193 lines
5.9 KiB
JSON
193 lines
5.9 KiB
JSON
{
|
|
"version": "15.0.0",
|
|
"vulnerabilities": [
|
|
{
|
|
"id": "1",
|
|
"category": "sast",
|
|
"name": "Predictable pseudorandom number generator",
|
|
"message": "Predictable pseudorandom number generator",
|
|
"cve": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:47:PREDICTABLE_RANDOM",
|
|
"severity": "Medium",
|
|
"confidence": "Medium",
|
|
"scanner": {
|
|
"id": "find_sec_bugs",
|
|
"name": "Find Security Bugs"
|
|
},
|
|
"location": {
|
|
"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
|
|
"start_line": 47,
|
|
"end_line": 47,
|
|
"class": "com.gitlab.security_products.tests.App",
|
|
"method": "generateSecretToken2"
|
|
},
|
|
"identifiers": [
|
|
{
|
|
"type": "find_sec_bugs_type",
|
|
"name": "Find Security Bugs-PREDICTABLE_RANDOM",
|
|
"value": "PREDICTABLE_RANDOM",
|
|
"url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "2",
|
|
"category": "sast",
|
|
"name": "Predictable pseudorandom number generator",
|
|
"message": "Predictable pseudorandom number generator",
|
|
"cve": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:41:PREDICTABLE_RANDOM",
|
|
"severity": "Low",
|
|
"confidence": "Low",
|
|
"scanner": {
|
|
"id": "find_sec_bugs",
|
|
"name": "Find Security Bugs"
|
|
},
|
|
"location": {
|
|
"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
|
|
"start_line": 41,
|
|
"end_line": 41,
|
|
"class": "com.gitlab.security_products.tests.App",
|
|
"method": "generateSecretToken1"
|
|
},
|
|
"identifiers": [
|
|
{
|
|
"type": "find_sec_bugs_type",
|
|
"name": "Find Security Bugs-PREDICTABLE_RANDOM",
|
|
"value": "PREDICTABLE_RANDOM",
|
|
"url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "3",
|
|
"category": "sast",
|
|
"name": "ECB mode is insecure",
|
|
"message": "ECB mode is insecure",
|
|
"description": "The cipher uses ECB mode, which provides poor confidentiality for encrypted data",
|
|
"cve": "ea0f905fc76f2739d5f10a1fd1e37a10:ECB_MODE:java-maven/src/main/java/com/gitlab/security_products/tests/App.java:29",
|
|
"severity": "Medium",
|
|
"confidence": "High",
|
|
"scanner": {
|
|
"id": "find_sec_bugs",
|
|
"name": "Find Security Bugs"
|
|
},
|
|
"location": {
|
|
"file": "java-maven/src/main/java/com/gitlab/security_products/tests/App.java",
|
|
"start_line": 29,
|
|
"end_line": 29,
|
|
"class": "com.gitlab.security_products.tests.App",
|
|
"method": "insecureCypher"
|
|
},
|
|
"identifiers": [
|
|
{
|
|
"type": "find_sec_bugs_type",
|
|
"name": "Find Security Bugs-ECB_MODE",
|
|
"value": "ECB_MODE",
|
|
"url": "https://find-sec-bugs.github.io/bugs.htm#ECB_MODE"
|
|
},
|
|
{
|
|
"type": "cwe",
|
|
"name": "CWE-327",
|
|
"value": "327",
|
|
"url": "https://cwe.mitre.org/data/definitions/327.html"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "4",
|
|
"category": "sast",
|
|
"name": "Hard coded key",
|
|
"message": "Hard coded key",
|
|
"description": "Hard coded cryptographic key found",
|
|
"cve": "102ac67e0975ecec02a056008e0faad8:HARD_CODE_KEY:scala-sbt/src/main/scala/example/Main.scala:12",
|
|
"severity": "Medium",
|
|
"confidence": "High",
|
|
"scanner": {
|
|
"id": "find_sec_bugs",
|
|
"name": "Find Security Bugs"
|
|
},
|
|
"location": {
|
|
"file": "scala-sbt/src/main/scala/example/Main.scala",
|
|
"start_line": 12,
|
|
"end_line": 12,
|
|
"class": "example.Main$",
|
|
"method": "getBytes"
|
|
},
|
|
"identifiers": [
|
|
{
|
|
"type": "find_sec_bugs_type",
|
|
"name": "Find Security Bugs-HARD_CODE_KEY",
|
|
"value": "HARD_CODE_KEY",
|
|
"url": "https://find-sec-bugs.github.io/bugs.htm#HARD_CODE_KEY"
|
|
},
|
|
{
|
|
"type": "cwe",
|
|
"name": "CWE-321",
|
|
"value": "321",
|
|
"url": "https://cwe.mitre.org/data/definitions/321.html"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "5",
|
|
"category": "sast",
|
|
"name": "ECB mode is insecure",
|
|
"message": "ECB mode is insecure",
|
|
"description": "The cipher uses ECB mode, which provides poor confidentiality for encrypted data",
|
|
"cve": "ea0f905fc76f2739d5f10a1fd1e37a10:ECB_MODE:app/src/main/groovy/com/gitlab/security_products/tests/App.groovy:29",
|
|
"severity": "Medium",
|
|
"confidence": "High",
|
|
"scanner": {
|
|
"id": "find_sec_bugs",
|
|
"name": "Find Security Bugs"
|
|
},
|
|
"location": {
|
|
"file": "app/src/main/groovy/com/gitlab/security_products/tests/App.groovy",
|
|
"start_line": 29,
|
|
"end_line": 29,
|
|
"class": "com.gitlab.security_products.tests.App",
|
|
"method": "insecureCypher"
|
|
},
|
|
"identifiers": [
|
|
{
|
|
"type": "find_sec_bugs_type",
|
|
"name": "Find Security Bugs-ECB_MODE",
|
|
"value": "ECB_MODE",
|
|
"url": "https://find-sec-bugs.github.io/bugs.htm#ECB_MODE"
|
|
},
|
|
{
|
|
"type": "cwe",
|
|
"name": "CWE-327",
|
|
"value": "327",
|
|
"url": "https://cwe.mitre.org/data/definitions/327.html"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"remediations": [
|
|
|
|
],
|
|
"scan": {
|
|
"analyzer": {
|
|
"id": "find_sec_bugs_analyzer",
|
|
"name": "Find Security Bugs Analyzer",
|
|
"url": "https://gitlab.com",
|
|
"vendor": {
|
|
"name": "GitLab"
|
|
},
|
|
"version": "1.0.0"
|
|
},
|
|
"scanner": {
|
|
"id": "find_sec_bugs",
|
|
"name": "Find Security Bugs",
|
|
"url": "https://spotbugs.github.io",
|
|
"vendor": {
|
|
"name": "GitLab"
|
|
},
|
|
"version": "4.0.2"
|
|
},
|
|
"type": "sast",
|
|
"status": "success",
|
|
"start_time": "2022-08-10T22:37:00",
|
|
"end_time": "2022-08-10T22:38:00"
|
|
}
|
|
}
|