debian-mirror-gitlab/spec/fixtures/security_reports/master/gl-sast-report.json

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

201 lines
6.1 KiB
JSON
Raw Normal View History

2021-03-11 19:13:27 +05:30
{
2021-04-29 21:17:54 +05:30
"version": "14.0.0",
2021-03-11 19:13:27 +05:30
"vulnerabilities": [
{
"category": "sast",
"name": "Predictable pseudorandom number generator",
"message": "Predictable pseudorandom number generator",
"cve": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:47:PREDICTABLE_RANDOM",
"severity": "Medium",
"confidence": "Medium",
"scanner": {
"id": "find_sec_bugs",
"name": "Find Security Bugs"
},
"location": {
"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
"start_line": 47,
"end_line": 47,
"class": "com.gitlab.security_products.tests.App",
"method": "generateSecretToken2"
},
"identifiers": [
{
"type": "find_sec_bugs_type",
"name": "Find Security Bugs-PREDICTABLE_RANDOM",
"value": "PREDICTABLE_RANDOM",
"url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM"
}
2022-03-02 08:16:31 +05:30
],
"links": [
{
"name": "Link1",
"url": "https://www.url1.com"
},
{
"name": "Link2",
"url": "https://www.url2.com"
}
2021-04-29 21:17:54 +05:30
]
2021-03-11 19:13:27 +05:30
},
{
"category": "sast",
"name": "Predictable pseudorandom number generator",
"message": "Predictable pseudorandom number generator",
"cve": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:41:PREDICTABLE_RANDOM",
2021-04-29 21:17:54 +05:30
"severity": "Low",
"confidence": "Low",
2021-03-11 19:13:27 +05:30
"scanner": {
"id": "find_sec_bugs",
"name": "Find Security Bugs"
},
"location": {
"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
"start_line": 41,
"end_line": 41,
"class": "com.gitlab.security_products.tests.App",
"method": "generateSecretToken1"
},
"identifiers": [
{
"type": "find_sec_bugs_type",
"name": "Find Security Bugs-PREDICTABLE_RANDOM",
"value": "PREDICTABLE_RANDOM",
"url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM"
}
2021-04-29 21:17:54 +05:30
]
2021-03-11 19:13:27 +05:30
},
{
"category": "sast",
2021-04-29 21:17:54 +05:30
"name": "ECB mode is insecure",
"message": "ECB mode is insecure",
"description": "The cipher uses ECB mode, which provides poor confidentiality for encrypted data",
"cve": "ea0f905fc76f2739d5f10a1fd1e37a10:ECB_MODE:java-maven/src/main/java/com/gitlab/security_products/tests/App.java:29",
2021-03-11 19:13:27 +05:30
"severity": "Medium",
"confidence": "High",
"scanner": {
2021-04-29 21:17:54 +05:30
"id": "find_sec_bugs",
"name": "Find Security Bugs"
2021-03-11 19:13:27 +05:30
},
"location": {
2021-04-29 21:17:54 +05:30
"file": "java-maven/src/main/java/com/gitlab/security_products/tests/App.java",
"start_line": 29,
"end_line": 29,
"class": "com.gitlab.security_products.tests.App",
"method": "insecureCypher"
2021-03-11 19:13:27 +05:30
},
"identifiers": [
{
2021-04-29 21:17:54 +05:30
"type": "find_sec_bugs_type",
"name": "Find Security Bugs-ECB_MODE",
"value": "ECB_MODE",
"url": "https://find-sec-bugs.github.io/bugs.htm#ECB_MODE"
},
2021-03-11 19:13:27 +05:30
{
2021-04-29 21:17:54 +05:30
"type": "cwe",
"name": "CWE-327",
"value": "327",
"url": "https://cwe.mitre.org/data/definitions/327.html"
2021-03-11 19:13:27 +05:30
}
2021-04-29 21:17:54 +05:30
]
2021-03-11 19:13:27 +05:30
},
{
"category": "sast",
2021-04-29 21:17:54 +05:30
"name": "Hard coded key",
"message": "Hard coded key",
"description": "Hard coded cryptographic key found",
"cve": "102ac67e0975ecec02a056008e0faad8:HARD_CODE_KEY:scala-sbt/src/main/scala/example/Main.scala:12",
2021-03-11 19:13:27 +05:30
"severity": "Medium",
"confidence": "High",
"scanner": {
"id": "find_sec_bugs",
"name": "Find Security Bugs"
},
"location": {
2021-04-29 21:17:54 +05:30
"file": "scala-sbt/src/main/scala/example/Main.scala",
"start_line": 12,
"end_line": 12,
"class": "example.Main$",
"method": "getBytes"
2021-03-11 19:13:27 +05:30
},
"identifiers": [
{
"type": "find_sec_bugs_type",
2021-04-29 21:17:54 +05:30
"name": "Find Security Bugs-HARD_CODE_KEY",
"value": "HARD_CODE_KEY",
"url": "https://find-sec-bugs.github.io/bugs.htm#HARD_CODE_KEY"
},
{
"type": "cwe",
"name": "CWE-321",
"value": "321",
"url": "https://cwe.mitre.org/data/definitions/321.html"
2021-03-11 19:13:27 +05:30
}
2021-04-29 21:17:54 +05:30
]
2021-03-11 19:13:27 +05:30
},
{
"category": "sast",
"name": "Cipher with no integrity",
"message": "Cipher with no integrity",
"cve": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:29:CIPHER_INTEGRITY",
"severity": "Medium",
"confidence": "High",
"scanner": {
"id": "find_sec_bugs",
"name": "Find Security Bugs"
},
"location": {
"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
"start_line": 29,
"end_line": 29,
"class": "com.gitlab.security_products.tests.App",
"method": "insecureCypher"
},
"identifiers": [
{
"type": "find_sec_bugs_type",
"name": "Find Security Bugs-CIPHER_INTEGRITY",
"value": "CIPHER_INTEGRITY",
"url": "https://find-sec-bugs.github.io/bugs.htm#CIPHER_INTEGRITY"
}
],
2021-04-29 21:17:54 +05:30
"tracking": {
"type": "source",
"items": [
{
"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
2021-06-08 01:23:25 +05:30
"start_line": 29,
"end_line": 29,
2021-04-29 21:17:54 +05:30
"signatures": [
{
"algorithm": "hash",
"value": "HASHVALUE"
},
{
"algorithm": "scope_offset",
"value": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:App[0]:insecureCypher[0]:2"
}
]
}
]
}
2021-03-11 19:13:27 +05:30
}
],
"remediations": [],
"scan": {
"scanner": {
2021-04-29 21:17:54 +05:30
"id": "find_sec_bugs",
"name": "Find Security Bugs",
"url": "https://spotbugs.github.io",
2021-03-11 19:13:27 +05:30
"vendor": {
"name": "GitLab"
},
2021-04-29 21:17:54 +05:30
"version": "4.0.2"
2021-03-11 19:13:27 +05:30
},
"type": "sast",
"status": "success",
"start_time": "placeholder-value",
"end_time": "placeholder-value"
}
}