2021-03-11 19:13:27 +05:30
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
module MigrationHelpers
|
|
|
|
module VulnerabilitiesFindingsHelper
|
|
|
|
def attributes_for_vulnerabilities_finding
|
|
|
|
uuid = SecureRandom.uuid
|
|
|
|
|
|
|
|
{
|
|
|
|
project_fingerprint: SecureRandom.hex(20),
|
|
|
|
location_fingerprint: Digest::SHA1.hexdigest(SecureRandom.hex(10)),
|
|
|
|
uuid: uuid,
|
|
|
|
name: "Vulnerability Finding #{uuid}",
|
|
|
|
metadata_version: '1.3',
|
|
|
|
raw_metadata: raw_metadata
|
|
|
|
}
|
|
|
|
end
|
|
|
|
|
|
|
|
def raw_metadata
|
|
|
|
{
|
|
|
|
"description" => "The cipher does not provide data integrity update 1",
|
|
|
|
"message" => "The cipher does not provide data integrity",
|
|
|
|
"cve" => "818bf5dacb291e15d9e6dc3c5ac32178:CIPHER",
|
|
|
|
"solution" => "GCM mode introduces an HMAC into the resulting encrypted data, providing integrity of the result.",
|
|
|
|
"location" => {
|
|
|
|
"file" => "maven/src/main/java/com/gitlab/security_products/tests/App.java",
|
|
|
|
"start_line" => 29,
|
|
|
|
"end_line" => 29,
|
|
|
|
"class" => "com.gitlab.security_products.tests.App",
|
|
|
|
"method" => "insecureCypher"
|
|
|
|
},
|
|
|
|
"links" => [
|
|
|
|
{
|
|
|
|
"name" => "Cipher does not check for integrity first?",
|
2022-10-11 01:57:18 +05:30
|
|
|
"url" => "https://crypto.stackexchange.com/questions/31428/pbewithmd5anddes-cipher-does-not-check-for-integrity-first"
|
2021-03-11 19:13:27 +05:30
|
|
|
}
|
|
|
|
],
|
|
|
|
"assets" => [
|
|
|
|
{
|
|
|
|
"type" => "postman",
|
|
|
|
"name" => "Test Postman Collection",
|
2022-10-11 01:57:18 +05:30
|
|
|
"url" => "http://localhost/test.collection"
|
2021-03-11 19:13:27 +05:30
|
|
|
}
|
|
|
|
],
|
|
|
|
"evidence" => {
|
|
|
|
"summary" => "Credit card detected",
|
|
|
|
"request" => {
|
|
|
|
"method" => "GET",
|
|
|
|
"url" => "http://goat:8080/WebGoat/logout",
|
|
|
|
"body" => nil,
|
|
|
|
"headers" => [
|
|
|
|
{
|
|
|
|
"name" => "Accept",
|
2022-10-11 01:57:18 +05:30
|
|
|
"value" => "*/*"
|
2021-03-11 19:13:27 +05:30
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
"response" => {
|
|
|
|
"reason_phrase" => "OK",
|
|
|
|
"status_code" => 200,
|
|
|
|
"body" => nil,
|
|
|
|
"headers" => [
|
|
|
|
{
|
|
|
|
"name" => "Content-Length",
|
2022-10-11 01:57:18 +05:30
|
|
|
"value" => "0"
|
2021-03-11 19:13:27 +05:30
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
"source" => {
|
|
|
|
"id" => "assert:Response Body Analysis",
|
|
|
|
"name" => "Response Body Analysis",
|
|
|
|
"url" => "htpp://hostname/documentation"
|
|
|
|
},
|
|
|
|
"supporting_messages" => [
|
|
|
|
{
|
|
|
|
"name" => "Origional",
|
|
|
|
"request" => {
|
|
|
|
"method" => "GET",
|
|
|
|
"url" => "http://goat:8080/WebGoat/logout",
|
|
|
|
"body" => "",
|
|
|
|
"headers" => [
|
|
|
|
{
|
|
|
|
"name" => "Accept",
|
|
|
|
"value" => "*/*"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"name" => "Recorded",
|
|
|
|
"request" => {
|
|
|
|
"method" => "GET",
|
|
|
|
"url" => "http://goat:8080/WebGoat/logout",
|
|
|
|
"body" => "",
|
|
|
|
"headers" => [
|
|
|
|
{
|
|
|
|
"name" => "Accept",
|
|
|
|
"value" => "*/*"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
"response" => {
|
|
|
|
"reason_phrase" => "OK",
|
|
|
|
"status_code" => 200,
|
|
|
|
"body" => "",
|
|
|
|
"headers" => [
|
|
|
|
{
|
|
|
|
"name" => "Content-Length",
|
|
|
|
"value" => "0"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
}
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|