71 lines
1.8 KiB
JSON
71 lines
1.8 KiB
JSON
{
|
|
"version": "14.0.4",
|
|
"vulnerabilities": [
|
|
{
|
|
"id": "985a5666dcae22adef5ac12f8a8a2dacf9b9b481ae5d87cd0ac1712b0fd64864",
|
|
"category": "sast",
|
|
"message": "Deserialization of Untrusted Data",
|
|
"description": "Avoid using `load()`. `PyYAML.load` can create arbitrary Python\nobjects. A malicious actor could exploit this to run arbitrary\ncode. Use `safe_load()` instead.\n",
|
|
"cve": "",
|
|
"severity": "Critical",
|
|
"scanner": {
|
|
"id": "semgrep",
|
|
"name": "Semgrep"
|
|
},
|
|
"location": {
|
|
"file": "app/app.py",
|
|
"start_line": 39
|
|
},
|
|
"identifiers": [
|
|
{
|
|
"type": "semgrep_id",
|
|
"name": "bandit.B506",
|
|
"value": "bandit.B506",
|
|
"url": "https://semgrep.dev/r/gitlab.bandit.B506"
|
|
},
|
|
{
|
|
"type": "cwe",
|
|
"name": "CWE-502",
|
|
"value": "502",
|
|
"url": "https://cwe.mitre.org/data/definitions/502.html"
|
|
},
|
|
{
|
|
"type": "bandit_test_id",
|
|
"name": "Bandit Test ID B506",
|
|
"value": "B506"
|
|
}
|
|
],
|
|
"tracking": {
|
|
"type": "source",
|
|
"items": [
|
|
{
|
|
"file": "app/app.py",
|
|
"line_start": 39,
|
|
"line_end": 39,
|
|
"signatures": [
|
|
{
|
|
"algorithm": "scope_offset",
|
|
"value": "app/app.py|yaml_hammer[0]:13"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
],
|
|
"scan": {
|
|
"scanner": {
|
|
"id": "semgrep",
|
|
"name": "Semgrep",
|
|
"url": "https://github.com/returntocorp/semgrep",
|
|
"vendor": {
|
|
"name": "GitLab"
|
|
},
|
|
"version": "0.82.0"
|
|
},
|
|
"type": "sast",
|
|
"start_time": "2022-03-11T18:48:16",
|
|
"end_time": "2022-03-11T18:48:22",
|
|
"status": "success"
|
|
}
|
|
}
|