debian-mirror-gitlab/spec/fixtures/security_reports/feature-branch/gl-sast-report.json

{
  "version": "14.0.0",
  "vulnerabilities": [
    {
      "category": "sast",
      "name": "Predictable pseudorandom number generator",
      "message": "Predictable pseudorandom number generator",
      "cve": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:47:PREDICTABLE_RANDOM",
      "severity": "Medium",
      "confidence": "Medium",
      "scanner": {
        "id": "find_sec_bugs",
        "name": "Find Security Bugs"
      },
      "location": {
        "file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
        "start_line": 47,
        "end_line": 47,
        "class": "com.gitlab.security_products.tests.App",
        "method": "generateSecretToken2"
      },
      "identifiers": [
        {
          "type": "find_sec_bugs_type",
          "name": "Find Security Bugs-PREDICTABLE_RANDOM",
          "value": "PREDICTABLE_RANDOM",
          "url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM"
        }
      ]
    },
    {
      "category": "sast",
      "name": "Predictable pseudorandom number generator",
      "message": "Predictable pseudorandom number generator",
      "cve": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:41:PREDICTABLE_RANDOM",
      "severity": "Low",
      "confidence": "Low",
      "scanner": {
        "id": "find_sec_bugs",
        "name": "Find Security Bugs"
      },
      "location": {
        "file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
        "start_line": 41,
        "end_line": 41,
        "class": "com.gitlab.security_products.tests.App",
        "method": "generateSecretToken1"
      },
      "identifiers": [
        {
          "type": "find_sec_bugs_type",
          "name": "Find Security Bugs-PREDICTABLE_RANDOM",
          "value": "PREDICTABLE_RANDOM",
          "url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM"
        }
      ]
    },
    {
      "category": "sast",
      "name": "ECB mode is insecure",
      "message": "ECB mode is insecure",
      "description": "The cipher uses ECB mode, which provides poor confidentiality for encrypted data",
      "cve": "ea0f905fc76f2739d5f10a1fd1e37a10:ECB_MODE:java-maven/src/main/java/com/gitlab/security_products/tests/App.java:29",
      "severity": "Medium",
      "confidence": "High",
      "scanner": {
        "id": "find_sec_bugs",
        "name": "Find Security Bugs"
      },
      "location": {
        "file": "java-maven/src/main/java/com/gitlab/security_products/tests/App.java",
        "start_line": 29,
        "end_line": 29,
        "class": "com.gitlab.security_products.tests.App",
        "method": "insecureCypher"
      },
      "identifiers": [
        {
          "type": "find_sec_bugs_type",
          "name": "Find Security Bugs-ECB_MODE",
          "value": "ECB_MODE",
          "url": "https://find-sec-bugs.github.io/bugs.htm#ECB_MODE"
        },
        {
          "type": "cwe",
          "name": "CWE-327",
          "value": "327",
          "url": "https://cwe.mitre.org/data/definitions/327.html"
        }
      ]
    },
    {
      "category": "sast",
      "name": "Hard coded key",
      "message": "Hard coded key",
      "description": "Hard coded cryptographic key found",
      "cve": "102ac67e0975ecec02a056008e0faad8:HARD_CODE_KEY:scala-sbt/src/main/scala/example/Main.scala:12",
      "severity": "Medium",
      "confidence": "High",
      "scanner": {
        "id": "find_sec_bugs",
        "name": "Find Security Bugs"
      },
      "location": {
        "file": "scala-sbt/src/main/scala/example/Main.scala",
        "start_line": 12,
        "end_line": 12,
        "class": "example.Main$",
        "method": "getBytes"
      },
      "identifiers": [
        {
          "type": "find_sec_bugs_type",
          "name": "Find Security Bugs-HARD_CODE_KEY",
          "value": "HARD_CODE_KEY",
          "url": "https://find-sec-bugs.github.io/bugs.htm#HARD_CODE_KEY"
        },
        {
          "type": "cwe",
          "name": "CWE-321",
          "value": "321",
          "url": "https://cwe.mitre.org/data/definitions/321.html"
        }
      ]
    },
    {
      "category": "sast",
      "name": "ECB mode is insecure",
      "message": "ECB mode is insecure",
      "description": "The cipher uses ECB mode, which provides poor confidentiality for encrypted data",
      "cve": "ea0f905fc76f2739d5f10a1fd1e37a10:ECB_MODE:app/src/main/groovy/com/gitlab/security_products/tests/App.groovy:29",
      "severity": "Medium",
      "confidence": "High",
      "scanner": {
        "id": "find_sec_bugs",
        "name": "Find Security Bugs"
      },
      "location": {
        "file": "app/src/main/groovy/com/gitlab/security_products/tests/App.groovy",
        "start_line": 29,
        "end_line": 29,
        "class": "com.gitlab.security_products.tests.App",
        "method": "insecureCypher"
      },
      "identifiers": [
        {
          "type": "find_sec_bugs_type",
          "name": "Find Security Bugs-ECB_MODE",
          "value": "ECB_MODE",
          "url": "https://find-sec-bugs.github.io/bugs.htm#ECB_MODE"
        },
        {
          "type": "cwe",
          "name": "CWE-327",
          "value": "327",
          "url": "https://cwe.mitre.org/data/definitions/327.html"
        }
      ]
    }
  ],
  "remediations": [],
  "scan": {
    "scanner": {
      "id": "find_sec_bugs",
      "name": "Find Security Bugs",
      "url": "https://spotbugs.github.io",
      "vendor": {
        "name": "GitLab"
      },
      "version": "4.0.2"
    },
    "type": "sast",
    "status": "success",
    "start_time": "placeholder-value",
    "end_time": "placeholder-value"
  }
}
New upstream version 14.2.5+ds1 2021-10-27 15:23:28 +05:30			`{`
			`"version": "14.0.0",`
			`"vulnerabilities": [`
			`{`
			`"category": "sast",`
			`"name": "Predictable pseudorandom number generator",`
			`"message": "Predictable pseudorandom number generator",`
			`"cve": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:47:PREDICTABLE_RANDOM",`
			`"severity": "Medium",`
			`"confidence": "Medium",`
			`"scanner": {`
			`"id": "find_sec_bugs",`
			`"name": "Find Security Bugs"`
			`},`
			`"location": {`
			`"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",`
			`"start_line": 47,`
			`"end_line": 47,`
			`"class": "com.gitlab.security_products.tests.App",`
			`"method": "generateSecretToken2"`
			`},`
			`"identifiers": [`
			`{`
			`"type": "find_sec_bugs_type",`
			`"name": "Find Security Bugs-PREDICTABLE_RANDOM",`
			`"value": "PREDICTABLE_RANDOM",`
			`"url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM"`
			`}`
			`]`
			`},`
			`{`
			`"category": "sast",`
			`"name": "Predictable pseudorandom number generator",`
			`"message": "Predictable pseudorandom number generator",`
			`"cve": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:41:PREDICTABLE_RANDOM",`
			`"severity": "Low",`
			`"confidence": "Low",`
			`"scanner": {`
			`"id": "find_sec_bugs",`
			`"name": "Find Security Bugs"`
			`},`
			`"location": {`
			`"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",`
			`"start_line": 41,`
			`"end_line": 41,`
			`"class": "com.gitlab.security_products.tests.App",`
			`"method": "generateSecretToken1"`
			`},`
			`"identifiers": [`
			`{`
			`"type": "find_sec_bugs_type",`
			`"name": "Find Security Bugs-PREDICTABLE_RANDOM",`
			`"value": "PREDICTABLE_RANDOM",`
			`"url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM"`
			`}`
			`]`
			`},`
			`{`
			`"category": "sast",`
			`"name": "ECB mode is insecure",`
			`"message": "ECB mode is insecure",`
			`"description": "The cipher uses ECB mode, which provides poor confidentiality for encrypted data",`
			`"cve": "ea0f905fc76f2739d5f10a1fd1e37a10:ECB_MODE:java-maven/src/main/java/com/gitlab/security_products/tests/App.java:29",`
			`"severity": "Medium",`
			`"confidence": "High",`
			`"scanner": {`
			`"id": "find_sec_bugs",`
			`"name": "Find Security Bugs"`
			`},`
			`"location": {`
			`"file": "java-maven/src/main/java/com/gitlab/security_products/tests/App.java",`
			`"start_line": 29,`
			`"end_line": 29,`
			`"class": "com.gitlab.security_products.tests.App",`
			`"method": "insecureCypher"`
			`},`
			`"identifiers": [`
			`{`
			`"type": "find_sec_bugs_type",`
			`"name": "Find Security Bugs-ECB_MODE",`
			`"value": "ECB_MODE",`
			`"url": "https://find-sec-bugs.github.io/bugs.htm#ECB_MODE"`
			`},`
			`{`
			`"type": "cwe",`
			`"name": "CWE-327",`
			`"value": "327",`
			`"url": "https://cwe.mitre.org/data/definitions/327.html"`
			`}`
			`]`
			`},`
			`{`
			`"category": "sast",`
			`"name": "Hard coded key",`
			`"message": "Hard coded key",`
			`"description": "Hard coded cryptographic key found",`
			`"cve": "102ac67e0975ecec02a056008e0faad8:HARD_CODE_KEY:scala-sbt/src/main/scala/example/Main.scala:12",`
			`"severity": "Medium",`
			`"confidence": "High",`
			`"scanner": {`
			`"id": "find_sec_bugs",`
			`"name": "Find Security Bugs"`
			`},`
			`"location": {`
			`"file": "scala-sbt/src/main/scala/example/Main.scala",`
			`"start_line": 12,`
			`"end_line": 12,`
			`"class": "example.Main$",`
			`"method": "getBytes"`
			`},`
			`"identifiers": [`
			`{`
			`"type": "find_sec_bugs_type",`
			`"name": "Find Security Bugs-HARD_CODE_KEY",`
			`"value": "HARD_CODE_KEY",`
			`"url": "https://find-sec-bugs.github.io/bugs.htm#HARD_CODE_KEY"`
			`},`
			`{`
			`"type": "cwe",`
			`"name": "CWE-321",`
			`"value": "321",`
			`"url": "https://cwe.mitre.org/data/definitions/321.html"`
			`}`
			`]`
			`},`
			`{`
			`"category": "sast",`
			`"name": "ECB mode is insecure",`
			`"message": "ECB mode is insecure",`
			`"description": "The cipher uses ECB mode, which provides poor confidentiality for encrypted data",`
			`"cve": "ea0f905fc76f2739d5f10a1fd1e37a10:ECB_MODE:app/src/main/groovy/com/gitlab/security_products/tests/App.groovy:29",`
			`"severity": "Medium",`
			`"confidence": "High",`
			`"scanner": {`
			`"id": "find_sec_bugs",`
			`"name": "Find Security Bugs"`
			`},`
			`"location": {`
			`"file": "app/src/main/groovy/com/gitlab/security_products/tests/App.groovy",`
			`"start_line": 29,`
			`"end_line": 29,`
			`"class": "com.gitlab.security_products.tests.App",`
			`"method": "insecureCypher"`
			`},`
			`"identifiers": [`
			`{`
			`"type": "find_sec_bugs_type",`
			`"name": "Find Security Bugs-ECB_MODE",`
			`"value": "ECB_MODE",`
			`"url": "https://find-sec-bugs.github.io/bugs.htm#ECB_MODE"`
			`},`
			`{`
			`"type": "cwe",`
			`"name": "CWE-327",`
			`"value": "327",`
			`"url": "https://cwe.mitre.org/data/definitions/327.html"`
			`}`
			`]`
			`}`
			`],`
			`"remediations": [],`
			`"scan": {`
			`"scanner": {`
			`"id": "find_sec_bugs",`
			`"name": "Find Security Bugs",`
			`"url": "https://spotbugs.github.io",`
			`"vendor": {`
			`"name": "GitLab"`
			`},`
			`"version": "4.0.2"`
			`},`
			`"type": "sast",`
			`"status": "success",`
			`"start_time": "placeholder-value",`
			`"end_time": "placeholder-value"`
			`}`
			`}`