diff options
Diffstat (limited to 'spec/support/migrations_helpers/vulnerabilities_findings_helper.rb')
-rw-r--r-- | spec/support/migrations_helpers/vulnerabilities_findings_helper.rb | 118 |
1 files changed, 118 insertions, 0 deletions
diff --git a/spec/support/migrations_helpers/vulnerabilities_findings_helper.rb b/spec/support/migrations_helpers/vulnerabilities_findings_helper.rb new file mode 100644 index 00000000000..922f49ba84a --- /dev/null +++ b/spec/support/migrations_helpers/vulnerabilities_findings_helper.rb @@ -0,0 +1,118 @@ +# frozen_string_literal: true + +module MigrationHelpers + module VulnerabilitiesFindingsHelper + def attributes_for_vulnerabilities_finding + uuid = SecureRandom.uuid + + { + project_fingerprint: SecureRandom.hex(20), + location_fingerprint: Digest::SHA1.hexdigest(SecureRandom.hex(10)), + uuid: uuid, + name: "Vulnerability Finding #{uuid}", + metadata_version: '1.3', + raw_metadata: raw_metadata + } + end + + def raw_metadata + { + "description" => "The cipher does not provide data integrity update 1", + "message" => "The cipher does not provide data integrity", + "cve" => "818bf5dacb291e15d9e6dc3c5ac32178:CIPHER", + "solution" => "GCM mode introduces an HMAC into the resulting encrypted data, providing integrity of the result.", + "location" => { + "file" => "maven/src/main/java/com/gitlab/security_products/tests/App.java", + "start_line" => 29, + "end_line" => 29, + "class" => "com.gitlab.security_products.tests.App", + "method" => "insecureCypher" + }, + "links" => [ + { + "name" => "Cipher does not check for integrity first?", + "url" => "https://crypto.stackexchange.com/questions/31428/pbewithmd5anddes-cipher-does-not-check-for-integrity-first" + } + ], + "assets" => [ + { + "type" => "postman", + "name" => "Test Postman Collection", + "url" => "http://localhost/test.collection" + } + ], + "evidence" => { + "summary" => "Credit card detected", + "request" => { + "method" => "GET", + "url" => "http://goat:8080/WebGoat/logout", + "body" => nil, + "headers" => [ + { + "name" => "Accept", + "value" => "*/*" + } + ] + }, + "response" => { + "reason_phrase" => "OK", + "status_code" => 200, + "body" => nil, + "headers" => [ + { + "name" => "Content-Length", + "value" => "0" + } + ] + }, + "source" => { + "id" => "assert:Response Body Analysis", + "name" => "Response Body Analysis", + "url" => "htpp://hostname/documentation" + }, + "supporting_messages" => [ + { + "name" => "Origional", + "request" => { + "method" => "GET", + "url" => "http://goat:8080/WebGoat/logout", + "body" => "", + "headers" => [ + { + "name" => "Accept", + "value" => "*/*" + } + ] + } + }, + { + "name" => "Recorded", + "request" => { + "method" => "GET", + "url" => "http://goat:8080/WebGoat/logout", + "body" => "", + "headers" => [ + { + "name" => "Accept", + "value" => "*/*" + } + ] + }, + "response" => { + "reason_phrase" => "OK", + "status_code" => 200, + "body" => "", + "headers" => [ + { + "name" => "Content-Length", + "value" => "0" + } + ] + } + } + ] + } + } + end + end +end |