Commit 59de4e8f authored by Kamil Trzciński's avatar Kamil Trzciński

Merge branch 'ce-6718_store_dependency_scanning_results_in_db' into 'master'

Update Dependency Scanning report fixtures

See merge request gitlab-org/gitlab-ce!23460
parents 19ef77a1 2e9ce523
[ [
{ {
"priority": "Unknown", "category": "dependency_scanning",
"file": "pom.xml", "name": "io.netty/netty - CVE-2014-3488",
"cve": "CVE-2012-4387", "message": "DoS by CPU exhaustion when using malicious SSL packets",
"url": "http://struts.apache.org/docs/s2-011.html", "cve": "app/pom.xml:io.netty/netty@3.9.1.Final:CVE-2014-3488",
"message": "Long parameter name DoS for org.apache.struts/struts2-core", "severity": "Unknown",
"tools": [ "solution": "Upgrade to the latest version",
"gemnasium" "scanner": {
"id": "gemnasium",
"name": "Gemnasium"
},
"location": {
"file": "app/pom.xml"
},
"identifiers": [
{
"type": "gemnasium",
"name": "Gemnasium-d1bf36d9-9f07-46cd-9cfc-8675338ada8f",
"value": "d1bf36d9-9f07-46cd-9cfc-8675338ada8f",
"url": "https://deps.sec.gitlab.com/packages/maven/io.netty/netty/versions/3.9.1.Final/advisories"
},
{
"type": "cve",
"name": "CVE-2014-3488",
"value": "CVE-2014-3488",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3488"
}
], ],
"tool": "gemnasium" "links": [
{
"url": "https://bugzilla.redhat.com/CVE-2014-3488"
}, },
{ {
"priority": "Unknown", "url": "http://netty.io/news/2014/06/11/3.html"
"file": "pom.xml", },
"cve": "CVE-2013-1966", {
"url": "http://struts.apache.org/docs/s2-014.html", "url": "https://github.com/netty/netty/issues/2562"
"message": "Remote command execution due to flaw in the includeParams attribute of URL and Anchor tags for org.apache.struts/struts2-core", }
"tools": [
"gemnasium"
], ],
"priority": "Unknown",
"file": "app/pom.xml",
"url": "https://bugzilla.redhat.com/CVE-2014-3488",
"tool": "gemnasium" "tool": "gemnasium"
}, },
{ {
"priority": "Unknown", "category": "dependency_scanning",
"file": "pom.xml", "name": "Django - CVE-2017-12794",
"cve": "CVE-2013-2115", "message": "Possible XSS in traceback section of technical 500 debug page",
"url": "http://struts.apache.org/docs/s2-014.html", "cve": "app/requirements.txt:Django@1.11.3:CVE-2017-12794",
"message": "Remote command execution due to flaw in the includeParams attribute of URL and Anchor tags for org.apache.struts/struts2-core", "severity": "Unknown",
"tools": [ "solution": "Upgrade to latest version or apply patch.",
"gemnasium" "scanner": {
"id": "gemnasium",
"name": "Gemnasium"
},
"location": {
"file": "app/requirements.txt"
},
"identifiers": [
{
"type": "gemnasium",
"name": "Gemnasium-6162a015-8635-4a15-8d7c-dc9321db366f",
"value": "6162a015-8635-4a15-8d7c-dc9321db366f",
"url": "https://deps.sec.gitlab.com/packages/pypi/Django/versions/1.11.3/advisories"
},
{
"type": "cve",
"name": "CVE-2017-12794",
"value": "CVE-2017-12794",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12794"
}
],
"links": [
{
"url": "https://www.djangoproject.com/weblog/2017/sep/05/security-releases/"
}
], ],
"priority": "Unknown",
"file": "app/requirements.txt",
"url": "https://www.djangoproject.com/weblog/2017/sep/05/security-releases/",
"tool": "gemnasium" "tool": "gemnasium"
}, },
{ {
"priority": "Unknown", "category": "dependency_scanning",
"file": "pom.xml", "name": "nokogiri - USN-3424-1",
"cve": "CVE-2013-2134", "message": "Vulnerabilities in libxml2",
"url": "http://struts.apache.org/docs/s2-015.html", "cve": "rails/Gemfile.lock:nokogiri@1.8.0:USN-3424-1",
"message": "Arbitrary OGNL code execution via unsanitized wildcard matching for org.apache.struts/struts2-core", "severity": "Unknown",
"tools": [ "solution": "Upgrade to latest version.",
"gemnasium" "scanner": {
"id": "gemnasium",
"name": "Gemnasium"
},
"location": {
"file": "rails/Gemfile.lock"
},
"identifiers": [
{
"type": "gemnasium",
"name": "Gemnasium-06565b64-486d-4326-b906-890d9915804d",
"value": "06565b64-486d-4326-b906-890d9915804d",
"url": "https://deps.sec.gitlab.com/packages/gem/nokogiri/versions/1.8.0/advisories"
},
{
"type": "usn",
"name": "USN-3424-1",
"value": "USN-3424-1",
"url": "https://usn.ubuntu.com/3424-1/"
}
],
"links": [
{
"url": "https://github.com/sparklemotion/nokogiri/issues/1673"
}
], ],
"priority": "Unknown",
"file": "rails/Gemfile.lock",
"url": "https://github.com/sparklemotion/nokogiri/issues/1673",
"tool": "gemnasium" "tool": "gemnasium"
},
{
"category": "dependency_scanning",
"name": "ffi - CVE-2018-1000201",
"message": "ruby-ffi DDL loading issue on Windows OS",
"cve": "ffi:1.9.18:CVE-2018-1000201",
"severity": "High",
"solution": "upgrade to \u003e= 1.9.24",
"scanner": {
"id": "bundler_audit",
"name": "bundler-audit"
},
"location": {
"file": "sast-sample-rails/Gemfile.lock"
},
"identifiers": [
{
"type": "cve",
"name": "CVE-2018-1000201",
"value": "CVE-2018-1000201",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000201"
}
],
"links": [
{
"url": "https://github.com/ffi/ffi/releases/tag/1.9.24"
}
],
"priority": "High",
"file": "sast-sample-rails/Gemfile.lock",
"url": "https://github.com/ffi/ffi/releases/tag/1.9.24",
"tool": "bundler_audit"
} }
] ]
[ [
{ {
"priority": "Unknown", "category": "dependency_scanning",
"file": "pom.xml", "name": "io.netty/netty - CVE-2014-3488",
"cve": "CVE-2012-4386", "message": "DoS by CPU exhaustion when using malicious SSL packets",
"url": "http://struts.apache.org/docs/s2-010.html", "cve": "app/pom.xml:io.netty/netty@3.9.1.Final:CVE-2014-3488",
"message": "CSRF protection bypass for org.apache.struts/struts2-core", "severity": "Unknown",
"tools": [ "solution": "Upgrade to the latest version",
"gemnasium" "scanner": {
"id": "gemnasium",
"name": "Gemnasium"
},
"location": {
"file": "app/pom.xml"
},
"identifiers": [
{
"type": "gemnasium",
"name": "Gemnasium-d1bf36d9-9f07-46cd-9cfc-8675338ada8f",
"value": "d1bf36d9-9f07-46cd-9cfc-8675338ada8f",
"url": "https://deps.sec.gitlab.com/packages/maven/io.netty/netty/versions/3.9.1.Final/advisories"
},
{
"type": "cve",
"name": "CVE-2014-3488",
"value": "CVE-2014-3488",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3488"
}
], ],
"tool": "gemnasium" "links": [
{
"url": "https://bugzilla.redhat.com/CVE-2014-3488"
}, },
{ {
"priority": "Unknown", "url": "http://netty.io/news/2014/06/11/3.html"
"file": "pom.xml", },
"cve": "CVE-2012-4387", {
"url": "http://struts.apache.org/docs/s2-011.html", "url": "https://github.com/netty/netty/issues/2562"
"message": "Long parameter name DoS for org.apache.struts/struts2-core", }
"tools": [
"gemnasium"
], ],
"priority": "Unknown",
"file": "app/pom.xml",
"url": "https://bugzilla.redhat.com/CVE-2014-3488",
"tool": "gemnasium" "tool": "gemnasium"
}, },
{ {
"category": "dependency_scanning",
"name": "Django - CVE-2017-12794",
"message": "Possible XSS in traceback section of technical 500 debug page",
"cve": "app/requirements.txt:Django@1.11.3:CVE-2017-12794",
"severity": "Unknown",
"solution": "Upgrade to latest version or apply patch.",
"scanner": {
"id": "gemnasium",
"name": "Gemnasium"
},
"location": {
"file": "app/requirements.txt"
},
"identifiers": [
{
"type": "gemnasium",
"name": "Gemnasium-6162a015-8635-4a15-8d7c-dc9321db366f",
"value": "6162a015-8635-4a15-8d7c-dc9321db366f",
"url": "https://deps.sec.gitlab.com/packages/pypi/Django/versions/1.11.3/advisories"
},
{
"type": "cve",
"name": "CVE-2017-12794",
"value": "CVE-2017-12794",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12794"
}
],
"links": [
{
"url": "https://www.djangoproject.com/weblog/2017/sep/05/security-releases/"
}
],
"priority": "Unknown", "priority": "Unknown",
"file": "pom.xml", "file": "app/requirements.txt",
"cve": "CVE-2013-1966", "url": "https://www.djangoproject.com/weblog/2017/sep/05/security-releases/",
"url": "http://struts.apache.org/docs/s2-014.html", "tool": "gemnasium"
"message": "Remote command execution due to flaw in the includeParams attribute of URL and Anchor tags for org.apache.struts/struts2-core", },
"tools": [ {
"gemnasium" "category": "dependency_scanning",
"name": "nokogiri - USN-3424-1",
"message": "Vulnerabilities in libxml2",
"cve": "rails/Gemfile.lock:nokogiri@1.8.0:USN-3424-1",
"severity": "Unknown",
"solution": "Upgrade to latest version.",
"scanner": {
"id": "gemnasium",
"name": "Gemnasium"
},
"location": {
"file": "rails/Gemfile.lock"
},
"identifiers": [
{
"type": "gemnasium",
"name": "Gemnasium-06565b64-486d-4326-b906-890d9915804d",
"value": "06565b64-486d-4326-b906-890d9915804d",
"url": "https://deps.sec.gitlab.com/packages/gem/nokogiri/versions/1.8.0/advisories"
},
{
"type": "usn",
"name": "USN-3424-1",
"value": "USN-3424-1",
"url": "https://usn.ubuntu.com/3424-1/"
}
],
"links": [
{
"url": "https://github.com/sparklemotion/nokogiri/issues/1673"
}
], ],
"priority": "Unknown",
"file": "rails/Gemfile.lock",
"url": "https://github.com/sparklemotion/nokogiri/issues/1673",
"tool": "gemnasium" "tool": "gemnasium"
},
{
"category": "dependency_scanning",
"name": "ffi - CVE-2018-1000201",
"message": "ruby-ffi DDL loading issue on Windows OS",
"cve": "ffi:1.9.18:CVE-2018-1000201",
"severity": "High",
"solution": "upgrade to \u003e= 1.9.24",
"scanner": {
"id": "bundler_audit",
"name": "bundler-audit"
},
"location": {
"file": "sast-sample-rails/Gemfile.lock"
},
"identifiers": [
{
"type": "cve",
"name": "CVE-2018-1000201",
"value": "CVE-2018-1000201",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000201"
}
],
"links": [
{
"url": "https://github.com/ffi/ffi/releases/tag/1.9.24"
}
],
"priority": "High",
"file": "sast-sample-rails/Gemfile.lock",
"url": "https://github.com/ffi/ffi/releases/tag/1.9.24",
"tool": "bundler_audit"
} }
] ]
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment