2021-03-11 19:13:27 +05:30
|
|
|
{
|
2021-04-29 21:17:54 +05:30
|
|
|
"version": "14.0.0",
|
2021-03-11 19:13:27 +05:30
|
|
|
"vulnerabilities": [
|
|
|
|
{
|
|
|
|
"category": "sast",
|
|
|
|
"name": "Predictable pseudorandom number generator",
|
|
|
|
"message": "Predictable pseudorandom number generator",
|
|
|
|
"cve": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:47:PREDICTABLE_RANDOM",
|
|
|
|
"severity": "Medium",
|
|
|
|
"confidence": "Medium",
|
|
|
|
"scanner": {
|
|
|
|
"id": "find_sec_bugs",
|
|
|
|
"name": "Find Security Bugs"
|
|
|
|
},
|
|
|
|
"location": {
|
|
|
|
"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
|
|
|
|
"start_line": 47,
|
|
|
|
"end_line": 47,
|
|
|
|
"class": "com.gitlab.security_products.tests.App",
|
|
|
|
"method": "generateSecretToken2"
|
|
|
|
},
|
|
|
|
"identifiers": [
|
|
|
|
{
|
|
|
|
"type": "find_sec_bugs_type",
|
|
|
|
"name": "Find Security Bugs-PREDICTABLE_RANDOM",
|
|
|
|
"value": "PREDICTABLE_RANDOM",
|
|
|
|
"url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM"
|
|
|
|
}
|
2022-03-02 08:16:31 +05:30
|
|
|
],
|
|
|
|
"links": [
|
|
|
|
{
|
|
|
|
"name": "Link1",
|
|
|
|
"url": "https://www.url1.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"name": "Link2",
|
|
|
|
"url": "https://www.url2.com"
|
|
|
|
}
|
2021-04-29 21:17:54 +05:30
|
|
|
]
|
2021-03-11 19:13:27 +05:30
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "sast",
|
|
|
|
"name": "Predictable pseudorandom number generator",
|
|
|
|
"message": "Predictable pseudorandom number generator",
|
|
|
|
"cve": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:41:PREDICTABLE_RANDOM",
|
2021-04-29 21:17:54 +05:30
|
|
|
"severity": "Low",
|
|
|
|
"confidence": "Low",
|
2021-03-11 19:13:27 +05:30
|
|
|
"scanner": {
|
|
|
|
"id": "find_sec_bugs",
|
|
|
|
"name": "Find Security Bugs"
|
|
|
|
},
|
|
|
|
"location": {
|
|
|
|
"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
|
|
|
|
"start_line": 41,
|
|
|
|
"end_line": 41,
|
|
|
|
"class": "com.gitlab.security_products.tests.App",
|
|
|
|
"method": "generateSecretToken1"
|
|
|
|
},
|
|
|
|
"identifiers": [
|
|
|
|
{
|
|
|
|
"type": "find_sec_bugs_type",
|
|
|
|
"name": "Find Security Bugs-PREDICTABLE_RANDOM",
|
|
|
|
"value": "PREDICTABLE_RANDOM",
|
|
|
|
"url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM"
|
|
|
|
}
|
2021-04-29 21:17:54 +05:30
|
|
|
]
|
2021-03-11 19:13:27 +05:30
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "sast",
|
2021-04-29 21:17:54 +05:30
|
|
|
"name": "ECB mode is insecure",
|
|
|
|
"message": "ECB mode is insecure",
|
|
|
|
"description": "The cipher uses ECB mode, which provides poor confidentiality for encrypted data",
|
|
|
|
"cve": "ea0f905fc76f2739d5f10a1fd1e37a10:ECB_MODE:java-maven/src/main/java/com/gitlab/security_products/tests/App.java:29",
|
2021-03-11 19:13:27 +05:30
|
|
|
"severity": "Medium",
|
|
|
|
"confidence": "High",
|
|
|
|
"scanner": {
|
2021-04-29 21:17:54 +05:30
|
|
|
"id": "find_sec_bugs",
|
|
|
|
"name": "Find Security Bugs"
|
2021-03-11 19:13:27 +05:30
|
|
|
},
|
|
|
|
"location": {
|
2021-04-29 21:17:54 +05:30
|
|
|
"file": "java-maven/src/main/java/com/gitlab/security_products/tests/App.java",
|
|
|
|
"start_line": 29,
|
|
|
|
"end_line": 29,
|
|
|
|
"class": "com.gitlab.security_products.tests.App",
|
|
|
|
"method": "insecureCypher"
|
2021-03-11 19:13:27 +05:30
|
|
|
},
|
|
|
|
"identifiers": [
|
|
|
|
{
|
2021-04-29 21:17:54 +05:30
|
|
|
"type": "find_sec_bugs_type",
|
|
|
|
"name": "Find Security Bugs-ECB_MODE",
|
|
|
|
"value": "ECB_MODE",
|
|
|
|
"url": "https://find-sec-bugs.github.io/bugs.htm#ECB_MODE"
|
|
|
|
},
|
2021-03-11 19:13:27 +05:30
|
|
|
{
|
2021-04-29 21:17:54 +05:30
|
|
|
"type": "cwe",
|
|
|
|
"name": "CWE-327",
|
|
|
|
"value": "327",
|
|
|
|
"url": "https://cwe.mitre.org/data/definitions/327.html"
|
2021-03-11 19:13:27 +05:30
|
|
|
}
|
2021-04-29 21:17:54 +05:30
|
|
|
]
|
2021-03-11 19:13:27 +05:30
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "sast",
|
2021-04-29 21:17:54 +05:30
|
|
|
"name": "Hard coded key",
|
|
|
|
"message": "Hard coded key",
|
|
|
|
"description": "Hard coded cryptographic key found",
|
|
|
|
"cve": "102ac67e0975ecec02a056008e0faad8:HARD_CODE_KEY:scala-sbt/src/main/scala/example/Main.scala:12",
|
2021-03-11 19:13:27 +05:30
|
|
|
"severity": "Medium",
|
|
|
|
"confidence": "High",
|
|
|
|
"scanner": {
|
|
|
|
"id": "find_sec_bugs",
|
|
|
|
"name": "Find Security Bugs"
|
|
|
|
},
|
|
|
|
"location": {
|
2021-04-29 21:17:54 +05:30
|
|
|
"file": "scala-sbt/src/main/scala/example/Main.scala",
|
|
|
|
"start_line": 12,
|
|
|
|
"end_line": 12,
|
|
|
|
"class": "example.Main$",
|
|
|
|
"method": "getBytes"
|
2021-03-11 19:13:27 +05:30
|
|
|
},
|
|
|
|
"identifiers": [
|
|
|
|
{
|
|
|
|
"type": "find_sec_bugs_type",
|
2021-04-29 21:17:54 +05:30
|
|
|
"name": "Find Security Bugs-HARD_CODE_KEY",
|
|
|
|
"value": "HARD_CODE_KEY",
|
|
|
|
"url": "https://find-sec-bugs.github.io/bugs.htm#HARD_CODE_KEY"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "cwe",
|
|
|
|
"name": "CWE-321",
|
|
|
|
"value": "321",
|
|
|
|
"url": "https://cwe.mitre.org/data/definitions/321.html"
|
2021-03-11 19:13:27 +05:30
|
|
|
}
|
2021-04-29 21:17:54 +05:30
|
|
|
]
|
2021-03-11 19:13:27 +05:30
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "sast",
|
|
|
|
"name": "Cipher with no integrity",
|
|
|
|
"message": "Cipher with no integrity",
|
|
|
|
"cve": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:29:CIPHER_INTEGRITY",
|
|
|
|
"severity": "Medium",
|
|
|
|
"confidence": "High",
|
|
|
|
"scanner": {
|
|
|
|
"id": "find_sec_bugs",
|
|
|
|
"name": "Find Security Bugs"
|
|
|
|
},
|
|
|
|
"location": {
|
|
|
|
"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
|
|
|
|
"start_line": 29,
|
|
|
|
"end_line": 29,
|
|
|
|
"class": "com.gitlab.security_products.tests.App",
|
|
|
|
"method": "insecureCypher"
|
|
|
|
},
|
|
|
|
"identifiers": [
|
|
|
|
{
|
|
|
|
"type": "find_sec_bugs_type",
|
|
|
|
"name": "Find Security Bugs-CIPHER_INTEGRITY",
|
|
|
|
"value": "CIPHER_INTEGRITY",
|
|
|
|
"url": "https://find-sec-bugs.github.io/bugs.htm#CIPHER_INTEGRITY"
|
|
|
|
}
|
|
|
|
],
|
2021-04-29 21:17:54 +05:30
|
|
|
"tracking": {
|
|
|
|
"type": "source",
|
|
|
|
"items": [
|
|
|
|
{
|
|
|
|
"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
|
2021-06-08 01:23:25 +05:30
|
|
|
"start_line": 29,
|
|
|
|
"end_line": 29,
|
2021-04-29 21:17:54 +05:30
|
|
|
"signatures": [
|
|
|
|
{
|
|
|
|
"algorithm": "hash",
|
|
|
|
"value": "HASHVALUE"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"algorithm": "scope_offset",
|
|
|
|
"value": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:App[0]:insecureCypher[0]:2"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
2021-03-11 19:13:27 +05:30
|
|
|
}
|
|
|
|
],
|
|
|
|
"remediations": [],
|
|
|
|
"scan": {
|
|
|
|
"scanner": {
|
2021-04-29 21:17:54 +05:30
|
|
|
"id": "find_sec_bugs",
|
|
|
|
"name": "Find Security Bugs",
|
|
|
|
"url": "https://spotbugs.github.io",
|
2021-03-11 19:13:27 +05:30
|
|
|
"vendor": {
|
|
|
|
"name": "GitLab"
|
|
|
|
},
|
2021-04-29 21:17:54 +05:30
|
|
|
"version": "4.0.2"
|
2021-03-11 19:13:27 +05:30
|
|
|
},
|
|
|
|
"type": "sast",
|
|
|
|
"status": "success",
|
|
|
|
"start_time": "placeholder-value",
|
|
|
|
"end_time": "placeholder-value"
|
|
|
|
}
|
|
|
|
}
|