diff options
Diffstat (limited to 'spec/fixtures/security_reports/master/gl-common-scanning-report.json')
| -rw-r--r-- | spec/fixtures/security_reports/master/gl-common-scanning-report.json | 405 |
1 files changed, 244 insertions, 161 deletions
diff --git a/spec/fixtures/security_reports/master/gl-common-scanning-report.json b/spec/fixtures/security_reports/master/gl-common-scanning-report.json index 787573301bb..1295b44d4df 100644 --- a/spec/fixtures/security_reports/master/gl-common-scanning-report.json +++ b/spec/fixtures/security_reports/master/gl-common-scanning-report.json @@ -1,5 +1,6 @@ { - "vulnerabilities": [{ + "vulnerabilities": [ + { "category": "dependency_scanning", "name": "Vulnerability for remediation testing 1", "message": "This vulnerability should have ONE remediation", @@ -12,24 +13,32 @@ "name": "Gemnasium" }, "location": {}, - "identifiers": [{ - "type": "GitLab", - "name": "Foo vulnerability", - "value": "foo" - }], - "links": [{ - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2137" - }], + "identifiers": [ + { + "type": "GitLab", + "name": "Foo vulnerability", + "value": "foo" + } + ], + "links": [ + { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2137" + } + ], "details": { "commit": { - "name": [{ - "lang": "en", - "value": "The Commit" - }], - "description": [{ - "lang": "en", - "value": "Commit where the vulnerability was identified" - }], + "name": [ + { + "lang": "en", + "value": "The Commit" + } + ], + "description": [ + { + "lang": "en", + "value": "Commit where the vulnerability was identified" + } + ], "type": "commit", "value": "41df7b7eb3be2b5be2c406c2f6d28cd6631eeb19" } @@ -48,24 +57,32 @@ "name": "Gemnasium" }, "location": {}, - "identifiers": [{ - "type": "GitLab", - "name": "Foo vulnerability", - "value": "foo" - }], - "links": [{ - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2138" - }], + "identifiers": [ + { + "type": "GitLab", + "name": "Foo vulnerability", + "value": "foo" + } + ], + "links": [ + { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2138" + } + ], "details": { "commit": { - "name": [{ - "lang": "en", - "value": "The Commit" - }], - "description": [{ - "lang": "en", - "value": "Commit where the vulnerability was identified" - }], + "name": [ + { + "lang": "en", + "value": "The Commit" + } + ], + "description": [ + { + "lang": "en", + "value": "Commit where the vulnerability was identified" + } + ], "type": "commit", "value": "41df7b7eb3be2b5be2c406c2f6d28cd6631eeb19" } @@ -84,24 +101,32 @@ "name": "Gemnasium" }, "location": {}, - "identifiers": [{ - "type": "GitLab", - "name": "Foo vulnerability", - "value": "foo" - }], - "links": [{ - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2139" - }], + "identifiers": [ + { + "type": "GitLab", + "name": "Foo vulnerability", + "value": "foo" + } + ], + "links": [ + { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2139" + } + ], "details": { "commit": { - "name": [{ - "lang": "en", - "value": "The Commit" - }], - "description": [{ - "lang": "en", - "value": "Commit where the vulnerability was identified" - }], + "name": [ + { + "lang": "en", + "value": "The Commit" + } + ], + "description": [ + { + "lang": "en", + "value": "Commit where the vulnerability was identified" + } + ], "type": "commit", "value": "41df7b7eb3be2b5be2c406c2f6d28cd6631eeb19" } @@ -120,24 +145,32 @@ "name": "Gemnasium" }, "location": {}, - "identifiers": [{ - "type": "GitLab", - "name": "Foo vulnerability", - "value": "foo" - }], - "links": [{ - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2140" - }], + "identifiers": [ + { + "type": "GitLab", + "name": "Foo vulnerability", + "value": "foo" + } + ], + "links": [ + { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2140" + } + ], "details": { "commit": { - "name": [{ - "lang": "en", - "value": "The Commit" - }], - "description": [{ - "lang": "en", - "value": "Commit where the vulnerability was identified" - }], + "name": [ + { + "lang": "en", + "value": "The Commit" + } + ], + "description": [ + { + "lang": "en", + "value": "Commit where the vulnerability was identified" + } + ], "type": "commit", "value": "41df7b7eb3be2b5be2c406c2f6d28cd6631eeb19" } @@ -162,30 +195,37 @@ }, "summary": "The Origin header was changed to an invalid value of http://peachapisecurity.com and the response contained an Access-Control-Allow-Origin header which included this invalid Origin, indicating that the CORS configuration on the server is overly permissive.\n\n\n", "request": { - "headers": [{ - "name": "Host", - "value": "127.0.0.1:7777" - }], + "headers": [ + { + "name": "Host", + "value": "127.0.0.1:7777" + } + ], "method": "GET", "url": "http://127.0.0.1:7777/api/users", "body": "" }, "response": { - "headers": [{ - "name": "Server", - "value": "TwistedWeb/20.3.0" - }], + "headers": [ + { + "name": "Server", + "value": "TwistedWeb/20.3.0" + } + ], "reason_phrase": "OK", "status_code": 200, "body": "[{\"user_id\":1,\"user\":\"admin\",\"first\":\"Joe\",\"last\":\"Smith\",\"password\":\"Password!\"}]" }, - "supporting_messages": [{ + "supporting_messages": [ + { "name": "Origional", "request": { - "headers": [{ - "name": "Host", - "value": "127.0.0.1:7777" - }], + "headers": [ + { + "name": "Host", + "value": "127.0.0.1:7777" + } + ], "method": "GET", "url": "http://127.0.0.1:7777/api/users", "body": "" @@ -194,19 +234,23 @@ { "name": "Recorded", "request": { - "headers": [{ - "name": "Host", - "value": "127.0.0.1:7777" - }], + "headers": [ + { + "name": "Host", + "value": "127.0.0.1:7777" + } + ], "method": "GET", "url": "http://127.0.0.1:7777/api/users", "body": "" }, "response": { - "headers": [{ - "name": "Server", - "value": "TwistedWeb/20.3.0" - }], + "headers": [ + { + "name": "Server", + "value": "TwistedWeb/20.3.0" + } + ], "reason_phrase": "OK", "status_code": 200, "body": "[{\"user_id\":1,\"user\":\"admin\",\"first\":\"Joe\",\"last\":\"Smith\",\"password\":\"Password!\"}]" @@ -215,24 +259,32 @@ ] }, "location": {}, - "identifiers": [{ - "type": "GitLab", - "name": "Foo vulnerability", - "value": "foo" - }], - "links": [{ - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1020" - }], + "identifiers": [ + { + "type": "GitLab", + "name": "Foo vulnerability", + "value": "foo" + } + ], + "links": [ + { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1020" + } + ], "details": { "commit": { - "name": [{ - "lang": "en", - "value": "The Commit" - }], - "description": [{ - "lang": "en", - "value": "Commit where the vulnerability was identified" - }], + "name": [ + { + "lang": "en", + "value": "The Commit" + } + ], + "description": [ + { + "lang": "en", + "value": "Commit where the vulnerability was identified" + } + ], "type": "commit", "value": "41df7b7eb3be2b5be2c406c2f6d28cd6631eeb19" } @@ -258,30 +310,37 @@ }, "summary": "The Origin header was changed to an invalid value of http://peachapisecurity.com and the response contained an Access-Control-Allow-Origin header which included this invalid Origin, indicating that the CORS configuration on the server is overly permissive.\n\n\n", "request": { - "headers": [{ - "name": "Host", - "value": "127.0.0.1:7777" - }], + "headers": [ + { + "name": "Host", + "value": "127.0.0.1:7777" + } + ], "method": "GET", "url": "http://127.0.0.1:7777/api/users", "body": "" }, "response": { - "headers": [{ - "name": "Server", - "value": "TwistedWeb/20.3.0" - }], + "headers": [ + { + "name": "Server", + "value": "TwistedWeb/20.3.0" + } + ], "reason_phrase": "OK", "status_code": 200, "body": "[{\"user_id\":1,\"user\":\"admin\",\"first\":\"Joe\",\"last\":\"Smith\",\"password\":\"Password!\"}]" }, - "supporting_messages": [{ + "supporting_messages": [ + { "name": "Origional", "request": { - "headers": [{ - "name": "Host", - "value": "127.0.0.1:7777" - }], + "headers": [ + { + "name": "Host", + "value": "127.0.0.1:7777" + } + ], "method": "GET", "url": "http://127.0.0.1:7777/api/users", "body": "" @@ -290,19 +349,23 @@ { "name": "Recorded", "request": { - "headers": [{ - "name": "Host", - "value": "127.0.0.1:7777" - }], + "headers": [ + { + "name": "Host", + "value": "127.0.0.1:7777" + } + ], "method": "GET", "url": "http://127.0.0.1:7777/api/users", "body": "" }, "response": { - "headers": [{ - "name": "Server", - "value": "TwistedWeb/20.3.0" - }], + "headers": [ + { + "name": "Server", + "value": "TwistedWeb/20.3.0" + } + ], "reason_phrase": "OK", "status_code": 200, "body": "[{\"user_id\":1,\"user\":\"admin\",\"first\":\"Joe\",\"last\":\"Smith\",\"password\":\"Password!\"}]" @@ -311,15 +374,19 @@ ] }, "location": {}, - "identifiers": [{ - "type": "GitLab", - "name": "Bar vulnerability", - "value": "bar" - }], - "links": [{ - "name": "CVE-1030", - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1030" - }] + "identifiers": [ + { + "type": "GitLab", + "name": "Bar vulnerability", + "value": "bar" + } + ], + "links": [ + { + "name": "CVE-1030", + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1030" + } + ] }, { "category": "dependency_scanning", @@ -338,57 +405,73 @@ "links": [] } ], - "remediations": [{ - "fixes": [{ - "cve": "CVE-2137" - }], + "remediations": [ + { + "fixes": [ + { + "cve": "CVE-2137" + } + ], "summary": "this remediates CVE-2137", "diff": "dG90YWxseSBsZWdpdCBkaWZm" }, { - "fixes": [{ - "cve": "CVE-2138" - }], + "fixes": [ + { + "cve": "CVE-2138" + } + ], "summary": "this remediates CVE-2138", "diff": "dG90YWxseSBsZWdpdCBkaWZm" }, { - "fixes": [{ - "cve": "CVE-2139" - }, { - "cve": "CVE-2140" - }], + "fixes": [ + { + "cve": "CVE-2139" + }, + { + "cve": "CVE-2140" + } + ], "summary": "this remediates CVE-2139 and CVE-2140", "diff": "dG90YWxseSBsZWdpdGltYXRlIGRpZmYsIDEwLzEwIHdvdWxkIGFwcGx5" }, { - "fixes": [{ - "cve": "CVE-1020" - }], + "fixes": [ + { + "cve": "CVE-1020" + } + ], "summary": "", "diff": "" }, { - "fixes": [{ - "cve": "CVE", - "id": "bb2fbeb1b71ea360ce3f86f001d4e84823c3ffe1a1f7d41ba7466b14cfa953d3" - }], + "fixes": [ + { + "cve": "CVE", + "id": "bb2fbeb1b71ea360ce3f86f001d4e84823c3ffe1a1f7d41ba7466b14cfa953d3" + } + ], "summary": "", "diff": "" }, { - "fixes": [{ - "cve": "CVE", - "id": "bb2fbeb1b71ea360ce3f86f001d4e84823c3ffe1a1f7d41ba7466b14cfa953d3" - }], + "fixes": [ + { + "cve": "CVE", + "id": "bb2fbeb1b71ea360ce3f86f001d4e84823c3ffe1a1f7d41ba7466b14cfa953d3" + } + ], "summary": "", "diff": "" }, { - "fixes": [{ - "id": "2134", - "cve": "CVE-1" - }], + "fixes": [ + { + "id": "2134", + "cve": "CVE-1" + } + ], "summary": "", "diff": "" } @@ -406,7 +489,7 @@ }, "scanner": { "id": "gemnasium", - "name": "Gemnasium", + "name": "Gemnasium top-level", "url": "https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium-maven", "vendor": { "name": "GitLab" @@ -419,4 +502,4 @@ "status": "success" }, "version": "14.0.2" -} +}
\ No newline at end of file |