From 6ed4ec3e0b1340f96b7c043ef51d1b33bbe85fde Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Mon, 19 Sep 2022 23:18:09 +0000 Subject: Add latest changes from gitlab-org/gitlab@15-4-stable-ee --- .../deprecated/gl-sast-report.json | 2 +- .../feature-branch/gl-sast-report.json | 2 +- .../feature-branch/gl-secret-detection-report.json | 2 +- .../master/gl-common-scanning-report-names.json | 2 +- ...-scanning-report-without-top-level-scanner.json | 50 +++ .../master/gl-common-scanning-report.json | 405 +++++++++++++-------- .../master/gl-sast-missing-scanner.json | 2 +- .../master/gl-sast-report-bandit.json | 2 +- .../master/gl-sast-report-gosec.json | 2 +- .../master/gl-sast-report-minimal.json | 2 +- .../master/gl-sast-report-semgrep-for-bandit.json | 2 +- .../master/gl-sast-report-semgrep-for-gosec.json | 2 +- .../security_reports/master/gl-sast-report.json | 2 +- .../master/gl-secret-detection-report.json | 2 +- 14 files changed, 306 insertions(+), 173 deletions(-) create mode 100644 spec/fixtures/security_reports/master/gl-common-scanning-report-without-top-level-scanner.json (limited to 'spec/fixtures/security_reports') diff --git a/spec/fixtures/security_reports/deprecated/gl-sast-report.json b/spec/fixtures/security_reports/deprecated/gl-sast-report.json index 2f7e47281e2..c5b0148fe3e 100644 --- a/spec/fixtures/security_reports/deprecated/gl-sast-report.json +++ b/spec/fixtures/security_reports/deprecated/gl-sast-report.json @@ -961,4 +961,4 @@ "url": "https://cwe.mitre.org/data/definitions/120.html", "tool": "flawfinder" } -] +] \ No newline at end of file diff --git a/spec/fixtures/security_reports/feature-branch/gl-sast-report.json b/spec/fixtures/security_reports/feature-branch/gl-sast-report.json index f93233e0ebb..51761583c70 100644 --- a/spec/fixtures/security_reports/feature-branch/gl-sast-report.json +++ b/spec/fixtures/security_reports/feature-branch/gl-sast-report.json @@ -174,4 +174,4 @@ "start_time": "placeholder-value", "end_time": "placeholder-value" } -} +} \ No newline at end of file diff --git a/spec/fixtures/security_reports/feature-branch/gl-secret-detection-report.json b/spec/fixtures/security_reports/feature-branch/gl-secret-detection-report.json index 538364f84a2..4862a504cec 100644 --- a/spec/fixtures/security_reports/feature-branch/gl-secret-detection-report.json +++ b/spec/fixtures/security_reports/feature-branch/gl-secret-detection-report.json @@ -2,4 +2,4 @@ "version": "14.1.2", "vulnerabilities": [], "remediations": [] -} +} \ No newline at end of file diff --git a/spec/fixtures/security_reports/master/gl-common-scanning-report-names.json b/spec/fixtures/security_reports/master/gl-common-scanning-report-names.json index 3cfb3e51ef7..ef2ff7443d3 100644 --- a/spec/fixtures/security_reports/master/gl-common-scanning-report-names.json +++ b/spec/fixtures/security_reports/master/gl-common-scanning-report-names.json @@ -165,4 +165,4 @@ "end_time": "placeholder-value", "status": "success" } -} +} \ No newline at end of file diff --git a/spec/fixtures/security_reports/master/gl-common-scanning-report-without-top-level-scanner.json b/spec/fixtures/security_reports/master/gl-common-scanning-report-without-top-level-scanner.json new file mode 100644 index 00000000000..417dc960aff --- /dev/null +++ b/spec/fixtures/security_reports/master/gl-common-scanning-report-without-top-level-scanner.json @@ -0,0 +1,50 @@ +{ + "vulnerabilities": [ + { + "category": "dependency_scanning", + "name": "Vulnerability for remediation testing 1", + "message": "This vulnerability should have ONE remediation", + "description": "", + "cve": "CVE-2137", + "severity": "High", + "solution": "Upgrade to latest version.", + "scanner": { + "id": "gemnasium", + "name": "Gemnasium" + }, + "location": {}, + "identifiers": [ + { + "type": "GitLab", + "name": "Foo vulnerability", + "value": "foo" + } + ], + "links": [ + { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2137" + } + ], + "details": { + "commit": { + "name": [ + { + "lang": "en", + "value": "The Commit" + } + ], + "description": [ + { + "lang": "en", + "value": "Commit where the vulnerability was identified" + } + ], + "type": "commit", + "value": "41df7b7eb3be2b5be2c406c2f6d28cd6631eeb19" + } + } + } + ], + "dependency_files": [], + "version": "14.0.2" +} \ No newline at end of file diff --git a/spec/fixtures/security_reports/master/gl-common-scanning-report.json b/spec/fixtures/security_reports/master/gl-common-scanning-report.json index 787573301bb..1295b44d4df 100644 --- a/spec/fixtures/security_reports/master/gl-common-scanning-report.json +++ b/spec/fixtures/security_reports/master/gl-common-scanning-report.json @@ -1,5 +1,6 @@ { - "vulnerabilities": [{ + "vulnerabilities": [ + { "category": "dependency_scanning", "name": "Vulnerability for remediation testing 1", "message": "This vulnerability should have ONE remediation", @@ -12,24 +13,32 @@ "name": "Gemnasium" }, "location": {}, - "identifiers": [{ - "type": "GitLab", - "name": "Foo vulnerability", - "value": "foo" - }], - "links": [{ - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2137" - }], + "identifiers": [ + { + "type": "GitLab", + "name": "Foo vulnerability", + "value": "foo" + } + ], + "links": [ + { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2137" + } + ], "details": { "commit": { - "name": [{ - "lang": "en", - "value": "The Commit" - }], - "description": [{ - "lang": "en", - "value": "Commit where the vulnerability was identified" - }], + "name": [ + { + "lang": "en", + "value": "The Commit" + } + ], + "description": [ + { + "lang": "en", + "value": "Commit where the vulnerability was identified" + } + ], "type": "commit", "value": "41df7b7eb3be2b5be2c406c2f6d28cd6631eeb19" } @@ -48,24 +57,32 @@ "name": "Gemnasium" }, "location": {}, - "identifiers": [{ - "type": "GitLab", - "name": "Foo vulnerability", - "value": "foo" - }], - "links": [{ - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2138" - }], + "identifiers": [ + { + "type": "GitLab", + "name": "Foo vulnerability", + "value": "foo" + } + ], + "links": [ + { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2138" + } + ], "details": { "commit": { - "name": [{ - "lang": "en", - "value": "The Commit" - }], - "description": [{ - "lang": "en", - "value": "Commit where the vulnerability was identified" - }], + "name": [ + { + "lang": "en", + "value": "The Commit" + } + ], + "description": [ + { + "lang": "en", + "value": "Commit where the vulnerability was identified" + } + ], "type": "commit", "value": "41df7b7eb3be2b5be2c406c2f6d28cd6631eeb19" } @@ -84,24 +101,32 @@ "name": "Gemnasium" }, "location": {}, - "identifiers": [{ - "type": "GitLab", - "name": "Foo vulnerability", - "value": "foo" - }], - "links": [{ - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2139" - }], + "identifiers": [ + { + "type": "GitLab", + "name": "Foo vulnerability", + "value": "foo" + } + ], + "links": [ + { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2139" + } + ], "details": { "commit": { - "name": [{ - "lang": "en", - "value": "The Commit" - }], - "description": [{ - "lang": "en", - "value": "Commit where the vulnerability was identified" - }], + "name": [ + { + "lang": "en", + "value": "The Commit" + } + ], + "description": [ + { + "lang": "en", + "value": "Commit where the vulnerability was identified" + } + ], "type": "commit", "value": "41df7b7eb3be2b5be2c406c2f6d28cd6631eeb19" } @@ -120,24 +145,32 @@ "name": "Gemnasium" }, "location": {}, - "identifiers": [{ - "type": "GitLab", - "name": "Foo vulnerability", - "value": "foo" - }], - "links": [{ - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2140" - }], + "identifiers": [ + { + "type": "GitLab", + "name": "Foo vulnerability", + "value": "foo" + } + ], + "links": [ + { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2140" + } + ], "details": { "commit": { - "name": [{ - "lang": "en", - "value": "The Commit" - }], - "description": [{ - "lang": "en", - "value": "Commit where the vulnerability was identified" - }], + "name": [ + { + "lang": "en", + "value": "The Commit" + } + ], + "description": [ + { + "lang": "en", + "value": "Commit where the vulnerability was identified" + } + ], "type": "commit", "value": "41df7b7eb3be2b5be2c406c2f6d28cd6631eeb19" } @@ -162,30 +195,37 @@ }, "summary": "The Origin header was changed to an invalid value of http://peachapisecurity.com and the response contained an Access-Control-Allow-Origin header which included this invalid Origin, indicating that the CORS configuration on the server is overly permissive.\n\n\n", "request": { - "headers": [{ - "name": "Host", - "value": "127.0.0.1:7777" - }], + "headers": [ + { + "name": "Host", + "value": "127.0.0.1:7777" + } + ], "method": "GET", "url": "http://127.0.0.1:7777/api/users", "body": "" }, "response": { - "headers": [{ - "name": "Server", - "value": "TwistedWeb/20.3.0" - }], + "headers": [ + { + "name": "Server", + "value": "TwistedWeb/20.3.0" + } + ], "reason_phrase": "OK", "status_code": 200, "body": "[{\"user_id\":1,\"user\":\"admin\",\"first\":\"Joe\",\"last\":\"Smith\",\"password\":\"Password!\"}]" }, - "supporting_messages": [{ + "supporting_messages": [ + { "name": "Origional", "request": { - "headers": [{ - "name": "Host", - "value": "127.0.0.1:7777" - }], + "headers": [ + { + "name": "Host", + "value": "127.0.0.1:7777" + } + ], "method": "GET", "url": "http://127.0.0.1:7777/api/users", "body": "" @@ -194,19 +234,23 @@ { "name": "Recorded", "request": { - "headers": [{ - "name": "Host", - "value": "127.0.0.1:7777" - }], + "headers": [ + { + "name": "Host", + "value": "127.0.0.1:7777" + } + ], "method": "GET", "url": "http://127.0.0.1:7777/api/users", "body": "" }, "response": { - "headers": [{ - "name": "Server", - "value": "TwistedWeb/20.3.0" - }], + "headers": [ + { + "name": "Server", + "value": "TwistedWeb/20.3.0" + } + ], "reason_phrase": "OK", "status_code": 200, "body": "[{\"user_id\":1,\"user\":\"admin\",\"first\":\"Joe\",\"last\":\"Smith\",\"password\":\"Password!\"}]" @@ -215,24 +259,32 @@ ] }, "location": {}, - "identifiers": [{ - "type": "GitLab", - "name": "Foo vulnerability", - "value": "foo" - }], - "links": [{ - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1020" - }], + "identifiers": [ + { + "type": "GitLab", + "name": "Foo vulnerability", + "value": "foo" + } + ], + "links": [ + { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1020" + } + ], "details": { "commit": { - "name": [{ - "lang": "en", - "value": "The Commit" - }], - "description": [{ - "lang": "en", - "value": "Commit where the vulnerability was identified" - }], + "name": [ + { + "lang": "en", + "value": "The Commit" + } + ], + "description": [ + { + "lang": "en", + "value": "Commit where the vulnerability was identified" + } + ], "type": "commit", "value": "41df7b7eb3be2b5be2c406c2f6d28cd6631eeb19" } @@ -258,30 +310,37 @@ }, "summary": "The Origin header was changed to an invalid value of http://peachapisecurity.com and the response contained an Access-Control-Allow-Origin header which included this invalid Origin, indicating that the CORS configuration on the server is overly permissive.\n\n\n", "request": { - "headers": [{ - "name": "Host", - "value": "127.0.0.1:7777" - }], + "headers": [ + { + "name": "Host", + "value": "127.0.0.1:7777" + } + ], "method": "GET", "url": "http://127.0.0.1:7777/api/users", "body": "" }, "response": { - "headers": [{ - "name": "Server", - "value": "TwistedWeb/20.3.0" - }], + "headers": [ + { + "name": "Server", + "value": "TwistedWeb/20.3.0" + } + ], "reason_phrase": "OK", "status_code": 200, "body": "[{\"user_id\":1,\"user\":\"admin\",\"first\":\"Joe\",\"last\":\"Smith\",\"password\":\"Password!\"}]" }, - "supporting_messages": [{ + "supporting_messages": [ + { "name": "Origional", "request": { - "headers": [{ - "name": "Host", - "value": "127.0.0.1:7777" - }], + "headers": [ + { + "name": "Host", + "value": "127.0.0.1:7777" + } + ], "method": "GET", "url": "http://127.0.0.1:7777/api/users", "body": "" @@ -290,19 +349,23 @@ { "name": "Recorded", "request": { - "headers": [{ - "name": "Host", - "value": "127.0.0.1:7777" - }], + "headers": [ + { + "name": "Host", + "value": "127.0.0.1:7777" + } + ], "method": "GET", "url": "http://127.0.0.1:7777/api/users", "body": "" }, "response": { - "headers": [{ - "name": "Server", - "value": "TwistedWeb/20.3.0" - }], + "headers": [ + { + "name": "Server", + "value": "TwistedWeb/20.3.0" + } + ], "reason_phrase": "OK", "status_code": 200, "body": "[{\"user_id\":1,\"user\":\"admin\",\"first\":\"Joe\",\"last\":\"Smith\",\"password\":\"Password!\"}]" @@ -311,15 +374,19 @@ ] }, "location": {}, - "identifiers": [{ - "type": "GitLab", - "name": "Bar vulnerability", - "value": "bar" - }], - "links": [{ - "name": "CVE-1030", - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1030" - }] + "identifiers": [ + { + "type": "GitLab", + "name": "Bar vulnerability", + "value": "bar" + } + ], + "links": [ + { + "name": "CVE-1030", + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1030" + } + ] }, { "category": "dependency_scanning", @@ -338,57 +405,73 @@ "links": [] } ], - "remediations": [{ - "fixes": [{ - "cve": "CVE-2137" - }], + "remediations": [ + { + "fixes": [ + { + "cve": "CVE-2137" + } + ], "summary": "this remediates CVE-2137", "diff": "dG90YWxseSBsZWdpdCBkaWZm" }, { - "fixes": [{ - "cve": "CVE-2138" - }], + "fixes": [ + { + "cve": "CVE-2138" + } + ], "summary": "this remediates CVE-2138", "diff": "dG90YWxseSBsZWdpdCBkaWZm" }, { - "fixes": [{ - "cve": "CVE-2139" - }, { - "cve": "CVE-2140" - }], + "fixes": [ + { + "cve": "CVE-2139" + }, + { + "cve": "CVE-2140" + } + ], "summary": "this remediates CVE-2139 and CVE-2140", "diff": "dG90YWxseSBsZWdpdGltYXRlIGRpZmYsIDEwLzEwIHdvdWxkIGFwcGx5" }, { - "fixes": [{ - "cve": "CVE-1020" - }], + "fixes": [ + { + "cve": "CVE-1020" + } + ], "summary": "", "diff": "" }, { - "fixes": [{ - "cve": "CVE", - "id": "bb2fbeb1b71ea360ce3f86f001d4e84823c3ffe1a1f7d41ba7466b14cfa953d3" - }], + "fixes": [ + { + "cve": "CVE", + "id": "bb2fbeb1b71ea360ce3f86f001d4e84823c3ffe1a1f7d41ba7466b14cfa953d3" + } + ], "summary": "", "diff": "" }, { - "fixes": [{ - "cve": "CVE", - "id": "bb2fbeb1b71ea360ce3f86f001d4e84823c3ffe1a1f7d41ba7466b14cfa953d3" - }], + "fixes": [ + { + "cve": "CVE", + "id": "bb2fbeb1b71ea360ce3f86f001d4e84823c3ffe1a1f7d41ba7466b14cfa953d3" + } + ], "summary": "", "diff": "" }, { - "fixes": [{ - "id": "2134", - "cve": "CVE-1" - }], + "fixes": [ + { + "id": "2134", + "cve": "CVE-1" + } + ], "summary": "", "diff": "" } @@ -406,7 +489,7 @@ }, "scanner": { "id": "gemnasium", - "name": "Gemnasium", + "name": "Gemnasium top-level", "url": "https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium-maven", "vendor": { "name": "GitLab" @@ -419,4 +502,4 @@ "status": "success" }, "version": "14.0.2" -} +} \ No newline at end of file diff --git a/spec/fixtures/security_reports/master/gl-sast-missing-scanner.json b/spec/fixtures/security_reports/master/gl-sast-missing-scanner.json index ab3ee348263..fcfd9b831f4 100644 --- a/spec/fixtures/security_reports/master/gl-sast-missing-scanner.json +++ b/spec/fixtures/security_reports/master/gl-sast-missing-scanner.json @@ -799,4 +799,4 @@ "url": "https://cwe.mitre.org/data/definitions/120.html" } ] -} +} \ No newline at end of file diff --git a/spec/fixtures/security_reports/master/gl-sast-report-bandit.json b/spec/fixtures/security_reports/master/gl-sast-report-bandit.json index a80833354ed..d0346479b85 100644 --- a/spec/fixtures/security_reports/master/gl-sast-report-bandit.json +++ b/spec/fixtures/security_reports/master/gl-sast-report-bandit.json @@ -40,4 +40,4 @@ "end_time": "2022-03-11T00:21:50", "status": "success" } -} +} \ No newline at end of file diff --git a/spec/fixtures/security_reports/master/gl-sast-report-gosec.json b/spec/fixtures/security_reports/master/gl-sast-report-gosec.json index 42986ea1045..4c385326c8c 100644 --- a/spec/fixtures/security_reports/master/gl-sast-report-gosec.json +++ b/spec/fixtures/security_reports/master/gl-sast-report-gosec.json @@ -65,4 +65,4 @@ "end_time": "2022-03-15T20:33:17", "status": "success" } -} +} \ No newline at end of file diff --git a/spec/fixtures/security_reports/master/gl-sast-report-minimal.json b/spec/fixtures/security_reports/master/gl-sast-report-minimal.json index 60a67453c9b..5e9273d43b1 100644 --- a/spec/fixtures/security_reports/master/gl-sast-report-minimal.json +++ b/spec/fixtures/security_reports/master/gl-sast-report-minimal.json @@ -65,4 +65,4 @@ "start_time": "placeholder-value", "end_time": "placeholder-value" } -} +} \ No newline at end of file diff --git a/spec/fixtures/security_reports/master/gl-sast-report-semgrep-for-bandit.json b/spec/fixtures/security_reports/master/gl-sast-report-semgrep-for-bandit.json index 2a60a75366e..037b9fb8d3e 100644 --- a/spec/fixtures/security_reports/master/gl-sast-report-semgrep-for-bandit.json +++ b/spec/fixtures/security_reports/master/gl-sast-report-semgrep-for-bandit.json @@ -68,4 +68,4 @@ "end_time": "2022-03-11T18:48:22", "status": "success" } -} +} \ No newline at end of file diff --git a/spec/fixtures/security_reports/master/gl-sast-report-semgrep-for-gosec.json b/spec/fixtures/security_reports/master/gl-sast-report-semgrep-for-gosec.json index 3d8c65d5823..f01d26a69c9 100644 --- a/spec/fixtures/security_reports/master/gl-sast-report-semgrep-for-gosec.json +++ b/spec/fixtures/security_reports/master/gl-sast-report-semgrep-for-gosec.json @@ -67,4 +67,4 @@ "end_time": "2022-03-15T20:37:05", "status": "success" } -} +} \ No newline at end of file diff --git a/spec/fixtures/security_reports/master/gl-sast-report.json b/spec/fixtures/security_reports/master/gl-sast-report.json index 63504e6fccc..1aa8db1a65f 100644 --- a/spec/fixtures/security_reports/master/gl-sast-report.json +++ b/spec/fixtures/security_reports/master/gl-sast-report.json @@ -197,4 +197,4 @@ "start_time": "placeholder-value", "end_time": "placeholder-value" } -} +} \ No newline at end of file diff --git a/spec/fixtures/security_reports/master/gl-secret-detection-report.json b/spec/fixtures/security_reports/master/gl-secret-detection-report.json index 9b0b2a19beb..21d4f3f1798 100644 --- a/spec/fixtures/security_reports/master/gl-secret-detection-report.json +++ b/spec/fixtures/security_reports/master/gl-secret-detection-report.json @@ -30,4 +30,4 @@ } ], "remediations": [] -} +} \ No newline at end of file -- cgit v1.2.3