - } - }, - "raw_source_code_extract": { - "type": "string", - "description": "Provides an unsanitized excerpt of the affected source code." - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.2/secret-detection-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.1.2/secret-detection-report-format.json deleted file mode 100644 index 12386d2c1d4..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.2/secret-detection-report-format.json +++ /dev/null @@ -1,892 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab Secret Detection", - "description": "This schema provides the the report format for the Secret Detection analyzer (https://docs.gitlab.com/ee/user/application_security/secret_detection)", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.1.2" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "secret_detection" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability using GitLab Flavored Markdown", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "flags": { - "description": "Flags that can be attached to vulnerabilities.", - "type": "array", - "items": { - "type": "object", - "description": "Informational flags identified and assigned to a vulnerability.", - "required": [ - "type", - "origin", - "description" - ], - "properties": { - "type": { - "type": "string", - "minLength": 1, - "description": "Result of the scan.", - "enum": [ - "flagged-as-likely-false-positive" - ] - }, - "origin": { - "minLength": 1, - "description": "Tool that issued the flag.", - "type": "string" - }, - "description": { - "minLength": 1, - "description": "What the flag is about.", - "type": "string" - } - } - } - }, - "location": { - "required": [ - "commit" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located" - }, - "commit": { - "type": "object", - "description": "Represents the commit in which the vulnerability was detected", - "required": [ - "sha" - ], - "properties": { - "author": { - "type": "string" - }, - "date": { - "type": "string" - }, - "message": { - "type": "string" - }, - "sha": { - "type": "string", - "minLength": 1 - } - } - }, - "start_line": { - "type": "number", - "description": "The first line of the code affected by the vulnerability" - }, - "end_line": { - "type": "number", - "description": "The last line of the code affected by the vulnerability" - }, - "class": { - "type": "string", - "description": "Provides the name of the class where the vulnerability is located" - }, - "method": { - "type": "string", - "description": "Provides the name of the method where the vulnerability is located" - } - } - }, - "raw_source_code_extract": { - "type": "string", - "description": "Provides an unsanitized excerpt of the affected source code." - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.3/cluster-image-scanning-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.1.3/cluster-image-scanning-report-format.json deleted file mode 100644 index db4c7ab1425..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.3/cluster-image-scanning-report-format.json +++ /dev/null @@ -1,977 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab Cluster Image Scanning", - "description": "This schema provides the the report format for Cluster Image Scanning (https://docs.gitlab.com/ee/user/application_security/cluster_image_scanning/).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.1.3" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "cluster_image_scanning" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability using GitLab Flavored Markdown", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "flags": { - "description": "Flags that can be attached to vulnerabilities.", - "type": "array", - "items": { - "type": "object", - "description": "Informational flags identified and assigned to a vulnerability.", - "required": [ - "type", - "origin", - "description" - ], - "properties": { - "type": { - "type": "string", - "minLength": 1, - "description": "Result of the scan.", - "enum": [ - "flagged-as-likely-false-positive" - ] - }, - "origin": { - "minLength": 1, - "description": "Tool that issued the flag.", - "type": "string" - }, - "description": { - "minLength": 1, - "description": "What the flag is about.", - "type": "string" - } - } - } - }, - "location": { - "type": "object", - "description": "Identifies the vulnerability's location.", - "required": [ - "dependency", - "image", - "kubernetes_resource" - ], - "properties": { - "dependency": { - "type": "object", - "description": "Describes the dependency of a project where the vulnerability is located.", - "properties": { - "package": { - "type": "object", - "description": "Provides information on the package where the vulnerability is located.", - "properties": { - "name": { - "type": "string", - "description": "Name of the package where the vulnerability is located." - } - } - }, - "version": { - "type": "string", - "description": "Version of the vulnerable package." - }, - "iid": { - "description": "ID that identifies the dependency in the scope of a dependency file.", - "type": "number" - }, - "direct": { - "type": "boolean", - "description": "Tells whether this is a direct, top-level dependency of the scanned project." - }, - "dependency_path": { - "type": "array", - "description": "Ancestors of the dependency, starting from a direct project dependency, and ending with an immediate parent of the dependency. The dependency itself is excluded from the path. Direct dependencies have no path.", - "items": { - "type": "object", - "required": [ - "iid" - ], - "properties": { - "iid": { - "type": "number", - "description": "ID that is unique in the scope of a parent object, and specific to the resource type." - } - } - } - } - } - }, - "operating_system": { - "type": "string", - "minLength": 1, - "maxLength": 255, - "description": "The operating system that contains the vulnerable package." - }, - "image": { - "type": "string", - "minLength": 1, - "description": "The analyzed Docker image.", - "examples": [ - "index.docker.io/library/nginx:1.21" - ] - }, - "kubernetes_resource": { - "type": "object", - "description": "The specific Kubernetes resource that was scanned.", - "required": [ - "namespace", - "kind", - "name", - "container_name" - ], - "properties": { - "namespace": { - "type": "string", - "minLength": 1, - "maxLength": 255, - "description": "The Kubernetes namespace the resource that had its image scanned.", - "examples": [ - "default", - "staging", - "production" - ] - }, - "kind": { - "type": "string", - "minLength": 1, - "maxLength": 255, - "description": "The Kubernetes kind the resource that had its image scanned.", - "examples": [ - "Deployment", - "DaemonSet" - ] - }, - "name": { - "type": "string", - "minLength": 1, - "maxLength": 255, - "description": "The name of the resource that had its image scanned.", - "examples": [ - "nginx-ingress" - ] - }, - "container_name": { - "type": "string", - "minLength": 1, - "maxLength": 255, - "description": "The name of the container that had its image scanned.", - "examples": [ - "nginx" - ] - }, - "agent_id": { - "type": "string", - "minLength": 1, - "maxLength": 255, - "description": "The GitLab ID of the Kubernetes Agent which performed the scan.", - "examples": [ - "1234" - ] - }, - "cluster_id": { - "type": "string", - "minLength": 1, - "maxLength": 255, - "description": "The GitLab ID of the Kubernetes cluster when using cluster integration.", - "examples": [ - "1234" - ] - } - } - } - } - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.3/container-scanning-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.1.3/container-scanning-report-format.json deleted file mode 100644 index 641cfc82e48..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.3/container-scanning-report-format.json +++ /dev/null @@ -1,911 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab Container Scanning", - "description": "This schema provides the the report format for Container Scanning (https://docs.gitlab.com/ee/user/application_security/container_scanning).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.1.3" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "container_scanning" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability using GitLab Flavored Markdown", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "flags": { - "description": "Flags that can be attached to vulnerabilities.", - "type": "array", - "items": { - "type": "object", - "description": "Informational flags identified and assigned to a vulnerability.", - "required": [ - "type", - "origin", - "description" - ], - "properties": { - "type": { - "type": "string", - "minLength": 1, - "description": "Result of the scan.", - "enum": [ - "flagged-as-likely-false-positive" - ] - }, - "origin": { - "minLength": 1, - "description": "Tool that issued the flag.", - "type": "string" - }, - "description": { - "minLength": 1, - "description": "What the flag is about.", - "type": "string" - } - } - } - }, - "location": { - "type": "object", - "description": "Identifies the vulnerability's location.", - "required": [ - "dependency", - "operating_system", - "image" - ], - "properties": { - "dependency": { - "type": "object", - "description": "Describes the dependency of a project where the vulnerability is located.", - "properties": { - "package": { - "type": "object", - "description": "Provides information on the package where the vulnerability is located.", - "properties": { - "name": { - "type": "string", - "description": "Name of the package where the vulnerability is located." - } - } - }, - "version": { - "type": "string", - "description": "Version of the vulnerable package." - }, - "iid": { - "description": "ID that identifies the dependency in the scope of a dependency file.", - "type": "number" - }, - "direct": { - "type": "boolean", - "description": "Tells whether this is a direct, top-level dependency of the scanned project." - }, - "dependency_path": { - "type": "array", - "description": "Ancestors of the dependency, starting from a direct project dependency, and ending with an immediate parent of the dependency. The dependency itself is excluded from the path. Direct dependencies have no path.", - "items": { - "type": "object", - "required": [ - "iid" - ], - "properties": { - "iid": { - "type": "number", - "description": "ID that is unique in the scope of a parent object, and specific to the resource type." - } - } - } - } - } - }, - "operating_system": { - "type": "string", - "minLength": 1, - "description": "The operating system that contains the vulnerable package." - }, - "image": { - "type": "string", - "minLength": 1, - "pattern": "^[^:]+(:\\d+[^:]*)?:[^:]+(:[^:]+)?$", - "description": "The analyzed Docker image." - }, - "default_branch_image": { - "type": "string", - "maxLength": 255, - "pattern": "^[a-zA-Z0-9/_.-]+(:\\d+[a-zA-Z0-9/_.-]*)?:[a-zA-Z0-9_.-]+$", - "description": "The name of the image on the default branch." - } - } - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.3/coverage-fuzzing-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.1.3/coverage-fuzzing-report-format.json deleted file mode 100644 index 59aa172444d..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.3/coverage-fuzzing-report-format.json +++ /dev/null @@ -1,874 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab Fuzz Testing", - "description": "This schema provides the report format for Coverage Guided Fuzz Testing (https://docs.gitlab.com/ee/user/application_security/coverage_fuzzing).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.1.3" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "coverage_fuzzing" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability using GitLab Flavored Markdown", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "flags": { - "description": "Flags that can be attached to vulnerabilities.", - "type": "array", - "items": { - "type": "object", - "description": "Informational flags identified and assigned to a vulnerability.", - "required": [ - "type", - "origin", - "description" - ], - "properties": { - "type": { - "type": "string", - "minLength": 1, - "description": "Result of the scan.", - "enum": [ - "flagged-as-likely-false-positive" - ] - }, - "origin": { - "minLength": 1, - "description": "Tool that issued the flag.", - "type": "string" - }, - "description": { - "minLength": 1, - "description": "What the flag is about.", - "type": "string" - } - } - } - }, - "location": { - "description": "The location of the error", - "type": "object", - "properties": { - "crash_address": { - "type": "string", - "description": "The relative address in memory were the crash occurred.", - "examples": [ - "0xabababab" - ] - }, - "stacktrace_snippet": { - "type": "string", - "description": "The stack trace recorded during fuzzing resulting the crash.", - "examples": [ - "func_a+0xabcd\nfunc_b+0xabcc" - ] - }, - "crash_state": { - "type": "string", - "description": "Minimised and normalized crash stack-trace (called crash_state).", - "examples": [ - "func_a+0xa\nfunc_b+0xb\nfunc_c+0xc" - ] - }, - "crash_type": { - "type": "string", - "description": "Type of the crash.", - "examples": [ - "Heap-Buffer-overflow", - "Division-by-zero" - ] - } - } - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.3/dast-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.1.3/dast-report-format.json deleted file mode 100644 index 0e4c866794a..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.3/dast-report-format.json +++ /dev/null @@ -1,1287 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab DAST", - "description": "This schema provides the the report format for Dynamic Application Security Testing (https://docs.gitlab.com/ee/user/application_security/dast).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.1.3" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanned_resources", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "dast", - "api_fuzzing" - ] - }, - "scanned_resources": { - "type": "array", - "description": "The attack surface scanned by DAST.", - "items": { - "type": "object", - "required": [ - "method", - "url", - "type" - ], - "properties": { - "method": { - "type": "string", - "minLength": 1, - "description": "HTTP method of the scanned resource.", - "examples": [ - "GET", - "POST", - "HEAD" - ] - }, - "url": { - "type": "string", - "minLength": 1, - "description": "URL of the scanned resource.", - "examples": [ - "http://my.site.com/a-page" - ] - }, - "type": { - "type": "string", - "minLength": 1, - "description": "Type of the scanned resource, for DAST, this must be 'url'.", - "examples": [ - "url" - ] - } - } - } - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability using GitLab Flavored Markdown", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "flags": { - "description": "Flags that can be attached to vulnerabilities.", - "type": "array", - "items": { - "type": "object", - "description": "Informational flags identified and assigned to a vulnerability.", - "required": [ - "type", - "origin", - "description" - ], - "properties": { - "type": { - "type": "string", - "minLength": 1, - "description": "Result of the scan.", - "enum": [ - "flagged-as-likely-false-positive" - ] - }, - "origin": { - "minLength": 1, - "description": "Tool that issued the flag.", - "type": "string" - }, - "description": { - "minLength": 1, - "description": "What the flag is about.", - "type": "string" - } - } - } - }, - "evidence": { - "type": "object", - "properties": { - "source": { - "type": "object", - "description": "Source of evidence", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "Unique source identifier", - "examples": [ - "assert:LogAnalysis", - "assert:StatusCode" - ] - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Source display name", - "examples": [ - "Log Analysis", - "Status Code" - ] - }, - "url": { - "type": "string", - "description": "Link to additional information", - "examples": [ - "https://docs.gitlab.com/ee/development/integrations/secure.html" - ] - } - } - }, - "summary": { - "type": "string", - "description": "Human readable string containing evidence of the vulnerability.", - "examples": [ - "Credit card 4111111111111111 found", - "Server leaked information nginx/1.17.6" - ] - }, - "request": { - "type": "object", - "description": "An HTTP request.", - "required": [ - "headers", - "method", - "url" - ], - "properties": { - "headers": { - "type": "array", - "description": "HTTP headers present on the request.", - "items": { - "type": "object", - "required": [ - "name", - "value" - ], - "properties": { - "name": { - "type": "string", - "minLength": 1, - "description": "Name of the HTTP header.", - "examples": [ - "Accept", - "Content-Length", - "Content-Type" - ] - }, - "value": { - "type": "string", - "description": "Value of the HTTP header.", - "examples": [ - "*/*", - "560", - "application/json; charset=utf-8" - ] - } - } - } - }, - "method": { - "type": "string", - "minLength": 1, - "description": "HTTP method used in the request.", - "examples": [ - "GET", - "POST" - ] - }, - "url": { - "type": "string", - "minLength": 1, - "description": "URL of the request.", - "examples": [ - "http://my.site.com/vulnerable-endpoint?show-credit-card" - ] - }, - "body": { - "type": "string", - "description": "Body of the request for display purposes. Body must be suitable for display (not binary), and truncated to a reasonable size.", - "examples": [ - "user=jsmith&first=%27&last=smith" - ] - } - } - }, - "response": { - "type": "object", - "description": "An HTTP response.", - "required": [ - "headers", - "reason_phrase", - "status_code" - ], - "properties": { - "headers": { - "type": "array", - "description": "HTTP headers present on the request.", - "items": { - "type": "object", - "required": [ - "name", - "value" - ], - "properties": { - "name": { - "type": "string", - "minLength": 1, - "description": "Name of the HTTP header.", - "examples": [ - "Accept", - "Content-Length", - "Content-Type" - ] - }, - "value": { - "type": "string", - "description": "Value of the HTTP header.", - "examples": [ - "*/*", - "560", - "application/json; charset=utf-8" - ] - } - } - } - }, - "reason_phrase": { - "type": "string", - "description": "HTTP reason phrase of the response.", - "examples": [ - "OK", - "Internal Server Error" - ] - }, - "status_code": { - "type": "integer", - "description": "HTTP status code of the response.", - "examples": [ - 200, - 500 - ] - }, - "body": { - "type": "string", - "description": "Body of the response for display purposes. Body must be suitable for display (not binary), and truncated to a reasonable size.", - "examples": [ - "{\"user_id\": 2}" - ] - } - } - }, - "supporting_messages": { - "type": "array", - "description": "Array of supporting http messages.", - "items": { - "type": "object", - "description": "A supporting http message.", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "minLength": 1, - "description": "Message display name.", - "examples": [ - "Unmodified", - "Recorded" - ] - }, - "request": { - "type": "object", - "description": "An HTTP request.", - "required": [ - "headers", - "method", - "url" - ], - "properties": { - "headers": { - "type": "array", - "description": "HTTP headers present on the request.", - "items": { - "type": "object", - "required": [ - "name", - "value" - ], - "properties": { - "name": { - "type": "string", - "minLength": 1, - "description": "Name of the HTTP header.", - "examples": [ - "Accept", - "Content-Length", - "Content-Type" - ] - }, - "value": { - "type": "string", - "description": "Value of the HTTP header.", - "examples": [ - "*/*", - "560", - "application/json; charset=utf-8" - ] - } - } - } - }, - "method": { - "type": "string", - "minLength": 1, - "description": "HTTP method used in the request.", - "examples": [ - "GET", - "POST" - ] - }, - "url": { - "type": "string", - "minLength": 1, - "description": "URL of the request.", - "examples": [ - "http://my.site.com/vulnerable-endpoint?show-credit-card" - ] - }, - "body": { - "type": "string", - "description": "Body of the request for display purposes. Body must be suitable for display (not binary), and truncated to a reasonable size.", - "examples": [ - "user=jsmith&first=%27&last=smith" - ] - } - } - }, - "response": { - "type": "object", - "description": "An HTTP response.", - "required": [ - "headers", - "reason_phrase", - "status_code" - ], - "properties": { - "headers": { - "type": "array", - "description": "HTTP headers present on the request.", - "items": { - "type": "object", - "required": [ - "name", - "value" - ], - "properties": { - "name": { - "type": "string", - "minLength": 1, - "description": "Name of the HTTP header.", - "examples": [ - "Accept", - "Content-Length", - "Content-Type" - ] - }, - "value": { - "type": "string", - "description": "Value of the HTTP header.", - "examples": [ - "*/*", - "560", - "application/json; charset=utf-8" - ] - } - } - } - }, - "reason_phrase": { - "type": "string", - "description": "HTTP reason phrase of the response.", - "examples": [ - "OK", - "Internal Server Error" - ] - }, - "status_code": { - "type": "integer", - "description": "HTTP status code of the response.", - "examples": [ - 200, - 500 - ] - }, - "body": { - "type": "string", - "description": "Body of the response for display purposes. Body must be suitable for display (not binary), and truncated to a reasonable size.", - "examples": [ - "{\"user_id\": 2}" - ] - } - } - } - } - } - } - } - }, - "location": { - "type": "object", - "description": "Identifies the vulnerability's location.", - "properties": { - "hostname": { - "type": "string", - "description": "The protocol, domain, and port of the application where the vulnerability was found." - }, - "method": { - "type": "string", - "description": "The HTTP method that was used to request the URL where the vulnerability was found." - }, - "param": { - "type": "string", - "description": "A value provided by a vulnerability rule related to the found vulnerability. Examples include a header value, or a parameter used in a HTTP POST." - }, - "path": { - "type": "string", - "description": "The path of the URL where the vulnerability was found. Typically, this would start with a forward slash." - } - } - }, - "assets": { - "type": "array", - "description": "Array of build assets associated with vulnerability.", - "items": { - "type": "object", - "description": "Describes an asset associated with vulnerability.", - "required": [ - "type", - "name", - "url" - ], - "properties": { - "type": { - "type": "string", - "description": "The type of asset", - "enum": [ - "http_session", - "postman" - ] - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Display name for asset", - "examples": [ - "HTTP Messages", - "Postman Collection" - ] - }, - "url": { - "type": "string", - "minLength": 1, - "description": "Link to asset in build artifacts", - "examples": [ - "https://gitlab.com/gitlab-org/security-products/dast/-/jobs/626397001/artifacts/file//output/zap_session.data" - ] - } - } - } - }, - "discovered_at": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss.sss, representing when the vulnerability was discovered", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}\\.\\d{3}$", - "examples": [ - "2020-01-28T03:26:02.956" - ] - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.3/dependency-scanning-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.1.3/dependency-scanning-report-format.json deleted file mode 100644 index 652c2f48fe4..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.3/dependency-scanning-report-format.json +++ /dev/null @@ -1,968 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab Dependency Scanning", - "description": "This schema provides the the report format for Dependency Scanning analyzers (https://docs.gitlab.com/ee/user/application_security/dependency_scanning).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.1.3" - }, - "required": [ - "dependency_files", - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "dependency_scanning" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability using GitLab Flavored Markdown", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "flags": { - "description": "Flags that can be attached to vulnerabilities.", - "type": "array", - "items": { - "type": "object", - "description": "Informational flags identified and assigned to a vulnerability.", - "required": [ - "type", - "origin", - "description" - ], - "properties": { - "type": { - "type": "string", - "minLength": 1, - "description": "Result of the scan.", - "enum": [ - "flagged-as-likely-false-positive" - ] - }, - "origin": { - "minLength": 1, - "description": "Tool that issued the flag.", - "type": "string" - }, - "description": { - "minLength": 1, - "description": "What the flag is about.", - "type": "string" - } - } - } - }, - "location": { - "type": "object", - "description": "Identifies the vulnerability's location.", - "required": [ - "file", - "dependency" - ], - "properties": { - "file": { - "type": "string", - "minLength": 1, - "description": "Path to the manifest or lock file where the dependency is declared (such as yarn.lock)." - }, - "dependency": { - "type": "object", - "description": "Describes the dependency of a project where the vulnerability is located.", - "properties": { - "package": { - "type": "object", - "description": "Provides information on the package where the vulnerability is located.", - "properties": { - "name": { - "type": "string", - "description": "Name of the package where the vulnerability is located." - } - } - }, - "version": { - "type": "string", - "description": "Version of the vulnerable package." - }, - "iid": { - "description": "ID that identifies the dependency in the scope of a dependency file.", - "type": "number" - }, - "direct": { - "type": "boolean", - "description": "Tells whether this is a direct, top-level dependency of the scanned project." - }, - "dependency_path": { - "type": "array", - "description": "Ancestors of the dependency, starting from a direct project dependency, and ending with an immediate parent of the dependency. The dependency itself is excluded from the path. Direct dependencies have no path.", - "items": { - "type": "object", - "required": [ - "iid" - ], - "properties": { - "iid": { - "type": "number", - "description": "ID that is unique in the scope of a parent object, and specific to the resource type." - } - } - } - } - } - } - } - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - }, - "dependency_files": { - "type": "array", - "description": "List of dependency files identified in the project.", - "items": { - "type": "object", - "required": [ - "path", - "package_manager", - "dependencies" - ], - "properties": { - "path": { - "type": "string", - "minLength": 1 - }, - "package_manager": { - "type": "string", - "minLength": 1 - }, - "dependencies": { - "type": "array", - "items": { - "type": "object", - "description": "Describes the dependency of a project where the vulnerability is located.", - "properties": { - "package": { - "type": "object", - "description": "Provides information on the package where the vulnerability is located.", - "properties": { - "name": { - "type": "string", - "description": "Name of the package where the vulnerability is located." - } - } - }, - "version": { - "type": "string", - "description": "Version of the vulnerable package." - }, - "iid": { - "description": "ID that identifies the dependency in the scope of a dependency file.", - "type": "number" - }, - "direct": { - "type": "boolean", - "description": "Tells whether this is a direct, top-level dependency of the scanned project." - }, - "dependency_path": { - "type": "array", - "description": "Ancestors of the dependency, starting from a direct project dependency, and ending with an immediate parent of the dependency. The dependency itself is excluded from the path. Direct dependencies have no path.", - "items": { - "type": "object", - "required": [ - "iid" - ], - "properties": { - "iid": { - "type": "number", - "description": "ID that is unique in the scope of a parent object, and specific to the resource type." - } - } - } - } - } - } - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.3/sast-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.1.3/sast-report-format.json deleted file mode 100644 index 40d4d9f5287..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.3/sast-report-format.json +++ /dev/null @@ -1,869 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab SAST", - "description": "This schema provides the report format for Static Application Security Testing analyzers (https://docs.gitlab.com/ee/user/application_security/sast).", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.1.3" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "sast" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability using GitLab Flavored Markdown", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "flags": { - "description": "Flags that can be attached to vulnerabilities.", - "type": "array", - "items": { - "type": "object", - "description": "Informational flags identified and assigned to a vulnerability.", - "required": [ - "type", - "origin", - "description" - ], - "properties": { - "type": { - "type": "string", - "minLength": 1, - "description": "Result of the scan.", - "enum": [ - "flagged-as-likely-false-positive" - ] - }, - "origin": { - "minLength": 1, - "description": "Tool that issued the flag.", - "type": "string" - }, - "description": { - "minLength": 1, - "description": "What the flag is about.", - "type": "string" - } - } - } - }, - "location": { - "type": "object", - "description": "Identifies the vulnerability's location.", - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the code affected by the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the code affected by the vulnerability." - }, - "class": { - "type": "string", - "description": "Provides the name of the class where the vulnerability is located." - }, - "method": { - "type": "string", - "description": "Provides the name of the method where the vulnerability is located." - } - } - }, - "raw_source_code_extract": { - "type": "string", - "description": "Provides an unsanitized excerpt of the affected source code." - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.3/secret-detection-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/14.1.3/secret-detection-report-format.json deleted file mode 100644 index cfde126dd7b..00000000000 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.3/secret-detection-report-format.json +++ /dev/null @@ -1,892 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Report format for GitLab Secret Detection", - "description": "This schema provides the the report format for the Secret Detection analyzer (https://docs.gitlab.com/ee/user/application_security/secret_detection)", - "definitions": { - "detail_type": { - "oneOf": [ - { - "$ref": "#/definitions/named_list" - }, - { - "$ref": "#/definitions/list" - }, - { - "$ref": "#/definitions/table" - }, - { - "$ref": "#/definitions/text" - }, - { - "$ref": "#/definitions/url" - }, - { - "$ref": "#/definitions/code" - }, - { - "$ref": "#/definitions/value" - }, - { - "$ref": "#/definitions/diff" - }, - { - "$ref": "#/definitions/markdown" - }, - { - "$ref": "#/definitions/commit" - }, - { - "$ref": "#/definitions/file_location" - }, - { - "$ref": "#/definitions/module_location" - } - ] - }, - "text_value": { - "type": "string" - }, - "named_field": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/definitions/text_value", - "minLength": 1 - }, - "description": { - "$ref": "#/definitions/text_value" - } - } - }, - "named_list": { - "type": "object", - "description": "An object with named and typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "named-list" - }, - "items": { - "type": "object", - "patternProperties": { - "^.*$": { - "allOf": [ - { - "$ref": "#/definitions/named_field" - }, - { - "$ref": "#/definitions/detail_type" - } - ] - } - } - } - } - }, - "list": { - "type": "object", - "description": "A list of typed fields", - "required": [ - "type", - "items" - ], - "properties": { - "type": { - "const": "list" - }, - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - }, - "table": { - "type": "object", - "description": "A table of typed fields", - "required": [ - "type", - "rows" - ], - "properties": { - "type": { - "const": "table" - }, - "header": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - }, - "rows": { - "type": "array", - "items": { - "type": "array", - "items": { - "$ref": "#/definitions/detail_type" - } - } - } - } - }, - "text": { - "type": "object", - "description": "Raw text", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "text" - }, - "value": { - "$ref": "#/definitions/text_value" - } - } - }, - "url": { - "type": "object", - "description": "A single URL", - "required": [ - "type", - "href" - ], - "properties": { - "type": { - "const": "url" - }, - "text": { - "$ref": "#/definitions/text_value" - }, - "href": { - "type": "string", - "minLength": 1, - "examples": [ - "http://mysite.com" - ] - } - } - }, - "code": { - "type": "object", - "description": "A codeblock", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "code" - }, - "value": { - "type": "string" - }, - "lang": { - "type": "string", - "description": "A programming language" - } - } - }, - "value": { - "type": "object", - "description": "A field that can store a range of types of value", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "value" - }, - "value": { - "type": [ - "number", - "string", - "boolean" - ] - } - } - }, - "diff": { - "type": "object", - "description": "A diff", - "required": [ - "type", - "before", - "after" - ], - "properties": { - "type": { - "const": "diff" - }, - "before": { - "type": "string" - }, - "after": { - "type": "string" - } - } - }, - "markdown": { - "type": "object", - "description": "GitLab flavoured markdown, see https://docs.gitlab.com/ee/user/markdown.html", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "markdown" - }, - "value": { - "$ref": "#/definitions/text_value", - "examples": [ - "Here is markdown `inline code` #1 [test](gitlab.com)\n\n" - ] - } - } - }, - "commit": { - "type": "object", - "description": "A commit/tag/branch within the GitLab project", - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "const": "commit" - }, - "value": { - "type": "string", - "description": "The commit SHA", - "minLength": 1 - } - } - }, - "file_location": { - "type": "object", - "description": "A location within a file in the project", - "required": [ - "type", - "file_name", - "line_start" - ], - "properties": { - "type": { - "const": "file-location" - }, - "file_name": { - "type": "string", - "minLength": 1 - }, - "line_start": { - "type": "integer" - }, - "line_end": { - "type": "integer" - } - } - }, - "module_location": { - "type": "object", - "description": "A location within a binary module of the form module+relative_offset", - "required": [ - "type", - "module_name", - "offset" - ], - "properties": { - "type": { - "const": "module-location" - }, - "module_name": { - "type": "string", - "minLength": 1, - "examples": [ - "compiled_binary" - ] - }, - "offset": { - "type": "integer", - "examples": [ - 100 - ] - } - } - } - }, - "self": { - "version": "14.1.3" - }, - "required": [ - "version", - "vulnerabilities" - ], - "additionalProperties": true, - "properties": { - "scan": { - "type": "object", - "required": [ - "end_time", - "scanner", - "start_time", - "status", - "type" - ], - "properties": { - "end_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-01-28T03:26:02" - ] - }, - "messages": { - "type": "array", - "items": { - "type": "object", - "description": "Communication intended for the initiator of a scan.", - "required": [ - "level", - "value" - ], - "properties": { - "level": { - "type": "string", - "description": "Describes the severity of the communication. Use info to communicate normal scan behaviour; warn to communicate a potentially recoverable problem, or a partial error; fatal to communicate an issue that causes the scan to halt.", - "enum": [ - "info", - "warn", - "fatal" - ], - "examples": [ - "info" - ] - }, - "value": { - "type": "string", - "description": "The message to communicate.", - "minLength": 1, - "examples": [ - "Permission denied, scanning aborted" - ] - } - } - } - }, - "analyzer": { - "type": "object", - "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the analyzer.", - "minLength": 1, - "examples": [ - "gitlab-dast" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the analyzer, not required to be unique.", - "minLength": 1, - "examples": [ - "GitLab DAST" - ] - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^https?://.+", - "description": "A link to more information about the analyzer.", - "examples": [ - "https://docs.gitlab.com/ee/user/application_security/dast" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the analyzer.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - }, - "version": { - "type": "string", - "description": "The version of the analyzer.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - } - } - }, - "scanner": { - "type": "object", - "description": "Object defining the scanner used to perform the scan.", - "required": [ - "id", - "name", - "version", - "vendor" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique id that identifies the scanner.", - "minLength": 1, - "examples": [ - "my-sast-scanner" - ] - }, - "name": { - "type": "string", - "description": "A human readable value that identifies the scanner, not required to be unique.", - "minLength": 1, - "examples": [ - "My SAST Scanner" - ] - }, - "url": { - "type": "string", - "description": "A link to more information about the scanner.", - "examples": [ - "https://scanner.url" - ] - }, - "version": { - "type": "string", - "description": "The version of the scanner.", - "minLength": 1, - "examples": [ - "1.0.2" - ] - }, - "vendor": { - "description": "The vendor/maintainer of the scanner.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the vendor.", - "minLength": 1, - "examples": [ - "GitLab" - ] - } - } - } - } - }, - "start_time": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", - "examples": [ - "2020-02-14T16:01:59" - ] - }, - "status": { - "type": "string", - "description": "Result of the scan.", - "enum": [ - "success", - "failure" - ] - }, - "type": { - "type": "string", - "description": "Type of the scan.", - "enum": [ - "secret_detection" - ] - } - } - }, - "schema": { - "type": "string", - "description": "URI pointing to the validating security report schema.", - "format": "uri" - }, - "version": { - "type": "string", - "description": "The version of the schema to which the JSON report conforms.", - "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" - }, - "vulnerabilities": { - "type": "array", - "description": "Array of vulnerability objects.", - "items": { - "type": "object", - "description": "Describes the vulnerability using GitLab Flavored Markdown", - "required": [ - "category", - "cve", - "identifiers", - "location", - "scanner" - ], - "properties": { - "id": { - "type": "string", - "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", - "examples": [ - "642735a5-1425-428d-8d4e-3c854885a3c9" - ] - }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, - "name": { - "type": "string", - "description": "The name of the vulnerability. This must not include the finding's specific information." - }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, - "description": { - "type": "string", - "description": "A long text section describing the vulnerability more fully." - }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, - "severity": { - "type": "string", - "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", - "enum": [ - "Info", - "Unknown", - "Low", - "Medium", - "High", - "Critical" - ] - }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, - "solution": { - "type": "string", - "description": "Explanation of how to fix the vulnerability." - }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, - "identifiers": { - "type": "array", - "minItems": 1, - "description": "An ordered array of references that identify a vulnerability on internal or external databases. The first identifier is the Primary Identifier, which has special meaning.", - "items": { - "type": "object", - "required": [ - "type", - "name", - "value" - ], - "properties": { - "type": { - "type": "string", - "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", - "minLength": 1 - }, - "name": { - "type": "string", - "description": "Human-readable name of the identifier.", - "minLength": 1 - }, - "url": { - "type": "string", - "description": "URL of the identifier's documentation.", - "format": "uri" - }, - "value": { - "type": "string", - "description": "Value of the identifier, for matching purpose.", - "minLength": 1 - } - } - } - }, - "links": { - "type": "array", - "description": "An array of references to external documentation or articles that describe the vulnerability.", - "items": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the vulnerability details link." - }, - "url": { - "type": "string", - "description": "URL of the vulnerability details document.", - "format": "uri" - } - } - } - }, - "details": { - "$ref": "#/definitions/named_list/properties/items" - }, - "tracking": { - "description": "Describes how this vulnerability should be tracked as the project changes.", - "oneOf": [ - { - "description": "Declares that a series of items should be tracked using source-specific tracking methods.", - "required": [ - "items" - ], - "properties": { - "type": { - "const": "source" - }, - "items": { - "type": "array", - "items": { - "description": "An item that should be tracked using source-specific tracking methods.", - "type": "object", - "required": [ - "signatures" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located." - }, - "start_line": { - "type": "number", - "description": "The first line of the file that includes the vulnerability." - }, - "end_line": { - "type": "number", - "description": "The last line of the file that includes the vulnerability." - }, - "signatures": { - "type": "array", - "description": "An array of calculated tracking signatures for this tracking item.", - "minItems": 1, - "items": { - "description": "A calculated tracking signature value and metadata.", - "required": [ - "algorithm", - "value" - ], - "properties": { - "algorithm": { - "type": "string", - "description": "The algorithm used to generate the signature." - }, - "value": { - "type": "string", - "description": "The result of this signature algorithm." - } - } - } - } - } - } - } - } - } - ], - "properties": { - "type": { - "type": "string", - "description": "Each tracking type must declare its own type." - } - } - }, - "flags": { - "description": "Flags that can be attached to vulnerabilities.", - "type": "array", - "items": { - "type": "object", - "description": "Informational flags identified and assigned to a vulnerability.", - "required": [ - "type", - "origin", - "description" - ], - "properties": { - "type": { - "type": "string", - "minLength": 1, - "description": "Result of the scan.", - "enum": [ - "flagged-as-likely-false-positive" - ] - }, - "origin": { - "minLength": 1, - "description": "Tool that issued the flag.", - "type": "string" - }, - "description": { - "minLength": 1, - "description": "What the flag is about.", - "type": "string" - } - } - } - }, - "location": { - "required": [ - "commit" - ], - "properties": { - "file": { - "type": "string", - "description": "Path to the file where the vulnerability is located" - }, - "commit": { - "type": "object", - "description": "Represents the commit in which the vulnerability was detected", - "required": [ - "sha" - ], - "properties": { - "author": { - "type": "string" - }, - "date": { - "type": "string" - }, - "message": { - "type": "string" - }, - "sha": { - "type": "string", - "minLength": 1 - } - } - }, - "start_line": { - "type": "number", - "description": "The first line of the code affected by the vulnerability" - }, - "end_line": { - "type": "number", - "description": "The last line of the code affected by the vulnerability" - }, - "class": { - "type": "string", - "description": "Provides the name of the class where the vulnerability is located" - }, - "method": { - "type": "string", - "description": "Provides the name of the method where the vulnerability is located" - } - } - }, - "raw_source_code_extract": { - "type": "string", - "description": "Provides an unsanitized excerpt of the affected source code." - } - } - } - }, - "remediations": { - "type": "array", - "description": "An array of objects containing information on available remediations, along with patch diffs to apply.", - "items": { - "type": "object", - "required": [ - "fixes", - "summary", - "diff" - ], - "properties": { - "fixes": { - "type": "array", - "description": "An array of strings that represent references to vulnerabilities fixed by this remediation.", - "items": { - "type": "object", - "required": [ - "cve" - ], - "properties": { - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - } - } - } - }, - "summary": { - "type": "string", - "minLength": 1, - "description": "An overview of how the vulnerabilities were fixed." - }, - "diff": { - "type": "string", - "minLength": 1, - "description": "A base64-encoded remediation code diff, compatible with git apply." - } - } - } - } - } -} diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.1/cluster-image-scanning-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/15.0.6/cluster-image-scanning-report-format.json index 7bcb2d5867f..91414255211 100644 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.1/cluster-image-scanning-report-format.json +++ b/lib/gitlab/ci/parsers/security/validators/schemas/15.0.6/cluster-image-scanning-report-format.json @@ -1,5 +1,6 @@ { "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/raw/master/dist/cluster-image-scanning-report-format.json", "title": "Report format for GitLab Cluster Image Scanning", "description": "This schema provides the the report format for Cluster Image Scanning (https://docs.gitlab.com/ee/user/application_security/cluster_image_scanning/).", "definitions": { @@ -54,6 +55,7 @@ "properties": { "name": { "$ref": "#/definitions/text_value", + "type": "string", "minLength": 1 }, "description": { @@ -325,9 +327,11 @@ } }, "self": { - "version": "14.1.1" + "version": "15.0.6" }, + "type": "object", "required": [ + "scan", "version", "vulnerabilities" ], @@ -336,6 +340,7 @@ "scan": { "type": "object", "required": [ + "analyzer", "end_time", "scanner", "start_time", @@ -346,7 +351,7 @@ "end_time": { "type": "string", "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", + "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}$", "examples": [ "2020-01-28T03:26:02" ] @@ -384,6 +389,57 @@ } } }, + "options": { + "type": "array", + "items": { + "type": "object", + "description": "A configuration option used for this scan.", + "required": [ + "name", + "value" + ], + "properties": { + "name": { + "type": "string", + "description": "The configuration option name.", + "maxLength": 255, + "minLength": 1, + "examples": [ + "DAST_FF_ENABLE_BAS", + "DOCKER_TLS_CERTDIR", + "DS_MAX_DEPTH", + "SECURE_LOG_LEVEL" + ] + }, + "source": { + "type": "string", + "description": "The source of this option.", + "enum": [ + "argument", + "file", + "env_variable", + "other" + ] + }, + "value": { + "type": [ + "boolean", + "integer", + "null", + "string" + ], + "description": "The value used for this scan.", + "examples": [ + true, + 2, + null, + "fatal", + "" + ] + } + } + } + }, "analyzer": { "type": "object", "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", @@ -412,7 +468,6 @@ }, "url": { "type": "string", - "format": "uri", "pattern": "^https?://.+", "description": "A link to more information about the analyzer.", "examples": [ @@ -509,7 +564,7 @@ "start_time": { "type": "string", "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", + "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}$", "examples": [ "2020-02-14T16:01:59" ] @@ -528,13 +583,47 @@ "enum": [ "cluster_image_scanning" ] + }, + "primary_identifiers": { + "type": "array", + "description": "An unordered array containing an exhaustive list of primary identifiers for which the analyzer may return results", + "items": { + "type": "object", + "required": [ + "type", + "name", + "value" + ], + "properties": { + "type": { + "type": "string", + "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", + "minLength": 1 + }, + "name": { + "type": "string", + "description": "Human-readable name of the identifier.", + "minLength": 1 + }, + "url": { + "type": "string", + "description": "URL of the identifier's documentation.", + "pattern": "^(https?|ftp)://.+" + }, + "value": { + "type": "string", + "description": "Value of the identifier, for matching purpose.", + "minLength": 1 + } + } + } } } }, "schema": { "type": "string", "description": "URI pointing to the validating security report schema.", - "format": "uri" + "pattern": "^https?://.+" }, "version": { "type": "string", @@ -548,41 +637,29 @@ "type": "object", "description": "Describes the vulnerability using GitLab Flavored Markdown", "required": [ - "category", - "cve", + "id", "identifiers", - "location", - "scanner" + "location" ], "properties": { "id": { "type": "string", + "minLength": 1, "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", "examples": [ "642735a5-1425-428d-8d4e-3c854885a3c9" ] }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, "name": { "type": "string", + "maxLength": 255, "description": "The name of the vulnerability. This must not include the finding's specific information." }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, "description": { "type": "string", + "maxLength": 1048576, "description": "A long text section describing the vulnerability more fully." }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, "severity": { "type": "string", "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", @@ -595,43 +672,11 @@ "Critical" ] }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, "solution": { "type": "string", + "maxLength": 7000, "description": "Explanation of how to fix the vulnerability." }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, "identifiers": { "type": "array", "minItems": 1, @@ -657,7 +702,7 @@ "url": { "type": "string", "description": "URL of the identifier's documentation.", - "format": "uri" + "pattern": "^(https?|ftp)://.+" }, "value": { "type": "string", @@ -683,7 +728,7 @@ "url": { "type": "string", "description": "URL of the vulnerability details document.", - "format": "uri" + "pattern": "^(https?|ftp)://.+" } } } @@ -692,6 +737,7 @@ "$ref": "#/definitions/named_list/properties/items" }, "tracking": { + "type": "object", "description": "Describes how this vulnerability should be tracked as the project changes.", "oneOf": [ { @@ -730,6 +776,7 @@ "minItems": 1, "items": { "description": "A calculated tracking signature value and metadata.", + "type": "object", "required": [ "algorithm", "value" @@ -804,10 +851,17 @@ "dependency": { "type": "object", "description": "Describes the dependency of a project where the vulnerability is located.", + "required": [ + "package", + "version" + ], "properties": { "package": { "type": "object", "description": "Provides information on the package where the vulnerability is located.", + "required": [ + "name" + ], "properties": { "name": { "type": "string", @@ -950,12 +1004,16 @@ "items": { "type": "object", "required": [ - "cve" + "id" ], "properties": { - "cve": { + "id": { "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." + "minLength": 1, + "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", + "examples": [ + "642735a5-1425-428d-8d4e-3c854885a3c9" + ] } } } diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.6/container-scanning-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/15.0.6/container-scanning-report-format.json index fb412af44e3..ecd92ed2ff1 100644 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.6/container-scanning-report-format.json +++ b/lib/gitlab/ci/parsers/security/validators/schemas/15.0.6/container-scanning-report-format.json @@ -1,5 +1,6 @@ { "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/raw/master/dist/container-scanning-report-format.json", "title": "Report format for GitLab Container Scanning", "description": "This schema provides the the report format for Container Scanning (https://docs.gitlab.com/ee/user/application_security/container_scanning).", "definitions": { @@ -54,6 +55,7 @@ "properties": { "name": { "$ref": "#/definitions/text_value", + "type": "string", "minLength": 1 }, "description": { @@ -325,9 +327,11 @@ } }, "self": { - "version": "14.0.6" + "version": "15.0.6" }, + "type": "object", "required": [ + "scan", "version", "vulnerabilities" ], @@ -336,6 +340,7 @@ "scan": { "type": "object", "required": [ + "analyzer", "end_time", "scanner", "start_time", @@ -346,7 +351,7 @@ "end_time": { "type": "string", "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", + "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}$", "examples": [ "2020-01-28T03:26:02" ] @@ -384,6 +389,57 @@ } } }, + "options": { + "type": "array", + "items": { + "type": "object", + "description": "A configuration option used for this scan.", + "required": [ + "name", + "value" + ], + "properties": { + "name": { + "type": "string", + "description": "The configuration option name.", + "maxLength": 255, + "minLength": 1, + "examples": [ + "DAST_FF_ENABLE_BAS", + "DOCKER_TLS_CERTDIR", + "DS_MAX_DEPTH", + "SECURE_LOG_LEVEL" + ] + }, + "source": { + "type": "string", + "description": "The source of this option.", + "enum": [ + "argument", + "file", + "env_variable", + "other" + ] + }, + "value": { + "type": [ + "boolean", + "integer", + "null", + "string" + ], + "description": "The value used for this scan.", + "examples": [ + true, + 2, + null, + "fatal", + "" + ] + } + } + } + }, "analyzer": { "type": "object", "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", @@ -412,7 +468,6 @@ }, "url": { "type": "string", - "format": "uri", "pattern": "^https?://.+", "description": "A link to more information about the analyzer.", "examples": [ @@ -509,7 +564,7 @@ "start_time": { "type": "string", "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", + "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}$", "examples": [ "2020-02-14T16:01:59" ] @@ -528,13 +583,47 @@ "enum": [ "container_scanning" ] + }, + "primary_identifiers": { + "type": "array", + "description": "An unordered array containing an exhaustive list of primary identifiers for which the analyzer may return results", + "items": { + "type": "object", + "required": [ + "type", + "name", + "value" + ], + "properties": { + "type": { + "type": "string", + "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", + "minLength": 1 + }, + "name": { + "type": "string", + "description": "Human-readable name of the identifier.", + "minLength": 1 + }, + "url": { + "type": "string", + "description": "URL of the identifier's documentation.", + "pattern": "^(https?|ftp)://.+" + }, + "value": { + "type": "string", + "description": "Value of the identifier, for matching purpose.", + "minLength": 1 + } + } + } } } }, "schema": { "type": "string", "description": "URI pointing to the validating security report schema.", - "format": "uri" + "pattern": "^https?://.+" }, "version": { "type": "string", @@ -548,41 +637,29 @@ "type": "object", "description": "Describes the vulnerability using GitLab Flavored Markdown", "required": [ - "category", - "cve", + "id", "identifiers", - "location", - "scanner" + "location" ], "properties": { "id": { "type": "string", + "minLength": 1, "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", "examples": [ "642735a5-1425-428d-8d4e-3c854885a3c9" ] }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, "name": { "type": "string", + "maxLength": 255, "description": "The name of the vulnerability. This must not include the finding's specific information." }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, "description": { "type": "string", + "maxLength": 1048576, "description": "A long text section describing the vulnerability more fully." }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, "severity": { "type": "string", "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", @@ -595,43 +672,11 @@ "Critical" ] }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, "solution": { "type": "string", + "maxLength": 7000, "description": "Explanation of how to fix the vulnerability." }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, "identifiers": { "type": "array", "minItems": 1, @@ -657,7 +702,7 @@ "url": { "type": "string", "description": "URL of the identifier's documentation.", - "format": "uri" + "pattern": "^(https?|ftp)://.+" }, "value": { "type": "string", @@ -683,7 +728,7 @@ "url": { "type": "string", "description": "URL of the vulnerability details document.", - "format": "uri" + "pattern": "^(https?|ftp)://.+" } } } @@ -692,6 +737,7 @@ "$ref": "#/definitions/named_list/properties/items" }, "tracking": { + "type": "object", "description": "Describes how this vulnerability should be tracked as the project changes.", "oneOf": [ { @@ -730,6 +776,7 @@ "minItems": 1, "items": { "description": "A calculated tracking signature value and metadata.", + "type": "object", "required": [ "algorithm", "value" @@ -804,10 +851,17 @@ "dependency": { "type": "object", "description": "Describes the dependency of a project where the vulnerability is located.", + "required": [ + "package", + "version" + ], "properties": { "package": { "type": "object", "description": "Provides information on the package where the vulnerability is located.", + "required": [ + "name" + ], "properties": { "name": { "type": "string", @@ -858,7 +912,6 @@ "default_branch_image": { "type": "string", "maxLength": 255, - "pattern": "^[a-zA-Z0-9/_.-]+:[a-zA-Z0-9_.-]+$", "description": "The name of the image on the default branch." } } @@ -883,12 +936,16 @@ "items": { "type": "object", "required": [ - "cve" + "id" ], "properties": { - "cve": { + "id": { "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." + "minLength": 1, + "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", + "examples": [ + "642735a5-1425-428d-8d4e-3c854885a3c9" + ] } } } diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.0/coverage-fuzzing-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/15.0.6/coverage-fuzzing-report-format.json index f63ebfa2cc2..11a1375710b 100644 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.0/coverage-fuzzing-report-format.json +++ b/lib/gitlab/ci/parsers/security/validators/schemas/15.0.6/coverage-fuzzing-report-format.json @@ -1,5 +1,6 @@ { "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/raw/master/dist/coverage-fuzzing-report-format.json", "title": "Report format for GitLab Fuzz Testing", "description": "This schema provides the report format for Coverage Guided Fuzz Testing (https://docs.gitlab.com/ee/user/application_security/coverage_fuzzing).", "definitions": { @@ -54,6 +55,7 @@ "properties": { "name": { "$ref": "#/definitions/text_value", + "type": "string", "minLength": 1 }, "description": { @@ -325,9 +327,11 @@ } }, "self": { - "version": "14.1.0" + "version": "15.0.6" }, + "type": "object", "required": [ + "scan", "version", "vulnerabilities" ], @@ -336,6 +340,7 @@ "scan": { "type": "object", "required": [ + "analyzer", "end_time", "scanner", "start_time", @@ -346,7 +351,7 @@ "end_time": { "type": "string", "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", + "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}$", "examples": [ "2020-01-28T03:26:02" ] @@ -384,6 +389,57 @@ } } }, + "options": { + "type": "array", + "items": { + "type": "object", + "description": "A configuration option used for this scan.", + "required": [ + "name", + "value" + ], + "properties": { + "name": { + "type": "string", + "description": "The configuration option name.", + "maxLength": 255, + "minLength": 1, + "examples": [ + "DAST_FF_ENABLE_BAS", + "DOCKER_TLS_CERTDIR", + "DS_MAX_DEPTH", + "SECURE_LOG_LEVEL" + ] + }, + "source": { + "type": "string", + "description": "The source of this option.", + "enum": [ + "argument", + "file", + "env_variable", + "other" + ] + }, + "value": { + "type": [ + "boolean", + "integer", + "null", + "string" + ], + "description": "The value used for this scan.", + "examples": [ + true, + 2, + null, + "fatal", + "" + ] + } + } + } + }, "analyzer": { "type": "object", "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", @@ -412,7 +468,6 @@ }, "url": { "type": "string", - "format": "uri", "pattern": "^https?://.+", "description": "A link to more information about the analyzer.", "examples": [ @@ -509,7 +564,7 @@ "start_time": { "type": "string", "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", + "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}$", "examples": [ "2020-02-14T16:01:59" ] @@ -528,13 +583,47 @@ "enum": [ "coverage_fuzzing" ] + }, + "primary_identifiers": { + "type": "array", + "description": "An unordered array containing an exhaustive list of primary identifiers for which the analyzer may return results", + "items": { + "type": "object", + "required": [ + "type", + "name", + "value" + ], + "properties": { + "type": { + "type": "string", + "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", + "minLength": 1 + }, + "name": { + "type": "string", + "description": "Human-readable name of the identifier.", + "minLength": 1 + }, + "url": { + "type": "string", + "description": "URL of the identifier's documentation.", + "pattern": "^(https?|ftp)://.+" + }, + "value": { + "type": "string", + "description": "Value of the identifier, for matching purpose.", + "minLength": 1 + } + } + } } } }, "schema": { "type": "string", "description": "URI pointing to the validating security report schema.", - "format": "uri" + "pattern": "^https?://.+" }, "version": { "type": "string", @@ -548,41 +637,29 @@ "type": "object", "description": "Describes the vulnerability using GitLab Flavored Markdown", "required": [ - "category", - "cve", + "id", "identifiers", - "location", - "scanner" + "location" ], "properties": { "id": { "type": "string", + "minLength": 1, "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", "examples": [ "642735a5-1425-428d-8d4e-3c854885a3c9" ] }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, "name": { "type": "string", + "maxLength": 255, "description": "The name of the vulnerability. This must not include the finding's specific information." }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, "description": { "type": "string", + "maxLength": 1048576, "description": "A long text section describing the vulnerability more fully." }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, "severity": { "type": "string", "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", @@ -595,43 +672,11 @@ "Critical" ] }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, "solution": { "type": "string", + "maxLength": 7000, "description": "Explanation of how to fix the vulnerability." }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, "identifiers": { "type": "array", "minItems": 1, @@ -657,7 +702,7 @@ "url": { "type": "string", "description": "URL of the identifier's documentation.", - "format": "uri" + "pattern": "^(https?|ftp)://.+" }, "value": { "type": "string", @@ -683,7 +728,7 @@ "url": { "type": "string", "description": "URL of the vulnerability details document.", - "format": "uri" + "pattern": "^(https?|ftp)://.+" } } } @@ -692,6 +737,7 @@ "$ref": "#/definitions/named_list/properties/items" }, "tracking": { + "type": "object", "description": "Describes how this vulnerability should be tracked as the project changes.", "oneOf": [ { @@ -730,6 +776,7 @@ "minItems": 1, "items": { "description": "A calculated tracking signature value and metadata.", + "type": "object", "required": [ "algorithm", "value" @@ -847,12 +894,16 @@ "items": { "type": "object", "required": [ - "cve" + "id" ], "properties": { - "cve": { + "id": { "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." + "minLength": 1, + "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", + "examples": [ + "642735a5-1425-428d-8d4e-3c854885a3c9" + ] } } } diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.6/dast-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/15.0.6/dast-report-format.json index 598f162aad2..1351cb261e0 100644 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.0.6/dast-report-format.json +++ b/lib/gitlab/ci/parsers/security/validators/schemas/15.0.6/dast-report-format.json @@ -1,5 +1,6 @@ { "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/raw/master/dist/dast-report-format.json", "title": "Report format for GitLab DAST", "description": "This schema provides the the report format for Dynamic Application Security Testing (https://docs.gitlab.com/ee/user/application_security/dast).", "definitions": { @@ -54,6 +55,7 @@ "properties": { "name": { "$ref": "#/definitions/text_value", + "type": "string", "minLength": 1 }, "description": { @@ -325,9 +327,11 @@ } }, "self": { - "version": "14.0.6" + "version": "15.0.6" }, + "type": "object", "required": [ + "scan", "version", "vulnerabilities" ], @@ -336,6 +340,7 @@ "scan": { "type": "object", "required": [ + "analyzer", "end_time", "scanned_resources", "scanner", @@ -347,7 +352,7 @@ "end_time": { "type": "string", "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", + "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}$", "examples": [ "2020-01-28T03:26:02" ] @@ -385,6 +390,57 @@ } } }, + "options": { + "type": "array", + "items": { + "type": "object", + "description": "A configuration option used for this scan.", + "required": [ + "name", + "value" + ], + "properties": { + "name": { + "type": "string", + "description": "The configuration option name.", + "maxLength": 255, + "minLength": 1, + "examples": [ + "DAST_FF_ENABLE_BAS", + "DOCKER_TLS_CERTDIR", + "DS_MAX_DEPTH", + "SECURE_LOG_LEVEL" + ] + }, + "source": { + "type": "string", + "description": "The source of this option.", + "enum": [ + "argument", + "file", + "env_variable", + "other" + ] + }, + "value": { + "type": [ + "boolean", + "integer", + "null", + "string" + ], + "description": "The value used for this scan.", + "examples": [ + true, + 2, + null, + "fatal", + "" + ] + } + } + } + }, "analyzer": { "type": "object", "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", @@ -413,7 +469,6 @@ }, "url": { "type": "string", - "format": "uri", "pattern": "^https?://.+", "description": "A link to more information about the analyzer.", "examples": [ @@ -510,7 +565,7 @@ "start_time": { "type": "string", "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", + "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}$", "examples": [ "2020-02-14T16:01:59" ] @@ -531,6 +586,40 @@ "api_fuzzing" ] }, + "primary_identifiers": { + "type": "array", + "description": "An unordered array containing an exhaustive list of primary identifiers for which the analyzer may return results", + "items": { + "type": "object", + "required": [ + "type", + "name", + "value" + ], + "properties": { + "type": { + "type": "string", + "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", + "minLength": 1 + }, + "name": { + "type": "string", + "description": "Human-readable name of the identifier.", + "minLength": 1 + }, + "url": { + "type": "string", + "description": "URL of the identifier's documentation.", + "pattern": "^(https?|ftp)://.+" + }, + "value": { + "type": "string", + "description": "Value of the identifier, for matching purpose.", + "minLength": 1 + } + } + } + }, "scanned_resources": { "type": "array", "description": "The attack surface scanned by DAST.", @@ -576,7 +665,7 @@ "schema": { "type": "string", "description": "URI pointing to the validating security report schema.", - "format": "uri" + "pattern": "^https?://.+" }, "version": { "type": "string", @@ -590,41 +679,29 @@ "type": "object", "description": "Describes the vulnerability using GitLab Flavored Markdown", "required": [ - "category", - "cve", + "id", "identifiers", - "location", - "scanner" + "location" ], "properties": { "id": { "type": "string", + "minLength": 1, "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", "examples": [ "642735a5-1425-428d-8d4e-3c854885a3c9" ] }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, "name": { "type": "string", + "maxLength": 255, "description": "The name of the vulnerability. This must not include the finding's specific information." }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, "description": { "type": "string", + "maxLength": 1048576, "description": "A long text section describing the vulnerability more fully." }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, "severity": { "type": "string", "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", @@ -637,43 +714,11 @@ "Critical" ] }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, "solution": { "type": "string", + "maxLength": 7000, "description": "Explanation of how to fix the vulnerability." }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, "identifiers": { "type": "array", "minItems": 1, @@ -699,7 +744,7 @@ "url": { "type": "string", "description": "URL of the identifier's documentation.", - "format": "uri" + "pattern": "^(https?|ftp)://.+" }, "value": { "type": "string", @@ -725,7 +770,7 @@ "url": { "type": "string", "description": "URL of the vulnerability details document.", - "format": "uri" + "pattern": "^(https?|ftp)://.+" } } } @@ -734,6 +779,7 @@ "$ref": "#/definitions/named_list/properties/items" }, "tracking": { + "type": "object", "description": "Describes how this vulnerability should be tracked as the project changes.", "oneOf": [ { @@ -772,6 +818,7 @@ "minItems": 1, "items": { "description": "A calculated tracking signature value and metadata.", + "type": "object", "required": [ "algorithm", "value" @@ -911,7 +958,6 @@ }, "value": { "type": "string", - "minLength": 1, "description": "Value of the HTTP header.", "examples": [ "*/*", @@ -979,7 +1025,6 @@ }, "value": { "type": "string", - "minLength": 1, "description": "Value of the HTTP header.", "examples": [ "*/*", @@ -1065,7 +1110,6 @@ }, "value": { "type": "string", - "minLength": 1, "description": "Value of the HTTP header.", "examples": [ "*/*", @@ -1133,7 +1177,6 @@ }, "value": { "type": "string", - "minLength": 1, "description": "Value of the HTTP header.", "examples": [ "*/*", @@ -1235,14 +1278,6 @@ } } } - }, - "discovered_at": { - "type": "string", - "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss.sss, representing when the vulnerability was discovered", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}\\.\\d{3}$", - "examples": [ - "2020-01-28T03:26:02.956" - ] } } } @@ -1264,12 +1299,16 @@ "items": { "type": "object", "required": [ - "cve" + "id" ], "properties": { - "cve": { + "id": { "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." + "minLength": 1, + "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", + "examples": [ + "642735a5-1425-428d-8d4e-3c854885a3c9" + ] } } } diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.0/dependency-scanning-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/15.0.6/dependency-scanning-report-format.json index 6f2c3740b09..e4b02362cb1 100644 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.0/dependency-scanning-report-format.json +++ b/lib/gitlab/ci/parsers/security/validators/schemas/15.0.6/dependency-scanning-report-format.json @@ -1,5 +1,6 @@ { "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/raw/master/dist/dependency-scanning-report-format.json", "title": "Report format for GitLab Dependency Scanning", "description": "This schema provides the the report format for Dependency Scanning analyzers (https://docs.gitlab.com/ee/user/application_security/dependency_scanning).", "definitions": { @@ -54,6 +55,7 @@ "properties": { "name": { "$ref": "#/definitions/text_value", + "type": "string", "minLength": 1 }, "description": { @@ -325,10 +327,12 @@ } }, "self": { - "version": "14.1.0" + "version": "15.0.6" }, + "type": "object", "required": [ "dependency_files", + "scan", "version", "vulnerabilities" ], @@ -337,6 +341,7 @@ "scan": { "type": "object", "required": [ + "analyzer", "end_time", "scanner", "start_time", @@ -347,7 +352,7 @@ "end_time": { "type": "string", "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", + "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}$", "examples": [ "2020-01-28T03:26:02" ] @@ -385,6 +390,57 @@ } } }, + "options": { + "type": "array", + "items": { + "type": "object", + "description": "A configuration option used for this scan.", + "required": [ + "name", + "value" + ], + "properties": { + "name": { + "type": "string", + "description": "The configuration option name.", + "maxLength": 255, + "minLength": 1, + "examples": [ + "DAST_FF_ENABLE_BAS", + "DOCKER_TLS_CERTDIR", + "DS_MAX_DEPTH", + "SECURE_LOG_LEVEL" + ] + }, + "source": { + "type": "string", + "description": "The source of this option.", + "enum": [ + "argument", + "file", + "env_variable", + "other" + ] + }, + "value": { + "type": [ + "boolean", + "integer", + "null", + "string" + ], + "description": "The value used for this scan.", + "examples": [ + true, + 2, + null, + "fatal", + "" + ] + } + } + } + }, "analyzer": { "type": "object", "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", @@ -413,7 +469,6 @@ }, "url": { "type": "string", - "format": "uri", "pattern": "^https?://.+", "description": "A link to more information about the analyzer.", "examples": [ @@ -510,7 +565,7 @@ "start_time": { "type": "string", "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", + "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}$", "examples": [ "2020-02-14T16:01:59" ] @@ -529,13 +584,47 @@ "enum": [ "dependency_scanning" ] + }, + "primary_identifiers": { + "type": "array", + "description": "An unordered array containing an exhaustive list of primary identifiers for which the analyzer may return results", + "items": { + "type": "object", + "required": [ + "type", + "name", + "value" + ], + "properties": { + "type": { + "type": "string", + "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", + "minLength": 1 + }, + "name": { + "type": "string", + "description": "Human-readable name of the identifier.", + "minLength": 1 + }, + "url": { + "type": "string", + "description": "URL of the identifier's documentation.", + "pattern": "^(https?|ftp)://.+" + }, + "value": { + "type": "string", + "description": "Value of the identifier, for matching purpose.", + "minLength": 1 + } + } + } } } }, "schema": { "type": "string", "description": "URI pointing to the validating security report schema.", - "format": "uri" + "pattern": "^https?://.+" }, "version": { "type": "string", @@ -549,41 +638,29 @@ "type": "object", "description": "Describes the vulnerability using GitLab Flavored Markdown", "required": [ - "category", - "cve", + "id", "identifiers", - "location", - "scanner" + "location" ], "properties": { "id": { "type": "string", + "minLength": 1, "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", "examples": [ "642735a5-1425-428d-8d4e-3c854885a3c9" ] }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, "name": { "type": "string", + "maxLength": 255, "description": "The name of the vulnerability. This must not include the finding's specific information." }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, "description": { "type": "string", + "maxLength": 1048576, "description": "A long text section describing the vulnerability more fully." }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, "severity": { "type": "string", "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", @@ -596,43 +673,11 @@ "Critical" ] }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, "solution": { "type": "string", + "maxLength": 7000, "description": "Explanation of how to fix the vulnerability." }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, "identifiers": { "type": "array", "minItems": 1, @@ -658,7 +703,7 @@ "url": { "type": "string", "description": "URL of the identifier's documentation.", - "format": "uri" + "pattern": "^(https?|ftp)://.+" }, "value": { "type": "string", @@ -684,7 +729,7 @@ "url": { "type": "string", "description": "URL of the vulnerability details document.", - "format": "uri" + "pattern": "^(https?|ftp)://.+" } } } @@ -693,6 +738,7 @@ "$ref": "#/definitions/named_list/properties/items" }, "tracking": { + "type": "object", "description": "Describes how this vulnerability should be tracked as the project changes.", "oneOf": [ { @@ -731,6 +777,7 @@ "minItems": 1, "items": { "description": "A calculated tracking signature value and metadata.", + "type": "object", "required": [ "algorithm", "value" @@ -809,10 +856,17 @@ "dependency": { "type": "object", "description": "Describes the dependency of a project where the vulnerability is located.", + "required": [ + "package", + "version" + ], "properties": { "package": { "type": "object", "description": "Provides information on the package where the vulnerability is located.", + "required": [ + "name" + ], "properties": { "name": { "type": "string", @@ -872,12 +926,16 @@ "items": { "type": "object", "required": [ - "cve" + "id" ], "properties": { - "cve": { + "id": { "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." + "minLength": 1, + "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", + "examples": [ + "642735a5-1425-428d-8d4e-3c854885a3c9" + ] } } } @@ -919,10 +977,17 @@ "items": { "type": "object", "description": "Describes the dependency of a project where the vulnerability is located.", + "required": [ + "package", + "version" + ], "properties": { "package": { "type": "object", "description": "Provides information on the package where the vulnerability is located.", + "required": [ + "name" + ], "properties": { "name": { "type": "string", diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.0/sast-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/15.0.6/sast-report-format.json index 5c7f636e169..e4cb5fb2985 100644 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.0/sast-report-format.json +++ b/lib/gitlab/ci/parsers/security/validators/schemas/15.0.6/sast-report-format.json @@ -1,5 +1,6 @@ { "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/raw/master/dist/sast-report-format.json", "title": "Report format for GitLab SAST", "description": "This schema provides the report format for Static Application Security Testing analyzers (https://docs.gitlab.com/ee/user/application_security/sast).", "definitions": { @@ -54,6 +55,7 @@ "properties": { "name": { "$ref": "#/definitions/text_value", + "type": "string", "minLength": 1 }, "description": { @@ -325,9 +327,11 @@ } }, "self": { - "version": "14.1.0" + "version": "15.0.6" }, + "type": "object", "required": [ + "scan", "version", "vulnerabilities" ], @@ -336,6 +340,7 @@ "scan": { "type": "object", "required": [ + "analyzer", "end_time", "scanner", "start_time", @@ -346,7 +351,7 @@ "end_time": { "type": "string", "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", + "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}$", "examples": [ "2020-01-28T03:26:02" ] @@ -384,6 +389,57 @@ } } }, + "options": { + "type": "array", + "items": { + "type": "object", + "description": "A configuration option used for this scan.", + "required": [ + "name", + "value" + ], + "properties": { + "name": { + "type": "string", + "description": "The configuration option name.", + "maxLength": 255, + "minLength": 1, + "examples": [ + "DAST_FF_ENABLE_BAS", + "DOCKER_TLS_CERTDIR", + "DS_MAX_DEPTH", + "SECURE_LOG_LEVEL" + ] + }, + "source": { + "type": "string", + "description": "The source of this option.", + "enum": [ + "argument", + "file", + "env_variable", + "other" + ] + }, + "value": { + "type": [ + "boolean", + "integer", + "null", + "string" + ], + "description": "The value used for this scan.", + "examples": [ + true, + 2, + null, + "fatal", + "" + ] + } + } + } + }, "analyzer": { "type": "object", "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", @@ -412,7 +468,6 @@ }, "url": { "type": "string", - "format": "uri", "pattern": "^https?://.+", "description": "A link to more information about the analyzer.", "examples": [ @@ -509,7 +564,7 @@ "start_time": { "type": "string", "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", + "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}$", "examples": [ "2020-02-14T16:01:59" ] @@ -528,13 +583,47 @@ "enum": [ "sast" ] + }, + "primary_identifiers": { + "type": "array", + "description": "An unordered array containing an exhaustive list of primary identifiers for which the analyzer may return results", + "items": { + "type": "object", + "required": [ + "type", + "name", + "value" + ], + "properties": { + "type": { + "type": "string", + "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", + "minLength": 1 + }, + "name": { + "type": "string", + "description": "Human-readable name of the identifier.", + "minLength": 1 + }, + "url": { + "type": "string", + "description": "URL of the identifier's documentation.", + "pattern": "^(https?|ftp)://.+" + }, + "value": { + "type": "string", + "description": "Value of the identifier, for matching purpose.", + "minLength": 1 + } + } + } } } }, "schema": { "type": "string", "description": "URI pointing to the validating security report schema.", - "format": "uri" + "pattern": "^https?://.+" }, "version": { "type": "string", @@ -548,41 +637,29 @@ "type": "object", "description": "Describes the vulnerability using GitLab Flavored Markdown", "required": [ - "category", - "cve", + "id", "identifiers", - "location", - "scanner" + "location" ], "properties": { "id": { "type": "string", + "minLength": 1, "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", "examples": [ "642735a5-1425-428d-8d4e-3c854885a3c9" ] }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, "name": { "type": "string", + "maxLength": 255, "description": "The name of the vulnerability. This must not include the finding's specific information." }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, "description": { "type": "string", + "maxLength": 1048576, "description": "A long text section describing the vulnerability more fully." }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, "severity": { "type": "string", "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", @@ -595,43 +672,11 @@ "Critical" ] }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, "solution": { "type": "string", + "maxLength": 7000, "description": "Explanation of how to fix the vulnerability." }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, "identifiers": { "type": "array", "minItems": 1, @@ -657,7 +702,7 @@ "url": { "type": "string", "description": "URL of the identifier's documentation.", - "format": "uri" + "pattern": "^(https?|ftp)://.+" }, "value": { "type": "string", @@ -683,7 +728,7 @@ "url": { "type": "string", "description": "URL of the vulnerability details document.", - "format": "uri" + "pattern": "^(https?|ftp)://.+" } } } @@ -692,6 +737,7 @@ "$ref": "#/definitions/named_list/properties/items" }, "tracking": { + "type": "object", "description": "Describes how this vulnerability should be tracked as the project changes.", "oneOf": [ { @@ -730,6 +776,7 @@ "minItems": 1, "items": { "description": "A calculated tracking signature value and metadata.", + "type": "object", "required": [ "algorithm", "value" @@ -842,12 +889,16 @@ "items": { "type": "object", "required": [ - "cve" + "id" ], "properties": { - "cve": { + "id": { "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." + "minLength": 1, + "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", + "examples": [ + "642735a5-1425-428d-8d4e-3c854885a3c9" + ] } } } diff --git a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.0/secret-detection-report-format.json b/lib/gitlab/ci/parsers/security/validators/schemas/15.0.6/secret-detection-report-format.json index a87388c45e7..5eb52b11efe 100644 --- a/lib/gitlab/ci/parsers/security/validators/schemas/14.1.0/secret-detection-report-format.json +++ b/lib/gitlab/ci/parsers/security/validators/schemas/15.0.6/secret-detection-report-format.json @@ -1,5 +1,6 @@ { "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/raw/master/dist/secret-detection-report-format.json", "title": "Report format for GitLab Secret Detection", "description": "This schema provides the the report format for the Secret Detection analyzer (https://docs.gitlab.com/ee/user/application_security/secret_detection)", "definitions": { @@ -54,6 +55,7 @@ "properties": { "name": { "$ref": "#/definitions/text_value", + "type": "string", "minLength": 1 }, "description": { @@ -325,9 +327,11 @@ } }, "self": { - "version": "14.1.0" + "version": "15.0.6" }, + "type": "object", "required": [ + "scan", "version", "vulnerabilities" ], @@ -336,6 +340,7 @@ "scan": { "type": "object", "required": [ + "analyzer", "end_time", "scanner", "start_time", @@ -346,7 +351,7 @@ "end_time": { "type": "string", "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan finished.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", + "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}$", "examples": [ "2020-01-28T03:26:02" ] @@ -384,6 +389,57 @@ } } }, + "options": { + "type": "array", + "items": { + "type": "object", + "description": "A configuration option used for this scan.", + "required": [ + "name", + "value" + ], + "properties": { + "name": { + "type": "string", + "description": "The configuration option name.", + "maxLength": 255, + "minLength": 1, + "examples": [ + "DAST_FF_ENABLE_BAS", + "DOCKER_TLS_CERTDIR", + "DS_MAX_DEPTH", + "SECURE_LOG_LEVEL" + ] + }, + "source": { + "type": "string", + "description": "The source of this option.", + "enum": [ + "argument", + "file", + "env_variable", + "other" + ] + }, + "value": { + "type": [ + "boolean", + "integer", + "null", + "string" + ], + "description": "The value used for this scan.", + "examples": [ + true, + 2, + null, + "fatal", + "" + ] + } + } + } + }, "analyzer": { "type": "object", "description": "Object defining the analyzer used to perform the scan. Analyzers typically delegate to an underlying scanner to run the scan.", @@ -412,7 +468,6 @@ }, "url": { "type": "string", - "format": "uri", "pattern": "^https?://.+", "description": "A link to more information about the analyzer.", "examples": [ @@ -509,7 +564,7 @@ "start_time": { "type": "string", "description": "ISO8601 UTC value with format yyyy-mm-ddThh:mm:ss, representing when the scan started.", - "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}\\:\\d{2}\\:\\d{2}$", + "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}$", "examples": [ "2020-02-14T16:01:59" ] @@ -528,13 +583,47 @@ "enum": [ "secret_detection" ] + }, + "primary_identifiers": { + "type": "array", + "description": "An unordered array containing an exhaustive list of primary identifiers for which the analyzer may return results", + "items": { + "type": "object", + "required": [ + "type", + "name", + "value" + ], + "properties": { + "type": { + "type": "string", + "description": "for example, cve, cwe, osvdb, usn, or an analyzer-dependent type such as gemnasium).", + "minLength": 1 + }, + "name": { + "type": "string", + "description": "Human-readable name of the identifier.", + "minLength": 1 + }, + "url": { + "type": "string", + "description": "URL of the identifier's documentation.", + "pattern": "^(https?|ftp)://.+" + }, + "value": { + "type": "string", + "description": "Value of the identifier, for matching purpose.", + "minLength": 1 + } + } + } } } }, "schema": { "type": "string", "description": "URI pointing to the validating security report schema.", - "format": "uri" + "pattern": "^https?://.+" }, "version": { "type": "string", @@ -548,41 +637,29 @@ "type": "object", "description": "Describes the vulnerability using GitLab Flavored Markdown", "required": [ - "category", - "cve", + "id", "identifiers", - "location", - "scanner" + "location" ], "properties": { "id": { "type": "string", + "minLength": 1, "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", "examples": [ "642735a5-1425-428d-8d4e-3c854885a3c9" ] }, - "category": { - "type": "string", - "minLength": 1, - "description": "Describes where this vulnerability belongs (for example, SAST, Dependency Scanning, and so on)." - }, "name": { "type": "string", + "maxLength": 255, "description": "The name of the vulnerability. This must not include the finding's specific information." }, - "message": { - "type": "string", - "description": "A short text section that describes the vulnerability. This may include the finding's specific information." - }, "description": { "type": "string", + "maxLength": 1048576, "description": "A long text section describing the vulnerability more fully." }, - "cve": { - "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." - }, "severity": { "type": "string", "description": "How much the vulnerability impacts the software. Possible values are Info, Unknown, Low, Medium, High, or Critical. Note that some analyzers may not report all these possible values.", @@ -595,43 +672,11 @@ "Critical" ] }, - "confidence": { - "type": "string", - "description": "How reliable the vulnerability's assessment is. Possible values are Ignore, Unknown, Experimental, Low, Medium, High, and Confirmed. Note that some analyzers may not report all these possible values.", - "enum": [ - "Ignore", - "Unknown", - "Experimental", - "Low", - "Medium", - "High", - "Confirmed" - ] - }, "solution": { "type": "string", + "maxLength": 7000, "description": "Explanation of how to fix the vulnerability." }, - "scanner": { - "description": "Describes the scanner used to find this vulnerability.", - "type": "object", - "required": [ - "id", - "name" - ], - "properties": { - "id": { - "type": "string", - "minLength": 1, - "description": "The scanner's ID, as a snake_case string." - }, - "name": { - "type": "string", - "minLength": 1, - "description": "Human-readable name of the scanner." - } - } - }, "identifiers": { "type": "array", "minItems": 1, @@ -657,7 +702,7 @@ "url": { "type": "string", "description": "URL of the identifier's documentation.", - "format": "uri" + "pattern": "^(https?|ftp)://.+" }, "value": { "type": "string", @@ -683,7 +728,7 @@ "url": { "type": "string", "description": "URL of the vulnerability details document.", - "format": "uri" + "pattern": "^(https?|ftp)://.+" } } } @@ -692,6 +737,7 @@ "$ref": "#/definitions/named_list/properties/items" }, "tracking": { + "type": "object", "description": "Describes how this vulnerability should be tracked as the project changes.", "oneOf": [ { @@ -730,6 +776,7 @@ "minItems": 1, "items": { "description": "A calculated tracking signature value and metadata.", + "type": "object", "required": [ "algorithm", "value" @@ -796,6 +843,7 @@ "required": [ "commit" ], + "type": "object", "properties": { "file": { "type": "string", @@ -865,12 +913,16 @@ "items": { "type": "object", "required": [ - "cve" + "id" ], "properties": { - "cve": { + "id": { "type": "string", - "description": "(Deprecated - use vulnerabilities[].id instead) A fingerprint string value that represents a concrete finding. This is used to determine whether two findings are same, which may not be 100% accurate. Note that this is NOT a CVE as described by https://cve.mitre.org/." + "minLength": 1, + "description": "Unique identifier of the vulnerability. This is recommended to be a UUID.", + "examples": [ + "642735a5-1425-428d-8d4e-3c854885a3c9" + ] } } } diff --git a/lib/gitlab/ci/pipeline/chain/command.rb b/lib/gitlab/ci/pipeline/chain/command.rb index d2dc712e366..4bc2f6c7be7 100644 --- a/lib/gitlab/ci/pipeline/chain/command.rb +++ b/lib/gitlab/ci/pipeline/chain/command.rb @@ -13,7 +13,8 @@ module Gitlab :seeds_block, :variables_attributes, :push_options, :chat_data, :allow_mirror_update, :bridge, :content, :dry_run, :logger, # These attributes are set by Chains during processing: - :config_content, :yaml_processor_result, :workflow_rules_result, :pipeline_seed + :config_content, :yaml_processor_result, :workflow_rules_result, :pipeline_seed, + :pipeline_config ) do include Gitlab::Utils::StrongMemoize diff --git a/lib/gitlab/ci/pipeline/chain/config/content.rb b/lib/gitlab/ci/pipeline/chain/config/content.rb index d41213ef6dd..779aac7d520 100644 --- a/lib/gitlab/ci/pipeline/chain/config/content.rb +++ b/lib/gitlab/ci/pipeline/chain/config/content.rb @@ -14,6 +14,7 @@ module Gitlab @pipeline.build_pipeline_config(content: pipeline_config.content) @command.config_content = pipeline_config.content @pipeline.config_source = pipeline_config.source + @command.pipeline_config = pipeline_config else error('Missing CI config file') end diff --git a/lib/gitlab/ci/pipeline/chain/config/process.rb b/lib/gitlab/ci/pipeline/chain/config/process.rb index ad6b2fd3411..4976e075727 100644 --- a/lib/gitlab/ci/pipeline/chain/config/process.rb +++ b/lib/gitlab/ci/pipeline/chain/config/process.rb @@ -20,6 +20,7 @@ module Gitlab source: @pipeline.source, user: current_user, parent_pipeline: parent_pipeline, + pipeline_config: @command.pipeline_config, logger: logger } ) diff --git a/lib/gitlab/ci/pipeline/chain/limit/activity.rb b/lib/gitlab/ci/pipeline/chain/limit/activity.rb deleted file mode 100644 index ef9235477db..00000000000 --- a/lib/gitlab/ci/pipeline/chain/limit/activity.rb +++ /dev/null @@ -1,23 +0,0 @@ -# frozen_string_literal: true - -module Gitlab - module Ci - module Pipeline - module Chain - module Limit - class Activity < Chain::Base - def perform! - # to be overridden in EE - end - - def break? - false # to be overridden in EE - end - end - end - end - end - end -end - -Gitlab::Ci::Pipeline::Chain::Limit::Activity.prepend_mod_with('Gitlab::Ci::Pipeline::Chain::Limit::Activity') diff --git a/lib/gitlab/ci/pipeline/duration.rb b/lib/gitlab/ci/pipeline/duration.rb index e8a991026b5..573d4c25b91 100644 --- a/lib/gitlab/ci/pipeline/duration.rb +++ b/lib/gitlab/ci/pipeline/duration.rb @@ -82,6 +82,8 @@ module Gitlab module Duration extend self + STATUSES = %w[success failed running canceled].freeze + Period = Struct.new(:first, :last) do def duration last - first @@ -90,14 +92,15 @@ module Gitlab # rubocop: disable CodeReuse/ActiveRecord def from_pipeline(pipeline) - status = %w[success failed running canceled] - builds = pipeline.processables.latest - .where(status: status).where.not(started_at: nil).order(:started_at) + builds = + self_and_downstreams_builds_of_pipeline(pipeline) from_builds(builds) end # rubocop: enable CodeReuse/ActiveRecord + private + def from_builds(builds) now = Time.now @@ -113,8 +116,6 @@ module Gitlab process_duration(process_periods(periods)) end - private - def process_periods(periods) return periods if periods.empty? @@ -139,6 +140,20 @@ module Gitlab end # rubocop: disable CodeReuse/ActiveRecord + def self_and_downstreams_builds_of_pipeline(pipeline) + ::Ci::Build + .select(:id, :type, :started_at, :finished_at) + .in_pipelines( + pipeline.self_and_downstreams.select(:id) + ) + .with_status(STATUSES) + .latest + .where.not(started_at: nil) + .order(:started_at) + end + # rubocop: enable CodeReuse/ActiveRecord + + # rubocop: disable CodeReuse/ActiveRecord def process_duration(periods) periods.sum(&:duration) end diff --git a/lib/gitlab/ci/pipeline/seed/build.rb b/lib/gitlab/ci/pipeline/seed/build.rb index 484e18c6979..98f488d0f38 100644 --- a/lib/gitlab/ci/pipeline/seed/build.rb +++ b/lib/gitlab/ci/pipeline/seed/build.rb @@ -123,6 +123,7 @@ module Gitlab end @needs_attributes.flat_map do |need| + # We ignore the optional needed job in case it is excluded from the pipeline due to the job's rules. next if need[:optional] result = need_present?(need) diff --git a/lib/gitlab/ci/pipeline/seed/build/cache.rb b/lib/gitlab/ci/pipeline/seed/build/cache.rb index 409b6658cc0..936344b9ae8 100644 --- a/lib/gitlab/ci/pipeline/seed/build/cache.rb +++ b/lib/gitlab/ci/pipeline/seed/build/cache.rb @@ -16,6 +16,7 @@ module Gitlab @when = local_cache.delete(:when) @unprotect = local_cache.delete(:unprotect) @custom_key_prefix = custom_key_prefix + @fallback_keys = local_cache.delete(:fallback_keys) raise ArgumentError, "unknown cache keys: #{local_cache.keys}" if local_cache.any? end @@ -27,7 +28,8 @@ module Gitlab policy: @policy, untracked: @untracked, when: @when, - unprotect: @unprotect + unprotect: @unprotect, + fallback_keys: @fallback_keys }.compact end diff --git a/lib/gitlab/ci/project_config.rb b/lib/gitlab/ci/project_config.rb index ded6877ef29..00b2ad58428 100644 --- a/lib/gitlab/ci/project_config.rb +++ b/lib/gitlab/ci/project_config.rb @@ -26,6 +26,7 @@ module Gitlab end delegate :content, :source, to: :@config, allow_nil: true + delegate :internal_include_prepended?, to: :@config def exists? !!@config&.exists? diff --git a/lib/gitlab/ci/project_config/auto_devops.rb b/lib/gitlab/ci/project_config/auto_devops.rb index c6905f480a2..c5f010ebaea 100644 --- a/lib/gitlab/ci/project_config/auto_devops.rb +++ b/lib/gitlab/ci/project_config/auto_devops.rb @@ -13,6 +13,10 @@ module Gitlab end end + def internal_include_prepended? + true + end + def source :auto_devops_source end diff --git a/lib/gitlab/ci/project_config/external_project.rb b/lib/gitlab/ci/project_config/external_project.rb index 0ed5d6fa226..0afdab23886 100644 --- a/lib/gitlab/ci/project_config/external_project.rb +++ b/lib/gitlab/ci/project_config/external_project.rb @@ -17,6 +17,10 @@ module Gitlab end end + def internal_include_prepended? + true + end + def source :external_project_source end diff --git a/lib/gitlab/ci/project_config/remote.rb b/lib/gitlab/ci/project_config/remote.rb index cf1292706d2..19cbf8e9c1e 100644 --- a/lib/gitlab/ci/project_config/remote.rb +++ b/lib/gitlab/ci/project_config/remote.rb @@ -12,6 +12,10 @@ module Gitlab end end + def internal_include_prepended? + true + end + def source :remote_source end diff --git a/lib/gitlab/ci/project_config/repository.rb b/lib/gitlab/ci/project_config/repository.rb index 435ad4d42fe..272425fd546 100644 --- a/lib/gitlab/ci/project_config/repository.rb +++ b/lib/gitlab/ci/project_config/repository.rb @@ -12,6 +12,10 @@ module Gitlab end end + def internal_include_prepended? + true + end + def source :repository_source end diff --git a/lib/gitlab/ci/project_config/source.rb b/lib/gitlab/ci/project_config/source.rb index ebe5728163b..9a4a6394fa1 100644 --- a/lib/gitlab/ci/project_config/source.rb +++ b/lib/gitlab/ci/project_config/source.rb @@ -24,6 +24,11 @@ module Gitlab raise NotImplementedError end + # Indicates if we are prepending the content with an "internal" `include` + def internal_include_prepended? + false + end + def source raise NotImplementedError end diff --git a/lib/gitlab/ci/reports/security/finding.rb b/lib/gitlab/ci/reports/security/finding.rb index 92a91854358..bf48c7d0bb7 100644 --- a/lib/gitlab/ci/reports/security/finding.rb +++ b/lib/gitlab/ci/reports/security/finding.rb @@ -29,12 +29,13 @@ module Gitlab attr_reader :signatures attr_reader :project_id attr_reader :original_data + attr_reader :found_by_pipeline delegate :file_path, :start_line, :end_line, to: :location alias_method :cve, :compare_key - def initialize(compare_key:, identifiers:, flags: [], links: [], remediations: [], location:, evidence:, metadata_version:, name:, original_data:, report_type:, scanner:, scan:, uuid:, confidence: nil, severity: nil, details: {}, signatures: [], project_id: nil, vulnerability_finding_signatures_enabled: false) # rubocop:disable Metrics/ParameterLists + def initialize(compare_key:, identifiers:, flags: [], links: [], remediations: [], location:, evidence:, metadata_version:, name:, original_data:, report_type:, scanner:, scan:, uuid:, confidence: nil, severity: nil, details: {}, signatures: [], project_id: nil, vulnerability_finding_signatures_enabled: false, found_by_pipeline: nil) # rubocop:disable Metrics/ParameterLists @compare_key = compare_key @confidence = confidence @identifiers = identifiers @@ -55,6 +56,7 @@ module Gitlab @signatures = signatures @project_id = project_id @vulnerability_finding_signatures_enabled = vulnerability_finding_signatures_enabled + @found_by_pipeline = found_by_pipeline @project_fingerprint = generate_project_fingerprint end @@ -188,6 +190,10 @@ module Gitlab original_data['assets'] || [] end + def raw_source_code_extract + original_data['raw_source_code_extract'] + end + # Returns either the max priority signature hex # or the location fingerprint def location_fingerprint diff --git a/lib/gitlab/ci/reports/security/report.rb b/lib/gitlab/ci/reports/security/report.rb index 54b21da5436..2287c397c2b 100644 --- a/lib/gitlab/ci/reports/security/report.rb +++ b/lib/gitlab/ci/reports/security/report.rb @@ -5,8 +5,9 @@ module Gitlab module Reports module Security class Report - attr_reader :created_at, :type, :pipeline, :findings, :scanners, :identifiers - attr_accessor :scan, :scanned_resources, :errors, :analyzer, :version, :schema_validation_status, :warnings + attr_reader :created_at, :type, :findings, :scanners, :identifiers + attr_accessor :scan, :pipeline, :scanned_resources, :errors, + :analyzer, :version, :schema_validation_status, :warnings delegate :project_id, to: :pipeline delegate :project, to: :pipeline diff --git a/lib/gitlab/ci/reports/security/vulnerability_reports_comparer.rb b/lib/gitlab/ci/reports/security/vulnerability_reports_comparer.rb deleted file mode 100644 index 4be4cf62e7b..00000000000 --- a/lib/gitlab/ci/reports/security/vulnerability_reports_comparer.rb +++ /dev/null @@ -1,165 +0,0 @@ -# frozen_string_literal: true - -module Gitlab - module Ci - module Reports - module Security - class VulnerabilityReportsComparer - include Gitlab::Utils::StrongMemoize - - attr_reader :base_report, :head_report - - ACCEPTABLE_REPORT_AGE = 1.week - - def initialize(project, base_report, head_report) - @base_report = base_report - @head_report = head_report - - @signatures_enabled = project.licensed_feature_available?(:vulnerability_finding_signatures) - - if @signatures_enabled - @added_findings = [] - @fixed_findings = [] - calculate_changes - end - end - - def base_report_created_at - @base_report.created_at - end - - def head_report_created_at - @head_report.created_at - end - - def base_report_out_of_date - return false unless @base_report.created_at - - ACCEPTABLE_REPORT_AGE.ago > @base_report.created_at - end - - def added - strong_memoize(:added) do - if @signatures_enabled - @added_findings - else - head_report.findings - base_report.findings - end - end - end - - def fixed - strong_memoize(:fixed) do - if @signatures_enabled - @fixed_findings - else - base_report.findings - head_report.findings - end - end - end - - private - - def calculate_changes - # This is a deconstructed version of the eql? method on - # Ci::Reports::Security::Finding. It: - # - # * precomputes for the head_findings (using FindingMatcher): - # * sets of signature shas grouped by priority - # * mappings of signature shas to the head finding object - # - # These are then used when iterating the base findings to perform - # fast(er) prioritized, signature-based comparisons between each base finding - # and the head findings. - # - # Both the head_findings and base_findings arrays are iterated once - - base_findings = base_report.findings - head_findings = head_report.findings - - matcher = FindingMatcher.new(head_findings) - - base_findings.each do |base_finding| - next if base_finding.requires_manual_resolution? - - matched_head_finding = matcher.find_and_remove_match!(base_finding) - - @fixed_findings << base_finding if matched_head_finding.nil? - end - - @added_findings = matcher.unmatched_head_findings.values - end - end - - class FindingMatcher - attr_reader :unmatched_head_findings, :head_findings - - include Gitlab::Utils::StrongMemoize - - def initialize(head_findings) - @head_findings = head_findings - @unmatched_head_findings = @head_findings.index_by(&:object_id) - end - - def find_and_remove_match!(base_finding) - matched_head_finding = find_matched_head_finding_for(base_finding) - - # no signatures matched, so check the normal uuids of the base and head findings - # for a match - matched_head_finding = head_signatures_shas[base_finding.uuid] if matched_head_finding.nil? - - @unmatched_head_findings.delete(matched_head_finding.object_id) unless matched_head_finding.nil? - - matched_head_finding - end - - private - - def find_matched_head_finding_for(base_finding) - base_signature = sorted_signatures_for(base_finding).find do |signature| - # at this point a head_finding exists that has a signature with a - # matching priority, and a matching sha --> lookup the actual finding - # object from head_signatures_shas - head_signatures_shas[signature.signature_sha].eql?(base_finding) - end - - base_signature.present? ? head_signatures_shas[base_signature.signature_sha] : nil - end - - def sorted_signatures_for(base_finding) - base_finding.signatures.select { |signature| head_finding_signature?(signature) } - .sort_by { |sig| -sig.priority } - end - - def head_finding_signature?(signature) - head_signatures_priorities[signature.priority].include?(signature.signature_sha) - end - - def head_signatures_priorities - strong_memoize(:head_signatures_priorities) do - signatures_priorities = Hash.new { |hash, key| hash[key] = Set.new } - - head_findings.each_with_object(signatures_priorities) do |head_finding, memo| - head_finding.signatures.each do |signature| - memo[signature.priority].add(signature.signature_sha) - end - end - end - end - - def head_signatures_shas - strong_memoize(:head_signatures_shas) do - head_findings.each_with_object({}) do |head_finding, memo| - head_finding.signatures.each do |signature| - memo[signature.signature_sha] = head_finding - end - # for the final uuid check when no signatures have matched - memo[head_finding.uuid] = head_finding - end - end - end - end - end - end - end -end diff --git a/lib/gitlab/ci/resource_groups/logger.rb b/lib/gitlab/ci/resource_groups/logger.rb new file mode 100644 index 00000000000..9c93ee95bc7 --- /dev/null +++ b/lib/gitlab/ci/resource_groups/logger.rb @@ -0,0 +1,13 @@ +# frozen_string_literal: true + +module Gitlab + module Ci + module ResourceGroups + class Logger < ::Gitlab::JsonLogger + def self.file_name_noext + 'ci_resource_groups_json' + end + end + end + end +end diff --git a/lib/gitlab/ci/runner_releases.rb b/lib/gitlab/ci/runner_releases.rb index dab24bfd501..a27dd3896e1 100644 --- a/lib/gitlab/ci/runner_releases.rb +++ b/lib/gitlab/ci/runner_releases.rb @@ -15,9 +15,14 @@ module Gitlab reset_backoff! end + def enabled? + ::Gitlab::CurrentSettings.current_application_settings.update_runner_versions_enabled? + end + # Returns a sorted list of the publicly available GitLab Runner releases # def releases + return unless enabled? return if backoff_active? Rails.cache.fetch( diff --git a/lib/gitlab/ci/secure_files/cer.rb b/lib/gitlab/ci/secure_files/cer.rb index 45d2898c29b..3340afa8f2a 100644 --- a/lib/gitlab/ci/secure_files/cer.rb +++ b/lib/gitlab/ci/secure_files/cer.rb @@ -36,7 +36,7 @@ module Gitlab private def expires_at - certificate_data.not_before + certificate_data.not_after end def id diff --git a/lib/gitlab/ci/secure_files/p12.rb b/lib/gitlab/ci/secure_files/p12.rb index 1006a4d05b2..04cd4243bb0 100644 --- a/lib/gitlab/ci/secure_files/p12.rb +++ b/lib/gitlab/ci/secure_files/p12.rb @@ -36,7 +36,7 @@ module Gitlab private def expires_at - certificate_data.not_before + certificate_data.not_after end def serial diff --git a/lib/gitlab/ci/status/build/erased.rb b/lib/gitlab/ci/status/build/erased.rb index d74cfc1ee77..c3430b8cc1c 100644 --- a/lib/gitlab/ci/status/build/erased.rb +++ b/lib/gitlab/ci/status/build/erased.rb @@ -7,8 +7,8 @@ module Gitlab class Erased < Status::Extended def illustration { - image: 'illustrations/erased-log_empty.svg', - size: 'svg-430', + image: 'illustrations/empty-state/empty-projects-deleted-md.svg', + size: 'svg-150', title: _('Job has been erased') } end diff --git a/lib/gitlab/ci/status/build/factory.rb b/lib/gitlab/ci/status/build/factory.rb index a4434e2c144..54f6784b847 100644 --- a/lib/gitlab/ci/status/build/factory.rb +++ b/lib/gitlab/ci/status/build/factory.rb @@ -11,12 +11,12 @@ module Gitlab Status::Build::Manual, Status::Build::Canceled, Status::Build::Created, - Status::Build::WaitingForResource, Status::Build::Preparing, Status::Build::Pending, Status::Build::Skipped, Status::Build::WaitingForApproval], - [Status::Build::Cancelable, + [Status::Build::WaitingForResource, + Status::Build::Cancelable, Status::Build::Retryable], [Status::Build::FailedUnmetPrerequisites, Status::Build::Failed], diff --git a/lib/gitlab/ci/status/composite.rb b/lib/gitlab/ci/status/composite.rb index e854164d377..1ba78b357e5 100644 --- a/lib/gitlab/ci/status/composite.rb +++ b/lib/gitlab/ci/status/composite.rb @@ -7,17 +7,19 @@ module Gitlab include Gitlab::Utils::StrongMemoize # This class accepts an array of arrays/hashes/or objects - def initialize(all_statuses, with_allow_failure: true, dag: false) - unless all_statuses.respond_to?(:pluck) - raise ArgumentError, "all_statuses needs to respond to `.pluck`" + # `with_allow_failure` will be removed when deleting ci_remove_ensure_stage_service + def initialize(all_jobs, with_allow_failure: true, dag: false, project: nil) + unless all_jobs.respond_to?(:pluck) + raise ArgumentError, "all_jobs needs to respond to `.pluck`" end @status_set = Set.new @status_key = 0 @allow_failure_key = 1 if with_allow_failure @dag = dag + @project = project - consume_all_statuses(all_statuses) + consume_all_jobs(all_jobs) end # The status calculation is order dependent, @@ -26,6 +28,14 @@ module Gitlab # 2. In other cases we assume that status is of that type # based on what statuses are no longer valid based on the # data set that we have + # + # This method is used for three cases: + # 1. When it is called for a stage or a pipeline (with `all_jobs` from all jobs in a stage or a pipeline), + # then, the returned status is assigned to the stage or pipeline. + # 2. When it is called for a job (with `all_jobs` from all previous jobs or all needed jobs), + # then, the returned status is used to determine if the job is processed or not. + # 3. When it is called for a group (of jobs that are related), + # then, the returned status is used to show the overall status of the group. # rubocop: disable Metrics/CyclomaticComplexity # rubocop: disable Metrics/PerceivedComplexity def status @@ -35,9 +45,6 @@ module Gitlab if @dag && any_skipped_or_ignored? # The DAG job is skipped if one of the needs does not run at all. 'skipped' - elsif @dag && !only_of?(:success, :failed, :canceled, :skipped, :success_with_warnings) - # DAG is blocked from executing if a dependent is not "complete" - 'pending' elsif only_of?(:skipped, :ignored) 'skipped' elsif only_of?(:success, :skipped, :success_with_warnings, :ignored) @@ -94,42 +101,41 @@ module Gitlab any_of?(:skipped) || any_of?(:ignored) end - def consume_all_statuses(all_statuses) + def consume_all_jobs(all_jobs) columns = [] columns[@status_key] = :status columns[@allow_failure_key] = :allow_failure if @allow_failure_key - all_statuses + all_jobs .pluck(*columns) # rubocop: disable CodeReuse/ActiveRecord - .each(&method(:consume_status)) + .each do |job_attrs| + consume_job_status(Array.wrap(job_attrs)) + end end - def consume_status(description) - # convert `"status"` into `["status"]` - description = Array(description) - - status = - if success_with_warnings?(description) + def consume_job_status(job_attrs) + status_result = + if success_with_warnings?(job_attrs) :success_with_warnings - elsif ignored_status?(description) + elsif ignored_status?(job_attrs) :ignored else - description[@status_key].to_sym + job_attrs[@status_key].to_sym end - @status_set.add(status) + @status_set.add(status_result) end - def success_with_warnings?(status) + def success_with_warnings?(job_attrs) @allow_failure_key && - status[@allow_failure_key] && - ::Ci::HasStatus::PASSED_WITH_WARNINGS_STATUSES.include?(status[@status_key]) + job_attrs[@allow_failure_key] && + ::Ci::HasStatus::PASSED_WITH_WARNINGS_STATUSES.include?(job_attrs[@status_key]) end - def ignored_status?(status) + def ignored_status?(job_attrs) @allow_failure_key && - status[@allow_failure_key] && - ::Ci::HasStatus::EXCLUDE_IGNORED_STATUSES.include?(status[@status_key]) + job_attrs[@allow_failure_key] && + ::Ci::HasStatus::IGNORED_STATUSES.include?(job_attrs[@status_key]) end end end diff --git a/lib/gitlab/ci/status/processable/waiting_for_resource.rb b/lib/gitlab/ci/status/processable/waiting_for_resource.rb index c9b1dd795d0..ac82c99b5f1 100644 --- a/lib/gitlab/ci/status/processable/waiting_for_resource.rb +++ b/lib/gitlab/ci/status/processable/waiting_for_resource.rb @@ -17,9 +17,39 @@ module Gitlab } end + def has_action? + current_processable.present? + end + + def action_icon + nil + end + + def action_title + nil + end + + def action_button_title + _('View job currently using resource') + end + + def action_path + project_job_path(subject.project, current_processable) + end + + def action_method + :get + end + def self.matches?(processable, _) processable.waiting_for_resource? end + + private + + def current_processable + @current_processable ||= subject.resource_group.current_processable + end end end end diff --git a/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml b/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml index 11420b05dfb..4f12f0cd3b8 100644 --- a/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml @@ -58,7 +58,6 @@ variables: POSTGRES_USER: user POSTGRES_PASSWORD: testing-password - POSTGRES_ENABLED: "true" POSTGRES_DB: $CI_ENVIRONMENT_SLUG DOCKER_DRIVER: overlay2 diff --git a/lib/gitlab/ci/templates/Jobs/Build.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Build.gitlab-ci.yml index 40f5109851b..7a4c65f8c5b 100644 --- a/lib/gitlab/ci/templates/Jobs/Build.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/Build.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - AUTO_BUILD_IMAGE_VERSION: 'v1.28.0' + AUTO_BUILD_IMAGE_VERSION: 'v1.32.0' build: stage: build diff --git a/lib/gitlab/ci/templates/Jobs/Build.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Build.latest.gitlab-ci.yml index 40f5109851b..7a4c65f8c5b 100644 --- a/lib/gitlab/ci/templates/Jobs/Build.latest.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/Build.latest.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - AUTO_BUILD_IMAGE_VERSION: 'v1.28.0' + AUTO_BUILD_IMAGE_VERSION: 'v1.32.0' build: stage: build diff --git a/lib/gitlab/ci/templates/Jobs/Code-Quality.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Code-Quality.gitlab-ci.yml index 47b79302828..b2ab6704e35 100644 --- a/lib/gitlab/ci/templates/Jobs/Code-Quality.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/Code-Quality.gitlab-ci.yml @@ -8,7 +8,7 @@ code_quality: variables: DOCKER_DRIVER: overlay2 DOCKER_TLS_CERTDIR: "" - CODE_QUALITY_IMAGE_TAG: "0.89.0" + CODE_QUALITY_IMAGE_TAG: "0.94.0" CODE_QUALITY_IMAGE: "$CI_TEMPLATE_REGISTRY_HOST/gitlab-org/ci-cd/codequality:$CODE_QUALITY_IMAGE_TAG" needs: [] script: diff --git a/lib/gitlab/ci/templates/Jobs/Container-Scanning.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Container-Scanning.gitlab-ci.yml index fa609afc5a8..192d06bfa14 100644 --- a/lib/gitlab/ci/templates/Jobs/Container-Scanning.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/Container-Scanning.gitlab-ci.yml @@ -22,7 +22,8 @@ # List of available variables: https://docs.gitlab.com/ee/user/application_security/container_scanning/#available-variables variables: - CS_ANALYZER_IMAGE: "$CI_TEMPLATE_REGISTRY_HOST/security-products/container-scanning:5" + CS_ANALYZER_IMAGE: "$CI_TEMPLATE_REGISTRY_HOST/security-products/container-scanning:6" + CS_SCHEMA_MODEL: 15 container_scanning: image: "$CS_ANALYZER_IMAGE$CS_IMAGE_SUFFIX" @@ -39,12 +40,12 @@ container_scanning: reports: container_scanning: gl-container-scanning-report.json dependency_scanning: gl-dependency-scanning-report.json - paths: [gl-container-scanning-report.json, gl-dependency-scanning-report.json] + paths: [gl-container-scanning-report.json, gl-dependency-scanning-report.json, "**/gl-sbom-*.cdx.json"] dependencies: [] script: - gtcs scan rules: - - if: $CONTAINER_SCANNING_DISABLED + - if: $CONTAINER_SCANNING_DISABLED == 'true' || $CONTAINER_SCANNING_DISABLED == '1' when: never - if: $CI_COMMIT_BRANCH && $CI_GITLAB_FIPS_MODE == "true" && diff --git a/lib/gitlab/ci/templates/Jobs/Container-Scanning.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Container-Scanning.latest.gitlab-ci.yml index f750bda2a3f..9a4c75e7402 100644 --- a/lib/gitlab/ci/templates/Jobs/Container-Scanning.latest.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/Container-Scanning.latest.gitlab-ci.yml @@ -22,7 +22,8 @@ # List of available variables: https://docs.gitlab.com/ee/user/application_security/container_scanning/#available-variables variables: - CS_ANALYZER_IMAGE: "$CI_TEMPLATE_REGISTRY_HOST/security-products/container-scanning:5" + CS_ANALYZER_IMAGE: "$CI_TEMPLATE_REGISTRY_HOST/security-products/container-scanning:6" + CS_SCHEMA_MODEL: 15 container_scanning: image: "$CS_ANALYZER_IMAGE$CS_IMAGE_SUFFIX" @@ -39,12 +40,12 @@ container_scanning: reports: container_scanning: gl-container-scanning-report.json dependency_scanning: gl-dependency-scanning-report.json - paths: [gl-container-scanning-report.json, gl-dependency-scanning-report.json] + paths: [gl-container-scanning-report.json, gl-dependency-scanning-report.json, "**/gl-sbom-*.cdx.json"] dependencies: [] script: - gtcs scan rules: - - if: $CONTAINER_SCANNING_DISABLED + - if: $CONTAINER_SCANNING_DISABLED == 'true' || $CONTAINER_SCANNING_DISABLED == '1' when: never # Add the job to merge request pipelines if there's an open merge request. diff --git a/lib/gitlab/ci/templates/Jobs/DAST-Default-Branch-Deploy.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/DAST-Default-Branch-Deploy.gitlab-ci.yml index aa2356f6a34..4ee5fa74df9 100644 --- a/lib/gitlab/ci/templates/Jobs/DAST-Default-Branch-Deploy.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/DAST-Default-Branch-Deploy.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - DAST_AUTO_DEPLOY_IMAGE_VERSION: 'v2.46.0' + DAST_AUTO_DEPLOY_IMAGE_VERSION: 'v2.48.2' .dast-auto-deploy: image: "${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-deploy-image:${DAST_AUTO_DEPLOY_IMAGE_VERSION}" diff --git a/lib/gitlab/ci/templates/Jobs/Dependency-Scanning.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Dependency-Scanning.gitlab-ci.yml index eb8e5de5b56..63cf265fc6e 100644 --- a/lib/gitlab/ci/templates/Jobs/Dependency-Scanning.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/Dependency-Scanning.gitlab-ci.yml @@ -14,7 +14,7 @@ variables: SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products" DS_EXCLUDED_ANALYZERS: "" DS_EXCLUDED_PATHS: "spec, test, tests, tmp" - DS_MAJOR_VERSION: 3 + DS_MAJOR_VERSION: 4 DS_SCHEMA_MODEL: 15 dependency_scanning: @@ -56,15 +56,16 @@ dependency_scanning: .gemnasium-shared-rule: exists: - - '{Gemfile.lock,*/Gemfile.lock,*/*/Gemfile.lock}' - - '{composer.lock,*/composer.lock,*/*/composer.lock}' - - '{gems.locked,*/gems.locked,*/*/gems.locked}' - - '{go.sum,*/go.sum,*/*/go.sum}' - - '{npm-shrinkwrap.json,*/npm-shrinkwrap.json,*/*/npm-shrinkwrap.json}' - - '{package-lock.json,*/package-lock.json,*/*/package-lock.json}' - - '{yarn.lock,*/yarn.lock,*/*/yarn.lock}' - - '{packages.lock.json,*/packages.lock.json,*/*/packages.lock.json}' - - '{conan.lock,*/conan.lock,*/*/conan.lock}' + - '**/Gemfile.lock' + - '**/composer.lock' + - '**/gems.locked' + - '**/go.sum' + - '**/npm-shrinkwrap.json' + - '**/package-lock.json' + - '**/yarn.lock' + - '**/pnpm-lock.yaml' + - '**/packages.lock.json' + - '**/conan.lock' gemnasium-dependency_scanning: extends: @@ -74,7 +75,7 @@ gemnasium-dependency_scanning: DS_ANALYZER_NAME: "gemnasium" GEMNASIUM_LIBRARY_SCAN_ENABLED: "true" rules: - - if: $DEPENDENCY_SCANNING_DISABLED + - if: $DEPENDENCY_SCANNING_DISABLED == 'true' || $DEPENDENCY_SCANNING_DISABLED == '1' when: never - if: $DS_EXCLUDED_ANALYZERS =~ /gemnasium([^-]|$)/ when: never @@ -91,10 +92,10 @@ gemnasium-dependency_scanning: .gemnasium-maven-shared-rule: exists: - - '{build.gradle,*/build.gradle,*/*/build.gradle}' - - '{build.gradle.kts,*/build.gradle.kts,*/*/build.gradle.kts}' - - '{build.sbt,*/build.sbt,*/*/build.sbt}' - - '{pom.xml,*/pom.xml,*/*/pom.xml}' + - '**/build.gradle' + - '**/build.gradle.kts' + - '**/build.sbt' + - '**/pom.xml' gemnasium-maven-dependency_scanning: extends: @@ -103,7 +104,7 @@ gemnasium-maven-dependency_scanning: variables: DS_ANALYZER_NAME: "gemnasium-maven" rules: - - if: $DEPENDENCY_SCANNING_DISABLED + - if: $DEPENDENCY_SCANNING_DISABLED == 'true' || $DEPENDENCY_SCANNING_DISABLED == '1' when: never - if: $DS_EXCLUDED_ANALYZERS =~ /gemnasium-maven/ when: never @@ -119,12 +120,13 @@ gemnasium-maven-dependency_scanning: .gemnasium-python-shared-rule: exists: - - '{requirements.txt,*/requirements.txt,*/*/requirements.txt}' - - '{requirements.pip,*/requirements.pip,*/*/requirements.pip}' - - '{Pipfile,*/Pipfile,*/*/Pipfile}' - - '{requires.txt,*/requires.txt,*/*/requires.txt}' - - '{setup.py,*/setup.py,*/*/setup.py}' - - '{poetry.lock,*/poetry.lock,*/*/poetry.lock}' + - '**/requirements.txt' + - '**/requirements.pip' + - '**/Pipfile' + - '**/Pipfile.lock' + - '**/requires.txt' + - '**/setup.py' + - '**/poetry.lock' gemnasium-python-dependency_scanning: extends: @@ -133,7 +135,7 @@ gemnasium-python-dependency_scanning: variables: DS_ANALYZER_NAME: "gemnasium-python" rules: - - if: $DEPENDENCY_SCANNING_DISABLED + - if: $DEPENDENCY_SCANNING_DISABLED == 'true' || $DEPENDENCY_SCANNING_DISABLED == '1' when: never - if: $DS_EXCLUDED_ANALYZERS =~ /gemnasium-python/ when: never diff --git a/lib/gitlab/ci/templates/Jobs/Dependency-Scanning.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Dependency-Scanning.latest.gitlab-ci.yml index 655ac6ee712..4d7c3930741 100644 --- a/lib/gitlab/ci/templates/Jobs/Dependency-Scanning.latest.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/Dependency-Scanning.latest.gitlab-ci.yml @@ -14,7 +14,7 @@ variables: SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products" DS_EXCLUDED_ANALYZERS: "" DS_EXCLUDED_PATHS: "spec, test, tests, tmp" - DS_MAJOR_VERSION: 3 + DS_MAJOR_VERSION: 4 DS_SCHEMA_MODEL: 15 dependency_scanning: @@ -56,15 +56,16 @@ dependency_scanning: .gemnasium-shared-rule: exists: - - '{Gemfile.lock,*/Gemfile.lock,*/*/Gemfile.lock}' - - '{composer.lock,*/composer.lock,*/*/composer.lock}' - - '{gems.locked,*/gems.locked,*/*/gems.locked}' - - '{go.sum,*/go.sum,*/*/go.sum}' - - '{npm-shrinkwrap.json,*/npm-shrinkwrap.json,*/*/npm-shrinkwrap.json}' - - '{package-lock.json,*/package-lock.json,*/*/package-lock.json}' - - '{yarn.lock,*/yarn.lock,*/*/yarn.lock}' - - '{packages.lock.json,*/packages.lock.json,*/*/packages.lock.json}' - - '{conan.lock,*/conan.lock,*/*/conan.lock}' + - '**/Gemfile.lock' + - '**/composer.lock' + - '**/gems.locked' + - '**/go.sum' + - '**/npm-shrinkwrap.json' + - '**/package-lock.json' + - '**/yarn.lock' + - '**/pnpm-lock.yaml' + - '**/packages.lock.json' + - '**/conan.lock' gemnasium-dependency_scanning: extends: @@ -74,7 +75,7 @@ gemnasium-dependency_scanning: DS_ANALYZER_NAME: "gemnasium" GEMNASIUM_LIBRARY_SCAN_ENABLED: "true" rules: - - if: $DEPENDENCY_SCANNING_DISABLED + - if: $DEPENDENCY_SCANNING_DISABLED == 'true' || $DEPENDENCY_SCANNING_DISABLED == '1' when: never - if: $DS_EXCLUDED_ANALYZERS =~ /gemnasium([^-]|$)/ when: never @@ -109,10 +110,10 @@ gemnasium-dependency_scanning: .gemnasium-maven-shared-rule: exists: - - '{build.gradle,*/build.gradle,*/*/build.gradle}' - - '{build.gradle.kts,*/build.gradle.kts,*/*/build.gradle.kts}' - - '{build.sbt,*/build.sbt,*/*/build.sbt}' - - '{pom.xml,*/pom.xml,*/*/pom.xml}' + - '**/build.gradle' + - '**/build.gradle.kts' + - '**/build.sbt' + - '**/pom.xml' gemnasium-maven-dependency_scanning: extends: @@ -121,7 +122,7 @@ gemnasium-maven-dependency_scanning: variables: DS_ANALYZER_NAME: "gemnasium-maven" rules: - - if: $DEPENDENCY_SCANNING_DISABLED + - if: $DEPENDENCY_SCANNING_DISABLED == 'true' || $DEPENDENCY_SCANNING_DISABLED == '1' when: never - if: $DS_EXCLUDED_ANALYZERS =~ /gemnasium-maven/ when: never @@ -155,12 +156,13 @@ gemnasium-maven-dependency_scanning: .gemnasium-python-shared-rule: exists: - - '{requirements.txt,*/requirements.txt,*/*/requirements.txt}' - - '{requirements.pip,*/requirements.pip,*/*/requirements.pip}' - - '{Pipfile,*/Pipfile,*/*/Pipfile}' - - '{requires.txt,*/requires.txt,*/*/requires.txt}' - - '{setup.py,*/setup.py,*/*/setup.py}' - - '{poetry.lock,*/poetry.lock,*/*/poetry.lock}' + - '**/requirements.txt' + - '**/requirements.pip' + - '**/Pipfile' + - '**/Pipfile.lock' + - '**/requires.txt' + - '**/setup.py' + - '**/poetry.lock' gemnasium-python-dependency_scanning: extends: @@ -169,7 +171,7 @@ gemnasium-python-dependency_scanning: variables: DS_ANALYZER_NAME: "gemnasium-python" rules: - - if: $DEPENDENCY_SCANNING_DISABLED + - if: $DEPENDENCY_SCANNING_DISABLED == 'true' || $DEPENDENCY_SCANNING_DISABLED == '1' when: never - if: $DS_EXCLUDED_ANALYZERS =~ /gemnasium-python/ when: never diff --git a/lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml index 372b782c0a0..622b44d78ad 100644 --- a/lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - AUTO_DEPLOY_IMAGE_VERSION: 'v2.46.0' + AUTO_DEPLOY_IMAGE_VERSION: 'v2.48.2' .auto-deploy: image: "${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-deploy-image:${AUTO_DEPLOY_IMAGE_VERSION}" diff --git a/lib/gitlab/ci/templates/Jobs/Deploy.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Deploy.latest.gitlab-ci.yml index feba2efcf22..2954ddf8a35 100644 --- a/lib/gitlab/ci/templates/Jobs/Deploy.latest.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/Deploy.latest.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - AUTO_DEPLOY_IMAGE_VERSION: 'v2.46.0' + AUTO_DEPLOY_IMAGE_VERSION: 'v2.48.2' .auto-deploy: image: "${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-deploy-image:${AUTO_DEPLOY_IMAGE_VERSION}" diff --git a/lib/gitlab/ci/templates/Jobs/License-Scanning.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/License-Scanning.gitlab-ci.yml index f8668699fe5..b1c81e9ed5b 100644 --- a/lib/gitlab/ci/templates/Jobs/License-Scanning.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/License-Scanning.gitlab-ci.yml @@ -32,7 +32,7 @@ license_scanning: license_scanning: gl-license-scanning-report.json dependencies: [] rules: - - if: $LICENSE_MANAGEMENT_DISABLED + - if: $LICENSE_MANAGEMENT_DISABLED == 'true' || $LICENSE_MANAGEMENT_DISABLED == '1' when: never - if: $CI_COMMIT_BRANCH && $GITLAB_FEATURES =~ /\blicense_scanning\b/ diff --git a/lib/gitlab/ci/templates/Jobs/License-Scanning.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/License-Scanning.latest.gitlab-ci.yml index e47f669c2e2..8e1b0159cb0 100644 --- a/lib/gitlab/ci/templates/Jobs/License-Scanning.latest.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/License-Scanning.latest.gitlab-ci.yml @@ -32,7 +32,7 @@ license_scanning: license_scanning: gl-license-scanning-report.json dependencies: [] rules: - - if: $LICENSE_MANAGEMENT_DISABLED + - if: $LICENSE_MANAGEMENT_DISABLED == 'true' || $LICENSE_MANAGEMENT_DISABLED == '1' when: never # Add the job to merge request pipelines if there's an open merge request. diff --git a/lib/gitlab/ci/templates/Jobs/Load-Performance-Testing.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Load-Performance-Testing.gitlab-ci.yml index 12105e0e95d..a849d36a5b8 100644 --- a/lib/gitlab/ci/templates/Jobs/Load-Performance-Testing.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/Load-Performance-Testing.gitlab-ci.yml @@ -6,7 +6,7 @@ load_performance: DOCKER_TLS_CERTDIR: "" K6_IMAGE: grafana/k6 K6_VERSION: 0.41.0 - K6_TEST_FILE: raw.githubusercontent.com/grafana/k6/master/samples/http_get.js + K6_TEST_FILE: raw.githubusercontent.com/grafana/k6/master/examples/http_get.js K6_OPTIONS: '' K6_DOCKER_OPTIONS: '' services: diff --git a/lib/gitlab/ci/templates/Jobs/SAST-IaC.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/SAST-IaC.gitlab-ci.yml index c195ecd8ee5..a64e1e4a40f 100644 --- a/lib/gitlab/ci/templates/Jobs/SAST-IaC.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/SAST-IaC.gitlab-ci.yml @@ -31,10 +31,10 @@ kics-iac-sast: image: name: "$SAST_ANALYZER_IMAGE" variables: - SAST_ANALYZER_IMAGE_TAG: 3 + SAST_ANALYZER_IMAGE_TAG: 4 SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/kics:$SAST_ANALYZER_IMAGE_TAG$SAST_IMAGE_SUFFIX" rules: - - if: $SAST_DISABLED + - if: $SAST_DISABLED == 'true' || $SAST_DISABLED == '1' when: never - if: $SAST_EXCLUDED_ANALYZERS =~ /kics/ when: never diff --git a/lib/gitlab/ci/templates/Jobs/SAST-IaC.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/SAST-IaC.latest.gitlab-ci.yml index 77048037915..77f2c5a8c99 100644 --- a/lib/gitlab/ci/templates/Jobs/SAST-IaC.latest.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/SAST-IaC.latest.gitlab-ci.yml @@ -31,10 +31,10 @@ kics-iac-sast: image: name: "$SAST_ANALYZER_IMAGE" variables: - SAST_ANALYZER_IMAGE_TAG: 3 + SAST_ANALYZER_IMAGE_TAG: 4 SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/kics:$SAST_ANALYZER_IMAGE_TAG$SAST_IMAGE_SUFFIX" rules: - - if: $SAST_DISABLED + - if: $SAST_DISABLED == 'true' || $SAST_DISABLED == '1' when: never - if: $SAST_EXCLUDED_ANALYZERS =~ /kics/ when: never diff --git a/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml index 8b49d2de8cf..d567ab2a141 100644 --- a/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml @@ -1,7 +1,7 @@ # Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/sast/ # # Configure SAST with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/index.html). -# List of available variables: https://docs.gitlab.com/ee/user/application_security/sast/index.html#available-variables +# List of available variables: https://docs.gitlab.com/ee/user/application_security/sast/index.html#available-cicd-variables variables: # Setting this variable will affect all Security templates @@ -48,10 +48,10 @@ brakeman-sast: image: name: "$SAST_ANALYZER_IMAGE" variables: - SAST_ANALYZER_IMAGE_TAG: 3 + SAST_ANALYZER_IMAGE_TAG: 4 SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/brakeman:$SAST_ANALYZER_IMAGE_TAG" rules: - - if: $SAST_DISABLED + - if: $SAST_DISABLED == 'true' || $SAST_DISABLED == '1' when: never - if: $SAST_EXCLUDED_ANALYZERS =~ /brakeman/ when: never @@ -74,10 +74,10 @@ flawfinder-sast: image: name: "$SAST_ANALYZER_IMAGE" variables: - SAST_ANALYZER_IMAGE_TAG: 3 + SAST_ANALYZER_IMAGE_TAG: 4 SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/flawfinder:$SAST_ANALYZER_IMAGE_TAG" rules: - - if: $SAST_DISABLED + - if: $SAST_DISABLED == 'true' || $SAST_DISABLED == '1' when: never - if: $SAST_EXCLUDED_ANALYZERS =~ /flawfinder/ when: never @@ -95,10 +95,10 @@ kubesec-sast: image: name: "$SAST_ANALYZER_IMAGE" variables: - SAST_ANALYZER_IMAGE_TAG: 3 + SAST_ANALYZER_IMAGE_TAG: 4 SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/kubesec:$SAST_ANALYZER_IMAGE_TAG" rules: - - if: $SAST_DISABLED + - if: $SAST_DISABLED == 'true' || $SAST_DISABLED == '1' when: never - if: $SAST_EXCLUDED_ANALYZERS =~ /kubesec/ when: never @@ -119,13 +119,13 @@ gosec-sast: image: name: "$SAST_ANALYZER_IMAGE" variables: - SAST_ANALYZER_IMAGE_TAG: 3 + SAST_ANALYZER_IMAGE_TAG: 4 SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/mobsf:$SAST_ANALYZER_IMAGE_TAG" mobsf-android-sast: extends: .mobsf-sast rules: - - if: $SAST_DISABLED + - if: $SAST_DISABLED == 'true' || $SAST_DISABLED == '1' when: never - if: $SAST_EXCLUDED_ANALYZERS =~ /mobsf/ when: never @@ -138,7 +138,7 @@ mobsf-android-sast: mobsf-ios-sast: extends: .mobsf-sast rules: - - if: $SAST_DISABLED + - if: $SAST_DISABLED == 'true' || $SAST_DISABLED == '1' when: never - if: $SAST_EXCLUDED_ANALYZERS =~ /mobsf/ when: never @@ -153,10 +153,10 @@ nodejs-scan-sast: image: name: "$SAST_ANALYZER_IMAGE" variables: - SAST_ANALYZER_IMAGE_TAG: 3 + SAST_ANALYZER_IMAGE_TAG: 4 SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/nodejs-scan:$SAST_ANALYZER_IMAGE_TAG" rules: - - if: $SAST_DISABLED + - if: $SAST_DISABLED == 'true' || $SAST_DISABLED == '1' when: never - if: $SAST_EXCLUDED_ANALYZERS =~ /nodejs-scan/ when: never @@ -169,10 +169,10 @@ phpcs-security-audit-sast: image: name: "$SAST_ANALYZER_IMAGE" variables: - SAST_ANALYZER_IMAGE_TAG: 3 + SAST_ANALYZER_IMAGE_TAG: 4 SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/phpcs-security-audit:$SAST_ANALYZER_IMAGE_TAG" rules: - - if: $SAST_DISABLED + - if: $SAST_DISABLED == 'true' || $SAST_DISABLED == '1' when: never - if: $SAST_EXCLUDED_ANALYZERS =~ /phpcs-security-audit/ when: never @@ -185,10 +185,10 @@ pmd-apex-sast: image: name: "$SAST_ANALYZER_IMAGE" variables: - SAST_ANALYZER_IMAGE_TAG: 3 + SAST_ANALYZER_IMAGE_TAG: 4 SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/pmd-apex:$SAST_ANALYZER_IMAGE_TAG" rules: - - if: $SAST_DISABLED + - if: $SAST_DISABLED == 'true' || $SAST_DISABLED == '1' when: never - if: $SAST_EXCLUDED_ANALYZERS =~ /pmd-apex/ when: never @@ -198,20 +198,12 @@ pmd-apex-sast: security-code-scan-sast: extends: .sast-analyzer - image: - name: "$SAST_ANALYZER_IMAGE" - variables: - SAST_ANALYZER_IMAGE_TAG: '3' - SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/security-code-scan:$SAST_ANALYZER_IMAGE_TAG" + script: + - echo "This job was deprecated in GitLab 15.9 and removed in GitLab 16.0" + - echo "For more information see https://gitlab.com/gitlab-org/gitlab/-/issues/390416" + - exit 1 rules: - - if: $SAST_DISABLED - when: never - - if: $SAST_EXCLUDED_ANALYZERS =~ /security-code-scan/ - when: never - - if: $CI_COMMIT_BRANCH - exists: - - '**/*.csproj' - - '**/*.vbproj' + - when: never semgrep-sast: extends: .sast-analyzer @@ -219,10 +211,10 @@ semgrep-sast: name: "$SAST_ANALYZER_IMAGE" variables: SEARCH_MAX_DEPTH: 20 - SAST_ANALYZER_IMAGE_TAG: 3 + SAST_ANALYZER_IMAGE_TAG: 4 SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/semgrep:$SAST_ANALYZER_IMAGE_TAG$SAST_IMAGE_SUFFIX" rules: - - if: $SAST_DISABLED + - if: $SAST_DISABLED == 'true' || $SAST_DISABLED == '1' when: never - if: $SAST_EXCLUDED_ANALYZERS =~ /semgrep/ when: never @@ -246,10 +238,10 @@ sobelow-sast: image: name: "$SAST_ANALYZER_IMAGE" variables: - SAST_ANALYZER_IMAGE_TAG: 3 + SAST_ANALYZER_IMAGE_TAG: 4 SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/sobelow:$SAST_ANALYZER_IMAGE_TAG" rules: - - if: $SAST_DISABLED + - if: $SAST_DISABLED == 'true' || $SAST_DISABLED == '1' when: never - if: $SAST_EXCLUDED_ANALYZERS =~ /sobelow/ when: never @@ -262,7 +254,7 @@ spotbugs-sast: image: name: "$SAST_ANALYZER_IMAGE" variables: - SAST_ANALYZER_IMAGE_TAG: 3 + SAST_ANALYZER_IMAGE_TAG: 4 SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/spotbugs:$SAST_ANALYZER_IMAGE_TAG" rules: - if: $SAST_EXCLUDED_ANALYZERS =~ /spotbugs/ @@ -271,7 +263,7 @@ spotbugs-sast: exists: - '**/AndroidManifest.xml' when: never - - if: $SAST_DISABLED + - if: $SAST_DISABLED == 'true' || $SAST_DISABLED == '1' when: never - if: $CI_COMMIT_BRANCH exists: diff --git a/lib/gitlab/ci/templates/Jobs/SAST.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/SAST.latest.gitlab-ci.yml index 1c4dbe6cd0f..88d10f8b235 100644 --- a/lib/gitlab/ci/templates/Jobs/SAST.latest.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/SAST.latest.gitlab-ci.yml @@ -48,10 +48,10 @@ brakeman-sast: image: name: "$SAST_ANALYZER_IMAGE" variables: - SAST_ANALYZER_IMAGE_TAG: 3 + SAST_ANALYZER_IMAGE_TAG: 4 SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/brakeman:$SAST_ANALYZER_IMAGE_TAG" rules: - - if: $SAST_DISABLED + - if: $SAST_DISABLED == 'true' || $SAST_DISABLED == '1' when: never - if: $SAST_EXCLUDED_ANALYZERS =~ /brakeman/ when: never @@ -80,10 +80,10 @@ flawfinder-sast: image: name: "$SAST_ANALYZER_IMAGE" variables: - SAST_ANALYZER_IMAGE_TAG: 3 + SAST_ANALYZER_IMAGE_TAG: 4 SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/flawfinder:$SAST_ANALYZER_IMAGE_TAG" rules: - - if: $SAST_DISABLED + - if: $SAST_DISABLED == 'true' || $SAST_DISABLED == '1' when: never - if: $SAST_EXCLUDED_ANALYZERS =~ /flawfinder/ when: never @@ -120,10 +120,10 @@ kubesec-sast: image: name: "$SAST_ANALYZER_IMAGE" variables: - SAST_ANALYZER_IMAGE_TAG: 3 + SAST_ANALYZER_IMAGE_TAG: 4 SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/kubesec:$SAST_ANALYZER_IMAGE_TAG" rules: - - if: $SAST_DISABLED + - if: $SAST_DISABLED == 'true' || $SAST_DISABLED == '1' when: never - if: $SAST_EXCLUDED_ANALYZERS =~ /kubesec/ when: never @@ -141,13 +141,13 @@ kubesec-sast: image: name: "$SAST_ANALYZER_IMAGE" variables: - SAST_ANALYZER_IMAGE_TAG: 3 + SAST_ANALYZER_IMAGE_TAG: 4 SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/mobsf:$SAST_ANALYZER_IMAGE_TAG" mobsf-android-sast: extends: .mobsf-sast rules: - - if: $SAST_DISABLED + - if: $SAST_DISABLED == 'true' || $SAST_DISABLED == '1' when: never - if: $SAST_EXCLUDED_ANALYZERS =~ /mobsf/ when: never @@ -169,7 +169,7 @@ mobsf-android-sast: mobsf-ios-sast: extends: .mobsf-sast rules: - - if: $SAST_DISABLED + - if: $SAST_DISABLED == 'true' || $SAST_DISABLED == '1' when: never - if: $SAST_EXCLUDED_ANALYZERS =~ /mobsf/ when: never @@ -193,10 +193,10 @@ nodejs-scan-sast: image: name: "$SAST_ANALYZER_IMAGE" variables: - SAST_ANALYZER_IMAGE_TAG: 3 + SAST_ANALYZER_IMAGE_TAG: 4 SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/nodejs-scan:$SAST_ANALYZER_IMAGE_TAG" rules: - - if: $SAST_DISABLED + - if: $SAST_DISABLED == 'true' || $SAST_DISABLED == '1' when: never - if: $SAST_EXCLUDED_ANALYZERS =~ /nodejs-scan/ when: never @@ -214,10 +214,10 @@ phpcs-security-audit-sast: image: name: "$SAST_ANALYZER_IMAGE" variables: - SAST_ANALYZER_IMAGE_TAG: 3 + SAST_ANALYZER_IMAGE_TAG: 4 SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/phpcs-security-audit:$SAST_ANALYZER_IMAGE_TAG" rules: - - if: $SAST_DISABLED + - if: $SAST_DISABLED == 'true' || $SAST_DISABLED == '1' when: never - if: $SAST_EXCLUDED_ANALYZERS =~ /phpcs-security-audit/ when: never @@ -235,10 +235,10 @@ pmd-apex-sast: image: name: "$SAST_ANALYZER_IMAGE" variables: - SAST_ANALYZER_IMAGE_TAG: 3 + SAST_ANALYZER_IMAGE_TAG: 4 SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/pmd-apex:$SAST_ANALYZER_IMAGE_TAG" rules: - - if: $SAST_DISABLED + - if: $SAST_DISABLED == 'true' || $SAST_DISABLED == '1' when: never - if: $SAST_EXCLUDED_ANALYZERS =~ /pmd-apex/ when: never @@ -253,26 +253,12 @@ pmd-apex-sast: security-code-scan-sast: extends: .sast-analyzer - image: - name: "$SAST_ANALYZER_IMAGE" - variables: - SAST_ANALYZER_IMAGE_TAG: 3 - SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/security-code-scan:$SAST_ANALYZER_IMAGE_TAG" + script: + - echo "This job was deprecated in GitLab 15.9 and removed in GitLab 16.0" + - echo "For more information see https://gitlab.com/gitlab-org/gitlab/-/issues/390416" + - exit 1 rules: - - if: $SAST_DISABLED - when: never - - if: $SAST_EXCLUDED_ANALYZERS =~ /security-code-scan/ - when: never - - if: $CI_PIPELINE_SOURCE == "merge_request_event" # Add the job to merge request pipelines if there's an open merge request. - exists: - - '**/*.csproj' - - '**/*.vbproj' - - if: $CI_OPEN_MERGE_REQUESTS # Don't add it to a *branch* pipeline if it's already in a merge request pipeline. - when: never - - if: $CI_COMMIT_BRANCH # If there's no open merge request, add it to a *branch* pipeline instead. - exists: - - '**/*.csproj' - - '**/*.vbproj' + - when: never semgrep-sast: extends: .sast-analyzer @@ -280,10 +266,10 @@ semgrep-sast: name: "$SAST_ANALYZER_IMAGE" variables: SEARCH_MAX_DEPTH: 20 - SAST_ANALYZER_IMAGE_TAG: 3 + SAST_ANALYZER_IMAGE_TAG: 4 SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/semgrep:$SAST_ANALYZER_IMAGE_TAG$SAST_IMAGE_SUFFIX" rules: - - if: $SAST_DISABLED + - if: $SAST_DISABLED == 'true' || $SAST_DISABLED == '1' when: never - if: $SAST_EXCLUDED_ANALYZERS =~ /semgrep/ when: never @@ -323,10 +309,10 @@ sobelow-sast: image: name: "$SAST_ANALYZER_IMAGE" variables: - SAST_ANALYZER_IMAGE_TAG: 3 + SAST_ANALYZER_IMAGE_TAG: 4 SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/sobelow:$SAST_ANALYZER_IMAGE_TAG" rules: - - if: $SAST_DISABLED + - if: $SAST_DISABLED == 'true' || $SAST_DISABLED == '1' when: never - if: $SAST_EXCLUDED_ANALYZERS =~ /sobelow/ when: never @@ -344,7 +330,7 @@ spotbugs-sast: image: name: "$SAST_ANALYZER_IMAGE" variables: - SAST_ANALYZER_IMAGE_TAG: 3 + SAST_ANALYZER_IMAGE_TAG: 4 SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/spotbugs:$SAST_ANALYZER_IMAGE_TAG" rules: - if: $SAST_EXCLUDED_ANALYZERS =~ /spotbugs/ @@ -353,7 +339,7 @@ spotbugs-sast: exists: - '**/AndroidManifest.xml' when: never - - if: $SAST_DISABLED + - if: $SAST_DISABLED == 'true' || $SAST_DISABLED == '1' when: never - if: $CI_PIPELINE_SOURCE == "merge_request_event" # Add the job to merge request pipelines if there's an open merge request. exists: diff --git a/lib/gitlab/ci/templates/Jobs/Secret-Detection.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Secret-Detection.gitlab-ci.yml index b7a9dbf7bc6..9d0b904117a 100644 --- a/lib/gitlab/ci/templates/Jobs/Secret-Detection.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/Secret-Detection.gitlab-ci.yml @@ -8,7 +8,7 @@ variables: SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products" SECRET_DETECTION_IMAGE_SUFFIX: "" - SECRETS_ANALYZER_VERSION: "4" + SECRETS_ANALYZER_VERSION: "5" SECRET_DETECTION_EXCLUDED_PATHS: "" .secret-analyzer: @@ -27,7 +27,7 @@ variables: secret_detection: extends: .secret-analyzer rules: - - if: $SECRET_DETECTION_DISABLED + - if: $SECRET_DETECTION_DISABLED == 'true' || $SECRET_DETECTION_DISABLED == '1' when: never - if: $CI_COMMIT_BRANCH script: diff --git a/lib/gitlab/ci/templates/Jobs/Secret-Detection.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Secret-Detection.latest.gitlab-ci.yml index 6603ee4268e..56a8ad794dc 100644 --- a/lib/gitlab/ci/templates/Jobs/Secret-Detection.latest.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/Secret-Detection.latest.gitlab-ci.yml @@ -8,7 +8,7 @@ variables: SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products" SECRET_DETECTION_IMAGE_SUFFIX: "" - SECRETS_ANALYZER_VERSION: "4" + SECRETS_ANALYZER_VERSION: "5" SECRET_DETECTION_EXCLUDED_PATHS: "" .secret-analyzer: @@ -27,7 +27,7 @@ variables: secret_detection: extends: .secret-analyzer rules: - - if: $SECRET_DETECTION_DISABLED + - if: $SECRET_DETECTION_DISABLED == 'true' || $SECRET_DETECTION_DISABLED == '1' when: never - if: $CI_PIPELINE_SOURCE == "merge_request_event" # Add the job to merge request pipelines if there's an open merge request. - if: $CI_OPEN_MERGE_REQUESTS # Don't add it to a *branch* pipeline if it's already in a merge request pipeline. diff --git a/lib/gitlab/ci/templates/Python.gitlab-ci.yml b/lib/gitlab/ci/templates/Python.gitlab-ci.yml index febbb36d834..d53f3ddcad4 100644 --- a/lib/gitlab/ci/templates/Python.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Python.gitlab-ci.yml @@ -23,26 +23,24 @@ cache: - venv/ before_script: - - python --version # For debugging + - python --version ; pip --version # For debugging - pip install virtualenv - virtualenv venv - source venv/bin/activate test: script: - - python setup.py test - - pip install tox flake8 # you can also use tox - - tox -e py36,flake8 + - pip install ruff tox # you can also use tox + - pip install --editable ".[test]" + - tox -e py,ruff run: script: - - python setup.py bdist_wheel - # an alternative approach is to install and run: - - pip install dist/* + - pip install . # run the command here artifacts: paths: - - dist/*.whl + - build/* pages: script: diff --git a/lib/gitlab/ci/templates/Security/API-Discovery.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/API-Discovery.gitlab-ci.yml new file mode 100644 index 00000000000..d9bc76dad1e --- /dev/null +++ b/lib/gitlab/ci/templates/Security/API-Discovery.gitlab-ci.yml @@ -0,0 +1,66 @@ +# To contribute improvements to CI/CD templates, please follow the Development guide at: +# https://docs.gitlab.com/ee/development/cicd/templates.html +# This specific template is located at: +# https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/API-Discovery.gitlab-ci.yml + +# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/api_discovery/ +# +# Configure API Discovery with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/index.html). +# List of available variables: https://docs.gitlab.com/ee/user/application_security/api_discovery/#available-cicd-variables + +variables: + API_DISCOVERY_PACKAGES: "$CI_API_V4_URL/projects/42503323/packages" + API_DISCOVERY_VERSION: "1" + +.api_discovery_java_spring_boot: + stage: test + allow_failure: true + script: + # + # Check configuration + - if [[ -z "$API_DISCOVERY_VERSION" ]]; then echo "Error, API_DISCOVERY_VERSION not provided. Please set this variable and re-run the pipeline."; exit 1; fi + # + # Check for required commands + - requires() { command -v "$1" >/dev/null 2>&1 || { echo "'$1' is required but it's not installed. Add the needed command to the job image and retry." >&2; exit 1; } } + - requires 'curl' + - requires 'java' + # + # Set JAVA_HOME if API_DISCOVERY_JAVA_HOME provided + - if [[ -n "$API_DISCOVERY_JAVA_HOME" ]]; then export JAVA_HOME="$API_DISCOVERY_JAVA_HOME"; export PATH="$JAVA_HOME/bin:$PATH"; fi + # + # Download jar file + - if [[ -n "$API_DISCOVERY_PACKAGE_TOKEN" ]]; then echo "Using API_DISCOVERY_PACKAGE_TOKEN"; export CURL_AUTH="-H PRIVATE-TOKEN:$API_DISCOVERY_PACKAGE_TOKEN"; else export CURL_AUTH=""; fi + - DL_URL="$API_DISCOVERY_PACKAGES/maven/com/gitlab/analyzers/api-discovery/api-discovery_spring-boot/$API_DISCOVERY_VERSION/api-discovery_spring-boot-$API_DISCOVERY_VERSION.jar" + - echo "Downloading Discovery jar from '${DL_URL}'" + - CURL_CMD="curl -L ${CURL_AUTH} --write-out "%{http_code}" --output api_discovery_java_spring_boot_${API_DISCOVERY_VERSION}.jar ${DL_URL}" + - STATUS_CODE=$(${CURL_CMD}) + - RC=$? + - if [[ $RC -ne 0 ]]; then echo "Error connecting to GitLab API, curl exit code was $RC."; echo "To diagnose, see the curl documentation- https://everything.curl.dev/usingcurl/returns"; exit 1; fi + - if [[ "$STATUS_CODE" != "200" ]]; then echo "Error, Unable to download api_discovery_java_spring_boot_${API_DISCOVERY_VERSION}.jar"; echo "Error, Status Code was $STATUS_CODE, but wanted 200"; exit 1; fi + # + # Run API Discovery + - java -jar "api_discovery_java_spring_boot_${API_DISCOVERY_VERSION}.jar" + # + # Check for expected output file + - if [[ ! -e "gl-api-discovery-openapi.json" ]]; then echo "Error, Unable to find gl-api-discovery-openapi.json"; exit 1; fi + # + artifacts: + when: always + paths: + - gl-api-discovery-openapi.json + - gl-*.log + rules: + - if: $API_DISCOVERY_DISABLED + when: never + - if: $API_DISCOVERY_DISABLED_FOR_DEFAULT_BRANCH && + $CI_DEFAULT_BRANCH == $CI_COMMIT_REF_NAME + when: never + # Add the job to merge request pipelines if there's an open merge request. + - if: $CI_PIPELINE_SOURCE == "merge_request_event" + + # Don't add it to a *branch* pipeline if it's already in a merge request pipeline. + - if: $CI_OPEN_MERGE_REQUESTS + when: never + + # Add the job to branch pipelines. + - if: $CI_COMMIT_BRANCH diff --git a/lib/gitlab/ci/templates/Security/API-Fuzzing.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/API-Fuzzing.gitlab-ci.yml index cdfa4556769..544aee904d5 100644 --- a/lib/gitlab/ci/templates/Security/API-Fuzzing.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Security/API-Fuzzing.gitlab-ci.yml @@ -26,7 +26,7 @@ variables: # (SAST, Dependency Scanning, ...) SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products" # - FUZZAPI_VERSION: "2" + FUZZAPI_VERSION: "3" FUZZAPI_IMAGE_SUFFIX: "" FUZZAPI_IMAGE: api-security @@ -35,9 +35,12 @@ apifuzzer_fuzz: image: $SECURE_ANALYZERS_PREFIX/$FUZZAPI_IMAGE:$FUZZAPI_VERSION$FUZZAPI_IMAGE_SUFFIX allow_failure: true rules: - - if: $API_FUZZING_DISABLED + - if: $API_FUZZING_DISABLED == 'true' || $API_FUZZING_DISABLED == '1' when: never - - if: $API_FUZZING_DISABLED_FOR_DEFAULT_BRANCH && + - if: $API_FUZZING_DISABLED_FOR_DEFAULT_BRANCH == 'true' && + $CI_DEFAULT_BRANCH == $CI_COMMIT_REF_NAME + when: never + - if: $API_FUZZING_DISABLED_FOR_DEFAULT_BRANCH == '1' && $CI_DEFAULT_BRANCH == $CI_COMMIT_REF_NAME when: never - if: $CI_COMMIT_BRANCH && diff --git a/lib/gitlab/ci/templates/Security/API-Fuzzing.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/API-Fuzzing.latest.gitlab-ci.yml index f12efa1db34..feaa2965339 100644 --- a/lib/gitlab/ci/templates/Security/API-Fuzzing.latest.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Security/API-Fuzzing.latest.gitlab-ci.yml @@ -26,7 +26,7 @@ variables: # (SAST, Dependency Scanning, ...) SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products" # - FUZZAPI_VERSION: "2" + FUZZAPI_VERSION: "3" FUZZAPI_IMAGE_SUFFIX: "" FUZZAPI_IMAGE: api-security @@ -35,9 +35,12 @@ apifuzzer_fuzz: image: $SECURE_ANALYZERS_PREFIX/$FUZZAPI_IMAGE:$FUZZAPI_VERSION$FUZZAPI_IMAGE_SUFFIX allow_failure: true rules: - - if: $API_FUZZING_DISABLED + - if: $API_FUZZING_DISABLED == 'true' || $API_FUZZING_DISABLED == '1' when: never - - if: $API_FUZZING_DISABLED_FOR_DEFAULT_BRANCH && + - if: $API_FUZZING_DISABLED_FOR_DEFAULT_BRANCH == 'true' && + $CI_DEFAULT_BRANCH == $CI_COMMIT_REF_NAME + when: never + - if: $API_FUZZING_DISABLED_FOR_DEFAULT_BRANCH == '1' && $CI_DEFAULT_BRANCH == $CI_COMMIT_REF_NAME when: never diff --git a/lib/gitlab/ci/templates/Security/BAS.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/BAS.latest.gitlab-ci.yml new file mode 100644 index 00000000000..b626a7ca770 --- /dev/null +++ b/lib/gitlab/ci/templates/Security/BAS.latest.gitlab-ci.yml @@ -0,0 +1,65 @@ +# To contribute improvements to CI/CD templates, please follow the Development guide at: +# https://docs.gitlab.com/ee/development/cicd/templates.html +# This specific template is located at: +# https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/BAS.latest.gitlab-ci.yml + +# To use this template, add the following to your .gitlab-ci.yml file: +# +# include: +# template: BAS.latest.gitlab-ci.yml +# +# You also need to add a `dast` stage to your `stages:` configuration. A sample configuration for DAST: +# +# stages: +# - build +# - test +# - deploy +# - dast +# +# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/breach_and_attack_simulation/index.html#extend-dynamic-application-security-testing-dast + +# Include the DAST.latest template if $DAST_VERSION is null because this means a DAST template has not been included already. +include: + - template: Security/DAST.latest.gitlab-ci.yml + rules: + - if: $DAST_VERSION == null + +variables: + BAS_CALLBACK_IMAGE_TAG: "latest" + BAS_DAST_IMAGE_TAG: "latest" + # Setting this variable will affect all Security templates + # (SAST, Dependency Scanning, ...) + SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products" + +dast_with_bas: + extends: + - dast + - .dast_with_bas + rules: + # Don't add if the DAST+BAS job is disabled. + - if: $DAST_BAS_DISABLED == 'true' || $DAST_BAS_DISABLED == '1' + when: never + # Add the job to merge request pipelines if there's an open merge request. + - if: $CI_PIPELINE_SOURCE == "merge_request_event" + # Don't add it to a *branch* pipeline if it's already in a merge request pipeline. + - if: $CI_OPEN_MERGE_REQUESTS + when: never + # If there's no open merge request, add it to a *branch* pipeline instead. + - if: $CI_COMMIT_BRANCH + +.dast_with_bas: + image: + name: "$SECURE_ANALYZERS_PREFIX/dast/breach-and-attack-simulation:$BAS_DAST_IMAGE_TAG" + variables: + DAST_BROWSER_SCAN: "true" + DAST_FF_ENABLE_BAS: "true" + DAST_FULL_SCAN_ENABLED: "true" + +.dast_with_bas_using_services: + extends: .dast_with_bas + services: + - name: "$SECURE_ANALYZERS_PREFIX/callback:$BAS_CALLBACK_IMAGE_TAG" + alias: callback + variables: + DAST_BROWSER_CALLBACK: "Address:http://callback" + FF_NETWORK_PER_BUILD: "true" diff --git a/lib/gitlab/ci/templates/Security/Coverage-Fuzzing.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/Coverage-Fuzzing.gitlab-ci.yml index 89944e347f6..1f11ec8e288 100644 --- a/lib/gitlab/ci/templates/Security/Coverage-Fuzzing.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Security/Coverage-Fuzzing.gitlab-ci.yml @@ -49,6 +49,6 @@ coverage_fuzzing_unlicensed: coverage_fuzzing: gl-coverage-fuzzing-report.json when: always rules: - - if: $COVFUZZ_DISABLED + - if: $COVFUZZ_DISABLED == 'true' || $COVFUZZ_DISABLED == '1' when: never - if: $CI_COMMIT_BRANCH && $GITLAB_FEATURES =~ /\bcoverage_fuzzing\b/ diff --git a/lib/gitlab/ci/templates/Security/Coverage-Fuzzing.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/Coverage-Fuzzing.latest.gitlab-ci.yml index 4f6ba427058..0cf52468067 100644 --- a/lib/gitlab/ci/templates/Security/Coverage-Fuzzing.latest.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Security/Coverage-Fuzzing.latest.gitlab-ci.yml @@ -49,7 +49,7 @@ coverage_fuzzing_unlicensed: coverage_fuzzing: gl-coverage-fuzzing-report.json when: always rules: - - if: $COVFUZZ_DISABLED + - if: $COVFUZZ_DISABLED == 'true' || $COVFUZZ_DISABLED == '1' when: never # Add the job to merge request pipelines if there's an open merge request. diff --git a/lib/gitlab/ci/templates/Security/DAST-API.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/DAST-API.gitlab-ci.yml index 1b33596baa0..ee99d3b4614 100644 --- a/lib/gitlab/ci/templates/Security/DAST-API.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Security/DAST-API.gitlab-ci.yml @@ -26,7 +26,7 @@ variables: # (SAST, Dependency Scanning, ...) SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products" # - DAST_API_VERSION: "2" + DAST_API_VERSION: "3" DAST_API_IMAGE_SUFFIX: "" DAST_API_IMAGE: api-security @@ -35,9 +35,12 @@ dast_api: image: $SECURE_ANALYZERS_PREFIX/$DAST_API_IMAGE:$DAST_API_VERSION$DAST_API_IMAGE_SUFFIX allow_failure: true rules: - - if: $DAST_API_DISABLED + - if: $DAST_API_DISABLED == 'true' || $DAST_API_DISABLED == '1' when: never - - if: $DAST_API_DISABLED_FOR_DEFAULT_BRANCH && + - if: $DAST_API_DISABLED_FOR_DEFAULT_BRANCH == 'true' && + $CI_DEFAULT_BRANCH == $CI_COMMIT_REF_NAME + when: never + - if: $DAST_API_DISABLED_FOR_DEFAULT_BRANCH == '1' && $CI_DEFAULT_BRANCH == $CI_COMMIT_REF_NAME when: never - if: $CI_COMMIT_BRANCH && diff --git a/lib/gitlab/ci/templates/Security/DAST-API.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/DAST-API.latest.gitlab-ci.yml index a28914d082f..f0b3dc3d2d9 100644 --- a/lib/gitlab/ci/templates/Security/DAST-API.latest.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Security/DAST-API.latest.gitlab-ci.yml @@ -26,7 +26,7 @@ variables: # (SAST, Dependency Scanning, ...) SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products" # - DAST_API_VERSION: "2" + DAST_API_VERSION: "3" DAST_API_IMAGE_SUFFIX: "" DAST_API_IMAGE: api-security @@ -35,9 +35,12 @@ dast_api: image: $SECURE_ANALYZERS_PREFIX/$DAST_API_IMAGE:$DAST_API_VERSION$DAST_API_IMAGE_SUFFIX allow_failure: true rules: - - if: $DAST_API_DISABLED + - if: $DAST_API_DISABLED == 'true' || $DAST_API_DISABLED == '1' when: never - - if: $DAST_API_DISABLED_FOR_DEFAULT_BRANCH && + - if: $DAST_API_DISABLED_FOR_DEFAULT_BRANCH == 'true' && + $CI_DEFAULT_BRANCH == $CI_COMMIT_REF_NAME + when: never + - if: $DAST_API_DISABLED_FOR_DEFAULT_BRANCH == '1' && $CI_DEFAULT_BRANCH == $CI_COMMIT_REF_NAME when: never diff --git a/lib/gitlab/ci/templates/Security/DAST-On-Demand-API-Scan.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/DAST-On-Demand-API-Scan.gitlab-ci.yml index 5863da142f0..7b9d16e4192 100644 --- a/lib/gitlab/ci/templates/Security/DAST-On-Demand-API-Scan.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Security/DAST-On-Demand-API-Scan.gitlab-ci.yml @@ -14,7 +14,7 @@ stages: variables: SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products" - DAST_API_VERSION: "2" + DAST_API_VERSION: "3" DAST_API_IMAGE_SUFFIX: "" DAST_API_IMAGE: api-security diff --git a/lib/gitlab/ci/templates/Security/DAST-On-Demand-Scan.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/DAST-On-Demand-Scan.gitlab-ci.yml index 733ba4e4954..1ed4cd86e82 100644 --- a/lib/gitlab/ci/templates/Security/DAST-On-Demand-Scan.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Security/DAST-On-Demand-Scan.gitlab-ci.yml @@ -13,7 +13,7 @@ stages: - dast variables: - DAST_VERSION: 3 + DAST_VERSION: 4 # Setting this variable will affect all Security templates # (SAST, Dependency Scanning, ...) SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products" diff --git a/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml index c43296b5865..792bd7f666b 100644 --- a/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml @@ -22,7 +22,7 @@ # List of available variables: https://docs.gitlab.com/ee/user/application_security/dast/#available-variables variables: - DAST_VERSION: 3 + DAST_VERSION: 4 # Setting this variable will affect all Security templates # (SAST, Dependency Scanning, ...) SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products" @@ -42,13 +42,23 @@ dast: reports: dast: gl-dast-report.json rules: - - if: $DAST_DISABLED + - if: $DAST_DISABLED == 'true' || $DAST_DISABLED == '1' when: never - - if: $DAST_DISABLED_FOR_DEFAULT_BRANCH && + - if: $DAST_DISABLED_FOR_DEFAULT_BRANCH == 'true' && $CI_DEFAULT_BRANCH == $CI_COMMIT_REF_NAME when: never + - if: $DAST_DISABLED_FOR_DEFAULT_BRANCH == '1' && + $CI_DEFAULT_BRANCH == $CI_COMMIT_REF_NAME + when: never + - if: $CI_DEFAULT_BRANCH != $CI_COMMIT_REF_NAME && + $REVIEW_DISABLED == 'true' + when: never - if: $CI_DEFAULT_BRANCH != $CI_COMMIT_REF_NAME && - $REVIEW_DISABLED + $REVIEW_DISABLED == '1' when: never - if: $CI_COMMIT_BRANCH && $GITLAB_FEATURES =~ /\bdast\b/ + after_script: + # Remove any debug.log files because they might contain secrets. + - rm -f /zap/wrk/**/debug.log + - cp -r /zap/wrk dast_artifacts diff --git a/lib/gitlab/ci/templates/Security/DAST.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/DAST.latest.gitlab-ci.yml index 27bcc14bcf5..d1d1c4d7e52 100644 --- a/lib/gitlab/ci/templates/Security/DAST.latest.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Security/DAST.latest.gitlab-ci.yml @@ -22,7 +22,7 @@ # List of available variables: https://docs.gitlab.com/ee/user/application_security/dast/#available-variables variables: - DAST_VERSION: 3 + DAST_VERSION: 4 # Setting this variable will affect all Security templates # (SAST, Dependency Scanning, ...) SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products" @@ -44,13 +44,19 @@ dast: reports: dast: gl-dast-report.json rules: - - if: $DAST_DISABLED + - if: $DAST_DISABLED == 'true' || $DAST_DISABLED == '1' when: never - - if: $DAST_DISABLED_FOR_DEFAULT_BRANCH && + - if: $DAST_DISABLED_FOR_DEFAULT_BRANCH == 'true' && $CI_DEFAULT_BRANCH == $CI_COMMIT_REF_NAME when: never + - if: $DAST_DISABLED_FOR_DEFAULT_BRANCH == '1' && + $CI_DEFAULT_BRANCH == $CI_COMMIT_REF_NAME + when: never + - if: $CI_DEFAULT_BRANCH != $CI_COMMIT_REF_NAME && + $REVIEW_DISABLED == 'true' + when: never - if: $CI_DEFAULT_BRANCH != $CI_COMMIT_REF_NAME && - $REVIEW_DISABLED + $REVIEW_DISABLED == '1' when: never # Add the job to merge request pipelines if there's an open merge request. diff --git a/lib/gitlab/ci/templates/Security/Secure-Binaries.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/Secure-Binaries.gitlab-ci.yml index 631f6cecddf..9a43713cc26 100644 --- a/lib/gitlab/ci/templates/Security/Secure-Binaries.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Security/Secure-Binaries.gitlab-ci.yml @@ -255,7 +255,7 @@ dast-runner-validation: api-security: extends: .download_images variables: - SECURE_BINARIES_ANALYZER_VERSION: "2" + SECURE_BINARIES_ANALYZER_VERSION: "3" only: variables: - $SECURE_BINARIES_DOWNLOAD_IMAGES == "true" && diff --git a/lib/gitlab/ci/templates/Terraform.gitlab-ci.yml b/lib/gitlab/ci/templates/Terraform.gitlab-ci.yml index 51bcbd278d5..2661c208665 100644 --- a/lib/gitlab/ci/templates/Terraform.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Terraform.gitlab-ci.yml @@ -24,6 +24,9 @@ validate: build: extends: .terraform:build + environment: + name: $TF_STATE_NAME + action: prepare deploy: extends: .terraform:deploy @@ -31,3 +34,4 @@ deploy: - build environment: name: $TF_STATE_NAME + action: start diff --git a/lib/gitlab/ci/templates/Terraform/Base.gitlab-ci.yml b/lib/gitlab/ci/templates/Terraform/Base.gitlab-ci.yml index dd1676f25b6..f16c28e7b60 100644 --- a/lib/gitlab/ci/templates/Terraform/Base.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Terraform/Base.gitlab-ci.yml @@ -9,7 +9,7 @@ # There is a more opinionated template which we suggest the users to abide, # which is the lib/gitlab/ci/templates/Terraform.gitlab-ci.yml image: - name: "$CI_TEMPLATE_REGISTRY_HOST/gitlab-org/terraform-images/releases/1.1:v0.43.0" + name: "$CI_TEMPLATE_REGISTRY_HOST/gitlab-org/terraform-images/releases/1.4:v1.0.0" variables: TF_ROOT: ${CI_PROJECT_DIR} # The relative path to the root directory of the Terraform project @@ -23,24 +23,24 @@ cache: .terraform:fmt: &terraform_fmt stage: validate script: - - cd "${TF_ROOT}" - gitlab-terraform fmt allow_failure: true .terraform:validate: &terraform_validate stage: validate script: - - cd "${TF_ROOT}" - gitlab-terraform validate .terraform:build: &terraform_build stage: build script: - - cd "${TF_ROOT}" - gitlab-terraform plan - gitlab-terraform plan-json resource_group: ${TF_STATE_NAME} artifacts: + # The next line, which disables public access to pipeline artifacts, may not be available everywhere. + # See: https://docs.gitlab.com/ee/ci/yaml/#artifactspublic + public: false paths: - ${TF_ROOT}/plan.cache reports: @@ -49,17 +49,16 @@ cache: .terraform:deploy: &terraform_deploy stage: deploy script: - - cd "${TF_ROOT}" - gitlab-terraform apply resource_group: ${TF_STATE_NAME} rules: + - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $TF_AUTO_DEPLOY == "true" - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH when: manual .terraform:destroy: &terraform_destroy stage: cleanup script: - - cd "${TF_ROOT}" - gitlab-terraform destroy resource_group: ${TF_STATE_NAME} when: manual diff --git a/lib/gitlab/ci/templates/Terraform/Base.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Terraform/Base.latest.gitlab-ci.yml index bc23a7c2a95..88fe55a44ab 100644 --- a/lib/gitlab/ci/templates/Terraform/Base.latest.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Terraform/Base.latest.gitlab-ci.yml @@ -24,7 +24,6 @@ cache: .terraform:fmt: &terraform_fmt stage: validate script: - - cd "${TF_ROOT}" - gitlab-terraform fmt allow_failure: true rules: @@ -36,7 +35,6 @@ cache: .terraform:validate: &terraform_validate stage: validate script: - - cd "${TF_ROOT}" - gitlab-terraform validate rules: - if: $CI_PIPELINE_SOURCE == "merge_request_event" @@ -47,11 +45,13 @@ cache: .terraform:build: &terraform_build stage: build script: - - cd "${TF_ROOT}" - gitlab-terraform plan - gitlab-terraform plan-json resource_group: ${TF_STATE_NAME} artifacts: + # The next line, which disables public access to pipeline artifacts, may not be available everywhere. + # See: https://docs.gitlab.com/ee/ci/yaml/#artifactspublic + public: false paths: - ${TF_ROOT}/plan.cache reports: @@ -65,7 +65,6 @@ cache: .terraform:deploy: &terraform_deploy stage: deploy script: - - cd "${TF_ROOT}" - gitlab-terraform apply resource_group: ${TF_STATE_NAME} rules: @@ -76,7 +75,6 @@ cache: .terraform:destroy: &terraform_destroy stage: cleanup script: - - cd "${TF_ROOT}" - gitlab-terraform destroy resource_group: ${TF_STATE_NAME} when: manual diff --git a/lib/gitlab/ci/templates/Terraform/Module-Base.gitlab-ci.yml b/lib/gitlab/ci/templates/Terraform/Module-Base.gitlab-ci.yml index e73e6194760..6d5bd7c2172 100644 --- a/lib/gitlab/ci/templates/Terraform/Module-Base.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Terraform/Module-Base.gitlab-ci.yml @@ -14,7 +14,7 @@ variables: TERRAFORM_MODULE_DIR: ${CI_PROJECT_DIR} # The relative path to the root directory of the Terraform project. TERRAFORM_MODULE_NAME: ${CI_PROJECT_NAME} # The name of your Terraform module, must not have any spaces or underscores (will be translated to hyphens). TERRAFORM_MODULE_SYSTEM: local # The system or provider your Terraform module targets (ex. local, aws, google). - TERRAFORM_MODULE_VERSION: ${CI_COMMIT_TAG} # The version - it's recommended to follow SemVer for Terraform Module Versioning. + TERRAFORM_MODULE_VERSION: ${CI_COMMIT_TAG} # The version - it's recommended to follow SemVer for Terraform Module Versioning. .terraform-module:fmt: stage: validate @@ -29,7 +29,7 @@ variables: stage: deploy image: $CI_TEMPLATE_REGISTRY_HOST/gitlab-org/terraform-images/stable:latest script: - - TERRAFORM_MODULE_NAME=$(echo "${TERRAFORM_MODULE_NAME}" | tr " _" -) # module-name must not have spaces or underscores, so translate them to hyphens + - TERRAFORM_MODULE_NAME=$(echo "${TERRAFORM_MODULE_NAME}" | tr " _" -) # module-name must not have spaces or underscores, so translate them to hyphens # Builds the Terraform module artifact: a gzipped tar archive with the contents from `$TERRAFORM_MODULE_DIR` without a `.git` directory. - tar -vczf /tmp/${TERRAFORM_MODULE_NAME}-${TERRAFORM_MODULE_SYSTEM}-${TERRAFORM_MODULE_VERSION}.tgz -C ${TERRAFORM_MODULE_DIR} --exclude=./.git . # Uploads the Terraform module artifact to the GitLab Terraform Module Registry, see diff --git a/lib/gitlab/ci/templates/Verify/Load-Performance-Testing.gitlab-ci.yml b/lib/gitlab/ci/templates/Verify/Load-Performance-Testing.gitlab-ci.yml index a907915587a..e8d1eb8e1c4 100644 --- a/lib/gitlab/ci/templates/Verify/Load-Performance-Testing.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Verify/Load-Performance-Testing.gitlab-ci.yml @@ -17,7 +17,7 @@ load_performance: variables: K6_IMAGE: grafana/k6 K6_VERSION: 0.41.0 - K6_TEST_FILE: raw.githubusercontent.com/grafana/k6/master/samples/http_get.js + K6_TEST_FILE: raw.githubusercontent.com/grafana/k6/master/examples/http_get.js K6_OPTIONS: '' K6_DOCKER_OPTIONS: '' services: diff --git a/lib/gitlab/ci/templates/dotNET.gitlab-ci.yml b/lib/gitlab/ci/templates/dotNET.gitlab-ci.yml index 8dfb6c38b55..59b45d865f1 100644 --- a/lib/gitlab/ci/templates/dotNET.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/dotNET.gitlab-ci.yml @@ -80,7 +80,7 @@ deploy_job: # the artifact files will be copied to: # P:\Projects\YourApp\Builds\Rev1.0.0.1 - First commit\ - '$commitSubject = git log -1 --pretty=%s' - - '$deployFolder = $($env:DEPLOY_FOLDER) + "\" + $($env:CI_BUILD_TAG) + " - " + $commitSubject + "\"' + - '$deployFolder = $($env:DEPLOY_FOLDER) + "\" + $($env:CI_COMMIT_TAG) + " - " + $commitSubject + "\"' # xcopy takes care of recursively creating required folders - 'xcopy /y ".\$env:EXE_RELEASE_FOLDER\YourApp.exe" "$deployFolder"' diff --git a/lib/gitlab/ci/trace/chunked_io.rb b/lib/gitlab/ci/trace/chunked_io.rb index 32f64948635..a3f1b472710 100644 --- a/lib/gitlab/ci/trace/chunked_io.rb +++ b/lib/gitlab/ci/trace/chunked_io.rb @@ -166,13 +166,6 @@ module Gitlab end def destroy! - # TODO: Remove this logging once we confirmed new live trace architecture is functional. - # See https://gitlab.com/gitlab-com/gl-infra/infrastructure/issues/4667. - unless build.has_archived_trace? - Sidekiq.logger.warn(message: 'The job does not have archived trace but going to be destroyed.', - job_id: build.id) - end - trace_chunks.fast_destroy_all @tell = @size = 0 ensure diff --git a/lib/gitlab/ci/variables/builder.rb b/lib/gitlab/ci/variables/builder.rb index 89d681c418d..86e54fdfcdf 100644 --- a/lib/gitlab/ci/variables/builder.rb +++ b/lib/gitlab/ci/variables/builder.rb @@ -140,11 +140,13 @@ module Gitlab # Set environment name here so we can access it when evaluating the job's rules variables.append(key: 'CI_ENVIRONMENT_NAME', value: job.environment) if job.environment - # legacy variables - variables.append(key: 'CI_BUILD_NAME', value: job.name) - variables.append(key: 'CI_BUILD_STAGE', value: job.stage_name) - variables.append(key: 'CI_BUILD_TRIGGERED', value: 'true') if job.trigger_request - variables.append(key: 'CI_BUILD_MANUAL', value: 'true') if job.action? + if Feature.disabled?(:ci_remove_legacy_predefined_variables, project) + # legacy variables + variables.append(key: 'CI_BUILD_NAME', value: job.name) + variables.append(key: 'CI_BUILD_STAGE', value: job.stage_name) + variables.append(key: 'CI_BUILD_TRIGGERED', value: 'true') if job.trigger_request + variables.append(key: 'CI_BUILD_MANUAL', value: 'true') if job.action? + end end end diff --git a/lib/gitlab/ci/variables/builder/pipeline.rb b/lib/gitlab/ci/variables/builder/pipeline.rb index 96d6f1673b9..1e7a18d70b0 100644 --- a/lib/gitlab/ci/variables/builder/pipeline.rb +++ b/lib/gitlab/ci/variables/builder/pipeline.rb @@ -40,7 +40,7 @@ module Gitlab attr_reader :pipeline - def predefined_commit_variables + def predefined_commit_variables # rubocop:disable Metrics/AbcSize - Remove this rubocop:disable when FF `ci_remove_legacy_predefined_variables` is removed. Gitlab::Ci::Variables::Collection.new.tap do |variables| next variables unless pipeline.sha.present? @@ -57,7 +57,9 @@ module Gitlab variables.append(key: 'CI_COMMIT_TIMESTAMP', value: pipeline.git_commit_timestamp.to_s) variables.append(key: 'CI_COMMIT_AUTHOR', value: pipeline.git_author_full_text.to_s) - variables.concat(legacy_predefined_commit_variables) + if Feature.disabled?(:ci_remove_legacy_predefined_variables, pipeline.project) + variables.concat(legacy_predefined_commit_variables) + end end end strong_memoize_attr :predefined_commit_variables @@ -81,7 +83,9 @@ module Gitlab variables.append(key: 'CI_COMMIT_TAG', value: pipeline.ref) variables.append(key: 'CI_COMMIT_TAG_MESSAGE', value: git_tag.message) - variables.concat(legacy_predefined_commit_tag_variables) + if Feature.disabled?(:ci_remove_legacy_predefined_variables, pipeline.project) + variables.concat(legacy_predefined_commit_tag_variables) + end end end strong_memoize_attr :predefined_commit_tag_variables diff --git a/lib/gitlab/ci/yaml_processor.rb b/lib/gitlab/ci/yaml_processor.rb index 59acfa80258..c69d9218a66 100644 --- a/lib/gitlab/ci/yaml_processor.rb +++ b/lib/gitlab/ci/yaml_processor.rb @@ -94,23 +94,38 @@ module Gitlab end def validate_job_needs!(name, job) - return unless needs = job.dig(:needs, :job) + validate_needs_specification!(name, job.dig(:needs, :job)) - validate_duplicate_needs!(name, needs) + job[:rules]&.each do |rule| + validate_needs_specification!(name, rule.dig(:needs, :job)) + end + end + + def validate_needs_specification!(name, needs) + return unless needs needs.each do |need| - validate_job_dependency!(name, need[:name], 'need') + validate_job_dependency!(name, need[:name], 'need', optional: need[:optional]) end - end - def validate_duplicate_needs!(name, needs) - unless needs.uniq == needs - error!("#{name} has duplicate entries in the needs section.") + duplicated_needs = + needs + .group_by { |need| need[:name] } + .select { |_, items| items.count > 1 } + .keys + + unless duplicated_needs.empty? + error!("#{name} has the following needs duplicated: #{duplicated_needs.join(', ')}.") end end - def validate_job_dependency!(name, dependency, dependency_type = 'dependency') + def validate_job_dependency!(name, dependency, dependency_type = 'dependency', optional: false) unless @jobs[dependency.to_sym] + # Here, we ignore the optional needed job if it is not in the result YAML due to the `include` + # rules. In `lib/gitlab/ci/pipeline/seed/build.rb`, we use `optional` again to ignore the + # optional needed job in case it is excluded from the pipeline due to the job's rules. + return if optional + error!("#{name} job: undefined #{dependency_type}: #{dependency}") end diff --git a/lib/gitlab/ci/yaml_processor/result.rb b/lib/gitlab/ci/yaml_processor/result.rb index d867439b10b..6207b595fc6 100644 --- a/lib/gitlab/ci/yaml_processor/result.rb +++ b/lib/gitlab/ci/yaml_processor/result.rb @@ -123,7 +123,8 @@ module Gitlab start_in: job[:start_in], trigger: job[:trigger], bridge_needs: job.dig(:needs, :bridge)&.first, - release: job[:release] + release: job[:release], + publish: job[:publish] }.compact }.compact end |