debian-mirror-gitlab/spec/fixtures/security_reports/feature-branch/gl-sast-report.json

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

194 lines
5.9 KiB
JSON
Raw Permalink Normal View History

2021-10-27 15:23:28 +05:30
{
2023-06-20 00:43:36 +05:30
"version": "15.0.0",
2021-10-27 15:23:28 +05:30
"vulnerabilities": [
{
2023-06-20 00:43:36 +05:30
"id": "1",
2021-10-27 15:23:28 +05:30
"category": "sast",
"name": "Predictable pseudorandom number generator",
"message": "Predictable pseudorandom number generator",
"cve": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:47:PREDICTABLE_RANDOM",
"severity": "Medium",
"confidence": "Medium",
"scanner": {
"id": "find_sec_bugs",
"name": "Find Security Bugs"
},
"location": {
"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
"start_line": 47,
"end_line": 47,
"class": "com.gitlab.security_products.tests.App",
"method": "generateSecretToken2"
},
"identifiers": [
{
"type": "find_sec_bugs_type",
"name": "Find Security Bugs-PREDICTABLE_RANDOM",
"value": "PREDICTABLE_RANDOM",
"url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM"
}
]
},
{
2023-06-20 00:43:36 +05:30
"id": "2",
2021-10-27 15:23:28 +05:30
"category": "sast",
"name": "Predictable pseudorandom number generator",
"message": "Predictable pseudorandom number generator",
"cve": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:41:PREDICTABLE_RANDOM",
"severity": "Low",
"confidence": "Low",
"scanner": {
"id": "find_sec_bugs",
"name": "Find Security Bugs"
},
"location": {
"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
"start_line": 41,
"end_line": 41,
"class": "com.gitlab.security_products.tests.App",
"method": "generateSecretToken1"
},
"identifiers": [
{
"type": "find_sec_bugs_type",
"name": "Find Security Bugs-PREDICTABLE_RANDOM",
"value": "PREDICTABLE_RANDOM",
"url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM"
}
]
},
{
2023-06-20 00:43:36 +05:30
"id": "3",
2021-10-27 15:23:28 +05:30
"category": "sast",
"name": "ECB mode is insecure",
"message": "ECB mode is insecure",
"description": "The cipher uses ECB mode, which provides poor confidentiality for encrypted data",
"cve": "ea0f905fc76f2739d5f10a1fd1e37a10:ECB_MODE:java-maven/src/main/java/com/gitlab/security_products/tests/App.java:29",
"severity": "Medium",
"confidence": "High",
"scanner": {
"id": "find_sec_bugs",
"name": "Find Security Bugs"
},
"location": {
"file": "java-maven/src/main/java/com/gitlab/security_products/tests/App.java",
"start_line": 29,
"end_line": 29,
"class": "com.gitlab.security_products.tests.App",
"method": "insecureCypher"
},
"identifiers": [
{
"type": "find_sec_bugs_type",
"name": "Find Security Bugs-ECB_MODE",
"value": "ECB_MODE",
"url": "https://find-sec-bugs.github.io/bugs.htm#ECB_MODE"
},
{
"type": "cwe",
"name": "CWE-327",
"value": "327",
"url": "https://cwe.mitre.org/data/definitions/327.html"
}
]
},
{
2023-06-20 00:43:36 +05:30
"id": "4",
2021-10-27 15:23:28 +05:30
"category": "sast",
"name": "Hard coded key",
"message": "Hard coded key",
"description": "Hard coded cryptographic key found",
"cve": "102ac67e0975ecec02a056008e0faad8:HARD_CODE_KEY:scala-sbt/src/main/scala/example/Main.scala:12",
"severity": "Medium",
"confidence": "High",
"scanner": {
"id": "find_sec_bugs",
"name": "Find Security Bugs"
},
"location": {
"file": "scala-sbt/src/main/scala/example/Main.scala",
"start_line": 12,
"end_line": 12,
"class": "example.Main$",
"method": "getBytes"
},
"identifiers": [
{
"type": "find_sec_bugs_type",
"name": "Find Security Bugs-HARD_CODE_KEY",
"value": "HARD_CODE_KEY",
"url": "https://find-sec-bugs.github.io/bugs.htm#HARD_CODE_KEY"
},
{
"type": "cwe",
"name": "CWE-321",
"value": "321",
"url": "https://cwe.mitre.org/data/definitions/321.html"
}
]
},
{
2023-06-20 00:43:36 +05:30
"id": "5",
2021-10-27 15:23:28 +05:30
"category": "sast",
"name": "ECB mode is insecure",
"message": "ECB mode is insecure",
"description": "The cipher uses ECB mode, which provides poor confidentiality for encrypted data",
"cve": "ea0f905fc76f2739d5f10a1fd1e37a10:ECB_MODE:app/src/main/groovy/com/gitlab/security_products/tests/App.groovy:29",
"severity": "Medium",
"confidence": "High",
"scanner": {
"id": "find_sec_bugs",
"name": "Find Security Bugs"
},
"location": {
"file": "app/src/main/groovy/com/gitlab/security_products/tests/App.groovy",
"start_line": 29,
"end_line": 29,
"class": "com.gitlab.security_products.tests.App",
"method": "insecureCypher"
},
"identifiers": [
{
"type": "find_sec_bugs_type",
"name": "Find Security Bugs-ECB_MODE",
"value": "ECB_MODE",
"url": "https://find-sec-bugs.github.io/bugs.htm#ECB_MODE"
},
{
"type": "cwe",
"name": "CWE-327",
"value": "327",
"url": "https://cwe.mitre.org/data/definitions/327.html"
}
]
}
],
2023-06-20 00:43:36 +05:30
"remediations": [
],
2021-10-27 15:23:28 +05:30
"scan": {
2023-06-20 00:43:36 +05:30
"analyzer": {
"id": "find_sec_bugs_analyzer",
"name": "Find Security Bugs Analyzer",
"url": "https://gitlab.com",
"vendor": {
"name": "GitLab"
},
"version": "1.0.0"
},
2021-10-27 15:23:28 +05:30
"scanner": {
"id": "find_sec_bugs",
"name": "Find Security Bugs",
"url": "https://spotbugs.github.io",
"vendor": {
"name": "GitLab"
},
"version": "4.0.2"
},
"type": "sast",
"status": "success",
2022-11-25 23:54:43 +05:30
"start_time": "2022-08-10T22:37:00",
"end_time": "2022-08-10T22:38:00"
2021-10-27 15:23:28 +05:30
}
2023-06-20 00:43:36 +05:30
}