77 lines
2 KiB
JSON
77 lines
2 KiB
JSON
{
|
|
"version": "15.0.4",
|
|
"vulnerabilities": [
|
|
{
|
|
"id": "2e5656ff30e2e7cc93c36b4845c8a689ddc47fdbccf45d834c67442fbaa89be0",
|
|
"category": "sast",
|
|
"name": "Key Exchange without Entity Authentication",
|
|
"message": "Use of ssh InsecureIgnoreHostKey should be audited",
|
|
"description": "The software performs a key exchange with an actor without verifying the identity of that actor.",
|
|
"cve": "og.go:8:7: func foo() {\n8: \t_ = ssh.InsecureIgnoreHostKey()\n9: }\n:CWE-322",
|
|
"severity": "Medium",
|
|
"confidence": "High",
|
|
"raw_source_code_extract": "7: func foo() {\n8: \t_ = ssh.InsecureIgnoreHostKey()\n9: }\n",
|
|
"scanner": {
|
|
"id": "gosec",
|
|
"name": "Gosec"
|
|
},
|
|
"location": {
|
|
"file": "og.go",
|
|
"start_line": 8
|
|
},
|
|
"identifiers": [
|
|
{
|
|
"type": "gosec_rule_id",
|
|
"name": "Gosec Rule ID G106",
|
|
"value": "G106"
|
|
},
|
|
{
|
|
"type": "CWE",
|
|
"name": "CWE-322",
|
|
"value": "322",
|
|
"url": "https://cwe.mitre.org/data/definitions/322.html"
|
|
}
|
|
],
|
|
"tracking": {
|
|
"type": "source",
|
|
"items": [
|
|
{
|
|
"file": "og.go",
|
|
"line_start": 8,
|
|
"line_end": 8,
|
|
"signatures": [
|
|
{
|
|
"algorithm": "scope_offset",
|
|
"value": "og.go|foo[0]:1"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
],
|
|
"scan": {
|
|
"analyzer": {
|
|
"id": "find_sec_bugs_analyzer",
|
|
"name": "Find Security Bugs Analyzer",
|
|
"url": "https://gitlab.com",
|
|
"vendor": {
|
|
"name": "GitLab"
|
|
},
|
|
"version": "1.0.0"
|
|
},
|
|
"scanner": {
|
|
"id": "gosec",
|
|
"name": "Gosec",
|
|
"url": "https://github.com/securego/gosec",
|
|
"vendor": {
|
|
"name": "GitLab"
|
|
},
|
|
"version": "2.10.0"
|
|
},
|
|
"type": "sast",
|
|
"start_time": "2022-03-15T20:33:12",
|
|
"end_time": "2022-03-15T20:33:17",
|
|
"status": "success"
|
|
}
|
|
}
|