Commit 732313ca authored by Kamil Trzciński's avatar Kamil Trzciński

Merge branch 'support-new-syntax-for-common-vulnerabilities' into 'master'

Support new report syntax for common vulnerabilities (CE backport)

See merge request gitlab-org/gitlab-ce!23962
parents 7759a65d 9c543a55
[
{
"category": "dependency_scanning",
"name": "io.netty/netty - CVE-2014-3488",
"message": "DoS by CPU exhaustion when using malicious SSL packets",
"cve": "app/pom.xml:io.netty/netty@3.9.1.Final:CVE-2014-3488",
"severity": "Unknown",
"solution": "Upgrade to the latest version",
"scanner": {
"id": "gemnasium",
"name": "Gemnasium"
},
"location": {
"file": "app/pom.xml",
"dependency": {
"package": {
"name": "io.netty/netty"
},
"version": "3.9.1.Final"
}
},
"identifiers": [
{
"type": "gemnasium",
"name": "Gemnasium-d1bf36d9-9f07-46cd-9cfc-8675338ada8f",
"value": "d1bf36d9-9f07-46cd-9cfc-8675338ada8f",
"url": "https://deps.sec.gitlab.com/packages/maven/io.netty/netty/versions/3.9.1.Final/advisories"
},
{
"type": "cve",
"name": "CVE-2014-3488",
"value": "CVE-2014-3488",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3488"
}
],
"links": [
{
"url": "https://bugzilla.redhat.com/CVE-2014-3488"
},
{
"url": "http://netty.io/news/2014/06/11/3.html"
},
{
"url": "https://github.com/netty/netty/issues/2562"
}
],
"priority": "Unknown",
"file": "app/pom.xml",
"url": "https://bugzilla.redhat.com/CVE-2014-3488",
"tool": "gemnasium"
},
{
"category": "dependency_scanning",
"name": "Django - CVE-2017-12794",
"message": "Possible XSS in traceback section of technical 500 debug page",
"cve": "app/requirements.txt:Django@1.11.3:CVE-2017-12794",
"severity": "Unknown",
"solution": "Upgrade to latest version or apply patch.",
"scanner": {
"id": "gemnasium",
"name": "Gemnasium"
},
"location": {
"file": "app/requirements.txt",
"dependency": {
"package": {
"name": "Django"
},
"version": "1.11.3"
}
},
"identifiers": [
{
"type": "gemnasium",
"name": "Gemnasium-6162a015-8635-4a15-8d7c-dc9321db366f",
"value": "6162a015-8635-4a15-8d7c-dc9321db366f",
"url": "https://deps.sec.gitlab.com/packages/pypi/Django/versions/1.11.3/advisories"
},
{
"type": "cve",
"name": "CVE-2017-12794",
"value": "CVE-2017-12794",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12794"
}
],
"links": [
{
"url": "https://www.djangoproject.com/weblog/2017/sep/05/security-releases/"
}
],
"priority": "Unknown",
"file": "app/requirements.txt",
"url": "https://www.djangoproject.com/weblog/2017/sep/05/security-releases/",
"tool": "gemnasium"
},
{
"category": "dependency_scanning",
"name": "nokogiri - USN-3424-1",
"message": "Vulnerabilities in libxml2",
"cve": "rails/Gemfile.lock:nokogiri@1.8.0:USN-3424-1",
"severity": "Unknown",
"solution": "Upgrade to latest version.",
"scanner": {
"id": "gemnasium",
"name": "Gemnasium"
},
"location": {
"file": "rails/Gemfile.lock",
"dependency": {
"package": {
"name": "nokogiri"
},
"version": "1.8.0"
}
},
"identifiers": [
{
"type": "gemnasium",
"name": "Gemnasium-06565b64-486d-4326-b906-890d9915804d",
"value": "06565b64-486d-4326-b906-890d9915804d",
"url": "https://deps.sec.gitlab.com/packages/gem/nokogiri/versions/1.8.0/advisories"
},
{
"type": "usn",
"name": "USN-3424-1",
"value": "USN-3424-1",
"url": "https://usn.ubuntu.com/3424-1/"
}
],
"links": [
{
"url": "https://github.com/sparklemotion/nokogiri/issues/1673"
}
],
"priority": "Unknown",
"file": "rails/Gemfile.lock",
"url": "https://github.com/sparklemotion/nokogiri/issues/1673",
"tool": "gemnasium"
},
{
"category": "dependency_scanning",
"name": "ffi - CVE-2018-1000201",
"message": "ruby-ffi DDL loading issue on Windows OS",
"cve": "ffi:1.9.18:CVE-2018-1000201",
"severity": "High",
"solution": "upgrade to \u003e= 1.9.24",
"scanner": {
"id": "bundler_audit",
"name": "bundler-audit"
},
"location": {
"file": "sast-sample-rails/Gemfile.lock",
"dependency": {
"package": {
"name": "ffi"
},
"version": "1.9.18"
}
},
"identifiers": [
{
"type": "cve",
"name": "CVE-2018-1000201",
"value": "CVE-2018-1000201",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000201"
}
],
"links": [
{
"url": "https://github.com/ffi/ffi/releases/tag/1.9.24"
}
],
"priority": "High",
"file": "sast-sample-rails/Gemfile.lock",
"url": "https://github.com/ffi/ffi/releases/tag/1.9.24",
"tool": "bundler_audit"
}
]
[
{
"category": "sast",
"message": "Probable insecure usage of temp file/directory.",
"cve": "python/hardcoded/hardcoded-tmp.py:52865813c884a507be1f152d654245af34aba8a391626d01f1ab6d3f52ec8779:B108",
"severity": "Medium",
"confidence": "Medium",
"scanner": {
"id": "bandit",
"name": "Bandit"
},
"location": {
"file": "python/hardcoded/hardcoded-tmp.py",
"start_line": 1,
"end_line": 1
},
"identifiers": [
{
"type": "bandit_test_id",
"name": "Bandit Test ID B108",
"value": "B108",
"url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html"
}
],
"priority": "Medium",
"file": "python/hardcoded/hardcoded-tmp.py",
"line": 1,
"url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html",
"tool": "bandit"
},
{
"category": "sast",
"name": "Predictable pseudorandom number generator",
"message": "Predictable pseudorandom number generator",
"cve": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:47:PREDICTABLE_RANDOM",
"severity": "Medium",
"confidence": "Medium",
"scanner": {
"id": "find_sec_bugs",
"name": "Find Security Bugs"
},
"location": {
"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
"start_line": 47,
"end_line": 47,
"class": "com.gitlab.security_products.tests.App",
"method": "generateSecretToken2"
},
"identifiers": [
{
"type": "find_sec_bugs_type",
"name": "Find Security Bugs-PREDICTABLE_RANDOM",
"value": "PREDICTABLE_RANDOM",
"url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM"
}
],
"priority": "Medium",
"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
"line": 47,
"url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM",
"tool": "find_sec_bugs"
},
{
"category": "sast",
"name": "Predictable pseudorandom number generator",
"message": "Predictable pseudorandom number generator",
"cve": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:41:PREDICTABLE_RANDOM",
"severity": "Medium",
"confidence": "Medium",
"scanner": {
"id": "find_sec_bugs",
"name": "Find Security Bugs"
},
"location": {
"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
"start_line": 41,
"end_line": 41,
"class": "com.gitlab.security_products.tests.App",
"method": "generateSecretToken1"
},
"identifiers": [
{
"type": "find_sec_bugs_type",
"name": "Find Security Bugs-PREDICTABLE_RANDOM",
"value": "PREDICTABLE_RANDOM",
"url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM"
}
],
"priority": "Medium",
"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
"line": 41,
"url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM",
"tool": "find_sec_bugs"
},
{
"category": "sast",
"message": "Use of insecure MD2, MD4, or MD5 hash function.",
"cve": "python/imports/imports-aliases.py:cb203b465dffb0cb3a8e8bd8910b84b93b0a5995a938e4b903dbb0cd6ffa1254:B303",
"severity": "Medium",
"confidence": "High",
"scanner": {
"id": "bandit",
"name": "Bandit"
},
"location": {
"file": "python/imports/imports-aliases.py",
"start_line": 11,
"end_line": 11
},
"identifiers": [
{
"type": "bandit_test_id",
"name": "Bandit Test ID B303",
"value": "B303"
}
],
"priority": "Medium",
"file": "python/imports/imports-aliases.py",
"line": 11,
"tool": "bandit"
},
{
"category": "sast",
"message": "Use of insecure MD2, MD4, or MD5 hash function.",
"cve": "python/imports/imports-aliases.py:a7173c43ae66bd07466632d819d450e0071e02dbf782763640d1092981f9631b:B303",
"severity": "Medium",
"confidence": "High",
"scanner": {
"id": "bandit",
"name": "Bandit"
},
"location": {
"file": "python/imports/imports-aliases.py",
"start_line": 12,
"end_line": 12
},
"identifiers": [
{
"type": "bandit_test_id",
"name": "Bandit Test ID B303",
"value": "B303"
}
],
"priority": "Medium",
"file": "python/imports/imports-aliases.py",
"line": 12,
"tool": "bandit"
},
{
"category": "sast",
"message": "Use of insecure MD2, MD4, or MD5 hash function.",
"cve": "python/imports/imports-aliases.py:017017b77deb0b8369b6065947833eeea752a92ec8a700db590fece3e934cf0d:B303",
"severity": "Medium",
"confidence": "High",
"scanner": {
"id": "bandit",
"name": "Bandit"
},
"location": {
"file": "python/imports/imports-aliases.py",
"start_line": 13,
"end_line": 13
},
"identifiers": [
{
"type": "bandit_test_id",
"name": "Bandit Test ID B303",
"value": "B303"
}
],
"priority": "Medium",
"file": "python/imports/imports-aliases.py",
"line": 13,
"tool": "bandit"
},
{
"category": "sast",
"message": "Use of insecure MD2, MD4, or MD5 hash function.",
"cve": "python/imports/imports-aliases.py:45fc8c53aea7b84f06bc4e590cc667678d6073c4c8a1d471177ca2146fb22db2:B303",
"severity": "Medium",
"confidence": "High",
"scanner": {
"id": "bandit",
"name": "Bandit"
},
"location": {
"file": "python/imports/imports-aliases.py",
"start_line": 14,
"end_line": 14
},
"identifiers": [
{
"type": "bandit_test_id",
"name": "Bandit Test ID B303",
"value": "B303"
}
],
"priority": "Medium",
"file": "python/imports/imports-aliases.py",
"line": 14,
"tool": "bandit"
},
{
"category": "sast",
"message": "Pickle library appears to be in use, possible security issue.",
"cve": "python/imports/imports-aliases.py:5f200d47291e7bbd8352db23019b85453ca048dd98ea0c291260fa7d009963a4:B301",
"severity": "Medium",
"confidence": "High",
"scanner": {
"id": "bandit",
"name": "Bandit"
},
"location": {
"file": "python/imports/imports-aliases.py",
"start_line": 15,
"end_line": 15
},
"identifiers": [
{
"type": "bandit_test_id",
"name": "Bandit Test ID B301",
"value": "B301"
}
],
"priority": "Medium",
"file": "python/imports/imports-aliases.py",
"line": 15,
"tool": "bandit"
},
{
"category": "sast",
"name": "ECB mode is insecure",
"message": "ECB mode is insecure",
"cve": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:29:ECB_MODE",
"severity": "Medium",
"confidence": "High",
"scanner": {
"id": "find_sec_bugs",
"name": "Find Security Bugs"
},
"location": {
"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
"start_line": 29,
"end_line": 29,
"class": "com.gitlab.security_products.tests.App",
"method": "insecureCypher"
},
"identifiers": [
{
"type": "find_sec_bugs_type",
"name": "Find Security Bugs-ECB_MODE",
"value": "ECB_MODE",
"url": "https://find-sec-bugs.github.io/bugs.htm#ECB_MODE"
}
],
"priority": "Medium",
"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
"line": 29,
"url": "https://find-sec-bugs.github.io/bugs.htm#ECB_MODE",
"tool": "find_sec_bugs"
},
{
"category": "sast",
"name": "Cipher with no integrity",
"message": "Cipher with no integrity",
"cve": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:29:CIPHER_INTEGRITY",
"severity": "Medium",
"confidence": "High",
"scanner": {
"id": "find_sec_bugs",
"name": "Find Security Bugs"
},
"location": {
"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
"start_line": 29,
"end_line": 29,
"class": "com.gitlab.security_products.tests.App",
"method": "insecureCypher"
},
"identifiers": [
{
"type": "find_sec_bugs_type",
"name": "Find Security Bugs-CIPHER_INTEGRITY",
"value": "CIPHER_INTEGRITY",
"url": "https://find-sec-bugs.github.io/bugs.htm#CIPHER_INTEGRITY"
}
],
"priority": "Medium",
"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
"line": 29,
"url": "https://find-sec-bugs.github.io/bugs.htm#CIPHER_INTEGRITY",
"tool": "find_sec_bugs"
},
{
"category": "sast",
"message": "Probable insecure usage of temp file/directory.",
"cve": "python/hardcoded/hardcoded-tmp.py:63dd4d626855555b816985d82c4614a790462a0a3ada89dc58eb97f9c50f3077:B108",
"severity": "Medium",
"confidence": "Medium",
"scanner": {
"id": "bandit",
"name": "Bandit"
},
"location": {
"file": "python/hardcoded/hardcoded-tmp.py",
"start_line": 14,
"end_line": 14
},
"identifiers": [
{
"type": "bandit_test_id",
"name": "Bandit Test ID B108",
"value": "B108",
"url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html"
}
],
"priority": "Medium",
"file": "python/hardcoded/hardcoded-tmp.py",
"line": 14,
"url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html",
"tool": "bandit"
},
{
"category": "sast",
"message": "Probable insecure usage of temp file/directory.",
"cve": "python/hardcoded/hardcoded-tmp.py:4ad6d4c40a8c263fc265f3384724014e0a4f8dd6200af83e51ff120420038031:B108",
"severity": "Medium",
"confidence": "Medium",
"scanner": {
"id": "bandit",
"name": "Bandit"
},
"location": {
"file": "python/hardcoded/hardcoded-tmp.py",
"start_line": 10,
"end_line": 10
},
"identifiers": [
{
"type": "bandit_test_id",
"name": "Bandit Test ID B108",
"value": "B108",
"url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html"
}
],
"priority": "Medium",
"file": "python/hardcoded/hardcoded-tmp.py",
"line": 10,
"url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html",
"tool": "bandit"
},
{
"category": "sast",
"message": "Consider possible security implications associated with Popen module.",
"cve": "python/imports/imports-aliases.py:2c3e1fa1e54c3c6646e8bcfaee2518153c6799b77587ff8d9a7b0631f6d34785:B404",
"severity": "Low",
"confidence": "High",
"scanner": {
"id": "bandit",
"name": "Bandit"
},
"location": {
"file": "python/imports/imports-aliases.py",
"start_line": 1,
"end_line": 1
},
"identifiers": [
{
"type": "bandit_test_id",
"name": "Bandit Test ID B404",
"value": "B404"
}
],
"priority": "Low",
"file": "python/imports/imports-aliases.py",
"line": 1,
"tool": "bandit"
},
{
"category": "sast",
"message": "Consider possible security implications associated with pickle module.",
"cve": "python/imports/imports.py:af58d07f6ad519ef5287fcae65bf1a6999448a1a3a8bc1ac2a11daa80d0b96bf:B403",
"severity": "Low",
"confidence": "High",
"scanner": {
"id": "bandit",
"name": "Bandit"
},
"location": {
"file": "python/imports/imports.py",
"start_line": 2,
"end_line": 2
},
"identifiers": [
{
"type": "bandit_test_id",
"name": "Bandit Test ID B403",
"value": "B403"
}
],
"priority": "Low",
"file": "python/imports/imports.py",
"line": 2,
"tool": "bandit"
},
{
"category": "sast",
"message": "Consider possible security implications associated with subprocess module.",
"cve": "python/imports/imports.py:8de9bc98029d212db530785a5f6780cfa663548746ff228ab8fa96c5bb82f089:B404",
"severity": "Low",
"confidence": "High",
"scanner": {
"id": "bandit",
"name": "Bandit"
},
"location": {
"file": "python/imports/imports.py",
"start_line": 4,
"end_line": 4
},
"identifiers": [
{
"type": "bandit_test_id",
"name": "Bandit Test ID B404",
"value": "B404"
}
],
"priority": "Low",
"file": "python/imports/imports.py",
"line": 4,
"tool": "bandit"
},
{
"category": "sast",
"message": "Possible hardcoded password: 'blerg'",
"cve": "python/hardcoded/hardcoded-passwords.py:97c30f1d76d2a88913e3ce9ae74087874d740f87de8af697a9c455f01119f633:B106",
"severity": "Low",
"confidence": "Medium",
"scanner": {
"id": "bandit",
"name": "Bandit"
},
"location": {
"file": "python/hardcoded/hardcoded-passwords.py",
"start_line": 22,
"end_line": 22
},
"identifiers": [
{
"type": "bandit_test_id",
"name": "Bandit Test ID B106",
"value": "B106",
"url": "https://docs.openstack.org/bandit/latest/plugins/b106_hardcoded_password_funcarg.html"
}
],
"priority": "Low",
"file": "python/hardcoded/hardcoded-passwords.py",
"line": 22,
"url": "https://docs.openstack.org/bandit/latest/plugins/b106_hardcoded_password_funcarg.html",
"tool": "bandit"
},
{
"category": "sast",
"message": "Possible hardcoded password: 'root'",
"cve": "python/hardcoded/hardcoded-passwords.py:7431c73a0bc16d94ece2a2e75ef38f302574d42c37ac0c3c38ad0b3bf8a59f10:B105",
"severity": "Low",
"confidence": "Medium",
"scanner": {
"id": "bandit",
"name": "Bandit"
},
"location": {
"file": "python/hardcoded/hardcoded-passwords.py",
"start_line": 5,
"end_line": 5
},
"identifiers": [
{
"type": "bandit_test_id",
"name": "Bandit Test ID B105",
"value": "B105",
"url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
}
],
"priority": "Low",
"file": "python/hardcoded/hardcoded-passwords.py",
"line": 5,
"url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html",
"tool": "bandit"
},
{
"category": "sast",
"message": "Possible hardcoded password: ''",
"cve": "python/hardcoded/hardcoded-passwords.py:d2d1857c27caedd49c57bfbcdc23afcc92bd66a22701fcdc632869aab4ca73ee:B105",
"severity": "Low",
"confidence": "Medium",
"scanner": {
"id": "bandit",
"name": "Bandit"
},
"location": {
"file": "python/hardcoded/hardcoded-passwords.py",
"start_line": 9,
"end_line": 9
},
"identifiers": [
{
"type": "bandit_test_id",
"name": "Bandit Test ID B105",
"value": "B105",
"url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
}
],
"priority": "Low",
"file": "python/hardcoded/hardcoded-passwords.py",
"line": 9,
"url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html",
"tool": "bandit"
},
{
"category": "sast",
"message": "Possible hardcoded password: 'ajklawejrkl42348swfgkg'",
"cve": "python/hardcoded/hardcoded-passwords.py:fb3866215a61393a5c9c32a3b60e2058171a23219c353f722cbd3567acab21d2:B105",
"severity": "Low",
"confidence": "Medium",
"scanner": {
"id": "bandit",
"name": "Bandit"
},
"location": {
"file": "python/hardcoded/hardcoded-passwords.py",
"start_line": 13,
"end_line": 13
},
"identifiers": [
{
"type": "bandit_test_id",
"name": "Bandit Test ID B105",
"value": "B105",
"url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
}
],
"priority": "Low",
"file": "python/hardcoded/hardcoded-passwords.py",
"line": 13,
"url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html",
"tool": "bandit"
},
{
"category": "sast",
"message": "Possible hardcoded password: 'blerg'",
"cve": "python/hardcoded/hardcoded-passwords.py:63c62a8b7e1e5224439bd26b28030585ac48741e28ca64561a6071080c560a5f:B105",
"severity": "Low",
"confidence": "Medium",
"scanner": {
"id": "bandit",
"name": "Bandit"
},
"location": {
"file": "python/hardcoded/hardcoded-passwords.py",
"start_line": 23,
"end_line": 23
},
"identifiers": [
{
"type": "bandit_test_id",
"name": "Bandit Test ID B105",
"value": "B105",
"url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
}
],
"priority": "Low",
"file": "python/hardcoded/hardcoded-passwords.py",
"line": 23,
"url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html",
"tool": "bandit"
},
{
"category": "sast",
"message": "Possible hardcoded password: 'blerg'",
"cve": "python/hardcoded/hardcoded-passwords.py:4311b06d08df8fa58229b341c531da8e1a31ec4520597bdff920cd5c098d86f9:B105",
"severity": "Low",
"confidence": "Medium",
"scanner": {
"id": "bandit",
"name": "Bandit"
},
"location": {
"file": "python/hardcoded/hardcoded-passwords.py",
"start_line": 24,
"end_line": 24
},
"identifiers": [
{
"type": "bandit_test_id",
"name": "Bandit Test ID B105",
"value": "B105",
"url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
}
],
"priority": "Low",
"file": "python/hardcoded/hardcoded-passwords.py",
"line": 24,
"url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html",
"tool": "bandit"
},
{
"category": "sast",
"message": "Consider possible security implications associated with subprocess module.",
"cve": "python/imports/imports-function.py:5858400c2f39047787702de44d03361ef8d954c9d14bd54ee1c2bef9e6a7df93:B404",
"severity": "Low",
"confidence": "High",
"scanner": {
"id": "bandit",
"name": "Bandit"
},
"location": {
"file": "python/imports/imports-function.py",
"start_line": 4,
"end_line": 4
},
"identifiers": [
{
"type": "bandit_test_id",
"name": "Bandit Test ID B404",
"value": "B404"
}
],
"priority": "Low",
"file": "python/imports/imports-function.py",
"line": 4,
"tool": "bandit"
},
{
"category": "sast",
"message": "Consider possible security implications associated with pickle module.",
"cve": "python/imports/imports-function.py:dbda3cf4190279d30e0aad7dd137eca11272b0b225e8af4e8bf39682da67d956:B403",
"severity": "Low",
"confidence": "High",
"scanner": {
"id": "bandit",
"name": "Bandit"
},
"location": {
"file": "python/imports/imports-function.py",
"start_line": 2,
"end_line": 2
},
"identifiers": [
{
"type": "bandit_test_id",
"name": "Bandit Test ID B403",
"value": "B403"
}
],
"priority": "Low",
"file": "python/imports/imports-function.py",
"line": 2,
"tool": "bandit"
},
{
"category": "sast",
"message": "Consider possible security implications associated with Popen module.",
"cve": "python/imports/imports-from.py:eb8a0db9cd1a8c1ab39a77e6025021b1261cc2a0b026b2f4a11fca4e0636d8dd:B404",
"severity": "Low",
"confidence": "High",
"scanner": {
"id": "bandit",
"name": "Bandit"
},
"location": {
"file": "python/imports/imports-from.py",
"start_line": 7,
"end_line": 7
},
"identifiers": [
{
"type": "bandit_test_id",
"name": "Bandit Test ID B404",
"value": "B404"
}
],
"priority": "Low",
"file": "python/imports/imports-from.py",
"line": 7,
"tool": "bandit"
},
{
"category": "sast",
"message": "subprocess call with shell=True seems safe, but may be changed in the future, consider rewriting without shell",
"cve": "python/imports/imports-aliases.py:f99f9721e27537fbcb6699a4cf39c6740d6234d2c6f06cfc2d9ea977313c483d:B602",
"severity": "Low",
"confidence": "High",
"scanner": {
"id": "bandit",
"name": "Bandit"
},
"location": {
"file": "python/imports/imports-aliases.py",
"start_line": 9,
"end_line": 9
},
"identifiers": [
{
"type": "bandit_test_id",
"name": "Bandit Test ID B602",
"value": "B602",
"url": "https://docs.openstack.org/bandit/latest/plugins/b602_subprocess_popen_with_shell_equals_true.html"
}
],
"priority": "Low",
"file": "python/imports/imports-aliases.py",
"line": 9,
"url": "https://docs.openstack.org/bandit/latest/plugins/b602_subprocess_popen_with_shell_equals_true.html",
"tool": "bandit"
},
{
"category": "sast",
"message": "Consider possible security implications associated with subprocess module.",
"cve": "python/imports/imports-from.py:332a12ab1146698f614a905ce6a6a5401497a12281aef200e80522711c69dcf4:B404",
"severity": "Low",
"confidence": "High",
"scanner": {
"id": "bandit",
"name": "Bandit"
},
"location": {
"file": "python/imports/imports-from.py",
"start_line": 6,
"end_line": 6
},
"identifiers": [
{
"type": "bandit_test_id",
"name": "Bandit Test ID B404",
"value": "B404"
}
],
"priority": "Low",
"file": "python/imports/imports-from.py",
"line": 6,
"tool": "bandit"
},
{
"category": "sast",
"message": "Consider possible security implications associated with Popen module.",
"cve": "python/imports/imports-from.py:0a48de4a3d5348853a03666cb574697e3982998355e7a095a798bd02a5947276:B404",
"severity": "Low",
"confidence": "High",
"scanner": {
"id": "bandit",
"name": "Bandit"
},
"location": {
"file": "python/imports/imports-from.py",
"start_line": 1,
"end_line": 2
},
"identifiers": [
{
"type": "bandit_test_id",
"name": "Bandit Test ID B404",
"value": "B404"
}
],
"priority": "Low",
"file": "python/imports/imports-from.py",
"line": 1,
"tool": "bandit"
},
{
"category": "sast",
"message": "Consider possible security implications associated with pickle module.",
"cve": "python/imports/imports-aliases.py:51b71661dff994bde3529639a727a678c8f5c4c96f00d300913f6d5be1bbdf26:B403",
"severity": "Low",
"confidence": "High",
"scanner": {
"id": "bandit",
"name": "Bandit"
},
"location": {
"file": "python/imports/imports-aliases.py",
"start_line": 7,
"end_line": 8
},
"identifiers": [
{
"type": "bandit_test_id",
"name": "Bandit Test ID B403",
"value": "B403"
}
],
"priority": "Low",
"file": "python/imports/imports-aliases.py",
"line": 7,
"tool": "bandit"
},
{
"category": "sast",
"message": "Consider possible security implications associated with loads module.",
"cve": "python/imports/imports-aliases.py:6ff02aeb3149c01ab68484d794a94f58d5d3e3bb0d58557ef4153644ea68ea54:B403",
"severity": "Low",
"confidence": "High",
"scanner": {
"id": "bandit",
"name": "Bandit"
},
"location": {
"file": "python/imports/imports-aliases.py",
"start_line": 6,
"end_line": 6
},
"identifiers": [
{
"type": "bandit_test_id",
"name": "Bandit Test ID B403",
"value": "B403"
}
],
"priority": "Low",
"file": "python/imports/imports-aliases.py",
"line": 6,
"tool": "bandit"
},
{
"category": "sast",
"message": "Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120)",
"cve": "c/subdir/utils.c:b466873101951fe96e1332f6728eb7010acbbd5dfc3b65d7d53571d091a06d9e:CWE-119!/CWE-120",
"confidence": "Low",
"solution": "Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length",
"scanner": {
"id": "flawfinder",
"name": "Flawfinder"
},
"location": {
"file": "c/subdir/utils.c",
"start_line": 4
},
"identifiers": [
{
"type": "cwe",
"name": "CWE-119",
"value": "119",
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"type": "cwe",
"name": "CWE-120",
"value": "120",
"url": "https://cwe.mitre.org/data/definitions/120.html"
}
],
"file": "c/subdir/utils.c",
"line": 4,
"url": "https://cwe.mitre.org/data/definitions/119.html",
"tool": "flawfinder"
},
{
"category": "sast",
"message": "Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362)",
"cve": "c/subdir/utils.c:bab681140fcc8fc3085b6bba74081b44ea145c1c98b5e70cf19ace2417d30770:CWE-362",
"confidence": "Low",
"scanner": {
"id": "flawfinder",
"name": "Flawfinder"
},
"location": {
"file": "c/subdir/utils.c",
"start_line": 8
},
"identifiers": [
{
"type": "cwe",
"name": "CWE-362",
"value": "362",
"url": "https://cwe.mitre.org/data/definitions/362.html"
}
],
"file": "c/subdir/utils.c",
"line": 8,
"url": "https://cwe.mitre.org/data/definitions/362.html",
"tool": "flawfinder"
},
{
"category": "sast",
"message": "Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120)",
"cve": "cplusplus/src/hello.cpp:c8c6dd0afdae6814194cf0930b719f757ab7b379cf8f261e7f4f9f2f323a818a:CWE-119!/CWE-120",
"confidence": "Low",
"solution": "Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length",
"scanner": {
"id": "flawfinder",
"name": "Flawfinder"
},
"location": {
"file": "cplusplus/src/hello.cpp",
"start_line": 6
},
"identifiers": [
{
"type": "cwe",
"name": "CWE-119",
"value": "119",
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"type": "cwe",
"name": "CWE-120",
"value": "120",
"url": "https://cwe.mitre.org/data/definitions/120.html"
}
],
"file": "cplusplus/src/hello.cpp",
"line": 6,
"url": "https://cwe.mitre.org/data/definitions/119.html",
"tool": "flawfinder"
},
{
"category": "sast",
"message": "Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120)",
"cve": "cplusplus/src/hello.cpp:331c04062c4fe0c7c486f66f59e82ad146ab33cdd76ae757ca41f392d568cbd0:CWE-120",
"confidence": "Low",
"solution": "Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)",
"scanner": {
"id": "flawfinder",
"name": "Flawfinder"
},
"location": {
"file": "cplusplus/src/hello.cpp",
"start_line": 7
},
"identifiers": [
{
"type": "cwe",
"name": "CWE-120",
"value": "120",
"url": "https://cwe.mitre.org/data/definitions/120.html"
}
],
"file": "cplusplus/src/hello.cpp",
"line": 7,
"url": "https://cwe.mitre.org/data/definitions/120.html",
"tool": "flawfinder"
}
]
[ {
{ "version": "1.3",
"category": "dependency_scanning", "vulnerabilities": [
"name": "io.netty/netty - CVE-2014-3488", {
"message": "DoS by CPU exhaustion when using malicious SSL packets", "category": "dependency_scanning",
"cve": "app/pom.xml:io.netty/netty@3.9.1.Final:CVE-2014-3488", "name": "io.netty/netty - CVE-2014-3488",
"severity": "Unknown", "message": "DoS by CPU exhaustion when using malicious SSL packets",
"solution": "Upgrade to the latest version", "cve": "app/pom.xml:io.netty/netty@3.9.1.Final:CVE-2014-3488",
"scanner": { "severity": "Unknown",
"id": "gemnasium", "solution": "Upgrade to the latest version",
"name": "Gemnasium" "scanner": {
}, "id": "gemnasium",
"location": { "name": "Gemnasium"
"file": "app/pom.xml", },
"dependency": { "location": {
"package": { "file": "app/pom.xml",
"name": "io.netty/netty" "dependency": {
"package": {
"name": "io.netty/netty"
},
"version": "3.9.1.Final"
}
},
"identifiers": [
{
"type": "gemnasium",
"name": "Gemnasium-d1bf36d9-9f07-46cd-9cfc-8675338ada8f",
"value": "d1bf36d9-9f07-46cd-9cfc-8675338ada8f",
"url": "https://deps.sec.gitlab.com/packages/maven/io.netty/netty/versions/3.9.1.Final/advisories"
},
{
"type": "cve",
"name": "CVE-2014-3488",
"value": "CVE-2014-3488",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3488"
}
],
"links": [
{
"url": "https://bugzilla.redhat.com/CVE-2014-3488"
}, },
"version": "3.9.1.Final" {
} "url": "http://netty.io/news/2014/06/11/3.html"
},
{
"url": "https://github.com/netty/netty/issues/2562"
}
],
"priority": "Unknown",
"file": "app/pom.xml",
"url": "https://bugzilla.redhat.com/CVE-2014-3488",
"tool": "gemnasium"
}, },
"identifiers": [ {
{ "category": "dependency_scanning",
"type": "gemnasium", "name": "Django - CVE-2017-12794",
"name": "Gemnasium-d1bf36d9-9f07-46cd-9cfc-8675338ada8f", "message": "Possible XSS in traceback section of technical 500 debug page",
"value": "d1bf36d9-9f07-46cd-9cfc-8675338ada8f", "cve": "app/requirements.txt:Django@1.11.3:CVE-2017-12794",
"url": "https://deps.sec.gitlab.com/packages/maven/io.netty/netty/versions/3.9.1.Final/advisories" "severity": "Unknown",
}, "solution": "Upgrade to latest version or apply patch.",
{ "scanner": {
"type": "cve", "id": "gemnasium",
"name": "CVE-2014-3488", "name": "Gemnasium"
"value": "CVE-2014-3488",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3488"
}
],
"links": [
{
"url": "https://bugzilla.redhat.com/CVE-2014-3488"
}, },
{ "location": {
"url": "http://netty.io/news/2014/06/11/3.html" "file": "app/requirements.txt",
"dependency": {
"package": {
"name": "Django"
},
"version": "1.11.3"
}
}, },
{ "identifiers": [
"url": "https://github.com/netty/netty/issues/2562" {
} "type": "gemnasium",
], "name": "Gemnasium-6162a015-8635-4a15-8d7c-dc9321db366f",
"priority": "Unknown", "value": "6162a015-8635-4a15-8d7c-dc9321db366f",
"file": "app/pom.xml", "url": "https://deps.sec.gitlab.com/packages/pypi/Django/versions/1.11.3/advisories"
"url": "https://bugzilla.redhat.com/CVE-2014-3488",
"tool": "gemnasium"
},
{
"category": "dependency_scanning",
"name": "Django - CVE-2017-12794",
"message": "Possible XSS in traceback section of technical 500 debug page",
"cve": "app/requirements.txt:Django@1.11.3:CVE-2017-12794",
"severity": "Unknown",
"solution": "Upgrade to latest version or apply patch.",
"scanner": {
"id": "gemnasium",
"name": "Gemnasium"
},
"location": {
"file": "app/requirements.txt",
"dependency": {
"package": {
"name": "Django"
}, },
"version": "1.11.3" {
} "type": "cve",
"name": "CVE-2017-12794",
"value": "CVE-2017-12794",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12794"
}
],
"links": [
{
"url": "https://www.djangoproject.com/weblog/2017/sep/05/security-releases/"
}
],
"priority": "Unknown",
"file": "app/requirements.txt",
"url": "https://www.djangoproject.com/weblog/2017/sep/05/security-releases/",
"tool": "gemnasium"
}, },
"identifiers": [ {
{ "category": "dependency_scanning",
"type": "gemnasium", "name": "nokogiri - USN-3424-1",
"name": "Gemnasium-6162a015-8635-4a15-8d7c-dc9321db366f", "message": "Vulnerabilities in libxml2",
"value": "6162a015-8635-4a15-8d7c-dc9321db366f", "cve": "rails/Gemfile.lock:nokogiri@1.8.0:USN-3424-1",
"url": "https://deps.sec.gitlab.com/packages/pypi/Django/versions/1.11.3/advisories" "severity": "Unknown",
"solution": "Upgrade to latest version.",
"scanner": {
"id": "gemnasium",
"name": "Gemnasium"
}, },
{ "location": {
"type": "cve", "file": "rails/Gemfile.lock",
"name": "CVE-2017-12794", "dependency": {
"value": "CVE-2017-12794", "package": {
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12794" "name": "nokogiri"
} },
], "version": "1.8.0"
"links": [ }
{ },
"url": "https://www.djangoproject.com/weblog/2017/sep/05/security-releases/" "identifiers": [
} {
], "type": "gemnasium",
"priority": "Unknown", "name": "Gemnasium-06565b64-486d-4326-b906-890d9915804d",
"file": "app/requirements.txt", "value": "06565b64-486d-4326-b906-890d9915804d",
"url": "https://www.djangoproject.com/weblog/2017/sep/05/security-releases/", "url": "https://deps.sec.gitlab.com/packages/gem/nokogiri/versions/1.8.0/advisories"
"tool": "gemnasium"
},
{
"category": "dependency_scanning",
"name": "nokogiri - USN-3424-1",
"message": "Vulnerabilities in libxml2",
"cve": "rails/Gemfile.lock:nokogiri@1.8.0:USN-3424-1",
"severity": "Unknown",
"solution": "Upgrade to latest version.",
"scanner": {
"id": "gemnasium",
"name": "Gemnasium"
},
"location": {
"file": "rails/Gemfile.lock",
"dependency": {
"package": {
"name": "nokogiri"
}, },
"version": "1.8.0" {
} "type": "usn",
"name": "USN-3424-1",
"value": "USN-3424-1",
"url": "https://usn.ubuntu.com/3424-1/"
}
],
"links": [
{
"url": "https://github.com/sparklemotion/nokogiri/issues/1673"
}
],
"priority": "Unknown",
"file": "rails/Gemfile.lock",
"url": "https://github.com/sparklemotion/nokogiri/issues/1673",
"tool": "gemnasium"
}, },
"identifiers": [ {
{ "category": "dependency_scanning",
"type": "gemnasium", "name": "ffi - CVE-2018-1000201",
"name": "Gemnasium-06565b64-486d-4326-b906-890d9915804d", "message": "ruby-ffi DDL loading issue on Windows OS",
"value": "06565b64-486d-4326-b906-890d9915804d", "cve": "ffi:1.9.18:CVE-2018-1000201",
"url": "https://deps.sec.gitlab.com/packages/gem/nokogiri/versions/1.8.0/advisories" "severity": "High",
"solution": "upgrade to \u003e= 1.9.24",
"scanner": {
"id": "bundler_audit",
"name": "bundler-audit"
}, },
{ "location": {
"type": "usn", "file": "sast-sample-rails/Gemfile.lock",
"name": "USN-3424-1", "dependency": {
"value": "USN-3424-1", "package": {
"url": "https://usn.ubuntu.com/3424-1/" "name": "ffi"
} },
], "version": "1.9.18"
"links": [ }
{ },
"url": "https://github.com/sparklemotion/nokogiri/issues/1673" "identifiers": [
} {
], "type": "cve",
"priority": "Unknown", "name": "CVE-2018-1000201",
"file": "rails/Gemfile.lock", "value": "CVE-2018-1000201",
"url": "https://github.com/sparklemotion/nokogiri/issues/1673", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000201"
"tool": "gemnasium" }
}, ],
{ "links": [
"category": "dependency_scanning", {
"name": "ffi - CVE-2018-1000201", "url": "https://github.com/ffi/ffi/releases/tag/1.9.24"
"message": "ruby-ffi DDL loading issue on Windows OS", }
"cve": "ffi:1.9.18:CVE-2018-1000201", ],
"severity": "High", "priority": "High",
"solution": "upgrade to \u003e= 1.9.24",
"scanner": {
"id": "bundler_audit",
"name": "bundler-audit"
},
"location": {
"file": "sast-sample-rails/Gemfile.lock", "file": "sast-sample-rails/Gemfile.lock",
"dependency": { "url": "https://github.com/ffi/ffi/releases/tag/1.9.24",
"package": { "tool": "bundler_audit"
"name": "ffi" }
}, ]
"version": "1.9.18" }
}
},
"identifiers": [
{
"type": "cve",
"name": "CVE-2018-1000201",
"value": "CVE-2018-1000201",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000201"
}
],
"links": [
{
"url": "https://github.com/ffi/ffi/releases/tag/1.9.24"
}
],
"priority": "High",
"file": "sast-sample-rails/Gemfile.lock",
"url": "https://github.com/ffi/ffi/releases/tag/1.9.24",
"tool": "bundler_audit"
}
]
{ {
"licenses": [ "licenses": [
{ {
"count": 13, "count": 1,
"name": "MIT" "name": "WTFPL"
},
{
"count": 2,
"name": "New BSD"
}, },
{ {
"count": 1, "count": 1,
"name": "LGPL" "name": "MIT"
} }
], ],
"dependencies": [ "dependencies": [
...@@ -20,107 +16,9 @@ ...@@ -20,107 +16,9 @@
"url": "http://opensource.org/licenses/mit-license" "url": "http://opensource.org/licenses/mit-license"
}, },
"dependency": { "dependency": {
"name": "bundler", "name": "actioncable",
"url": "http://bundler.io", "url": "http://rubyonrails.org",
"description": "The best way to manage your application's dependencies", "description": "WebSocket framework for Rails.",
"pathes": [
"."
]
}
},
{
"license": {
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "concurrent-ruby",
"url": "http://www.concurrent-ruby.com",
"description": "Modern concurrency tools for Ruby. Inspired by Erlang, Clojure, Scala, Haskell, F#, C#, Java, and classic concurrency patterns.",
"pathes": [
"."
]
}
},
{
"license": {
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "connection_pool",
"url": "https://github.com/mperham/connection_pool",
"description": "Generic connection pool for Ruby",
"pathes": [
"."
]
}
},
{
"license": {
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "mini_portile2",
"url": "http://github.com/flavorjones/mini_portile",
"description": "Simplistic port-like solution for developers",
"pathes": [
"."
]
}
},
{
"license": {
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "mustermann",
"url": "https://github.com/sinatra/mustermann",
"description": "Your personal string matching expert.",
"pathes": [
"."
]
}
},
{
"license": {
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "nokogiri",
"url": "http://nokogiri.org",
"description": "Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser",
"pathes": [
"."
]
}
},
{
"license": {
"name": "New BSD",
"url": "http://opensource.org/licenses/BSD-3-Clause"
},
"dependency": {
"name": "pg",
"url": "https://bitbucket.org/ged/ruby-pg",
"description": "Pg is the Ruby interface to the {PostgreSQL RDBMS}[http://www.postgresql.org/]",
"pathes": [
"."
]
}
},
{
"license": {
"name": "New BSD",
"url": "http://opensource.org/licenses/BSD-3-Clause"
},
"dependency": {
"name": "puma",
"url": "http://puma.io",
"description": "Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications",
"pathes": [ "pathes": [
"." "."
] ]
...@@ -128,111 +26,13 @@ ...@@ -128,111 +26,13 @@
}, },
{ {
"license": { "license": {
"name": "MIT", "name": "WTFPL",
"url": "http://opensource.org/licenses/mit-license" "url": "http://www.wtfpl.net/"
},
"dependency": {
"name": "rack",
"url": "https://rack.github.io/",
"description": "a modular Ruby webserver interface",
"pathes": [
"."
]
}
},
{
"license": {
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "rack-protection",
"url": "http://github.com/sinatra/sinatra/tree/master/rack-protection",
"description": "Protect against typical web attacks, works with all Rack apps, including Rails.",
"pathes": [
"."
]
}
},
{
"license": {
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "redis",
"url": "https://github.com/redis/redis-rb",
"description": "A Ruby client library for Redis",
"pathes": [
"."
]
}
},
{
"license": {
"name": "LGPL",
"url": "http://www.gnu.org/licenses/lgpl.txt"
},
"dependency": {
"name": "sidekiq",
"url": "http://sidekiq.org",
"description": "Simple, efficient background processing for Ruby",
"pathes": [
"."
]
}
},
{
"license": {
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "sinatra",
"url": "http://www.sinatrarb.com/",
"description": "Classy web-development dressed in a DSL",
"pathes": [
"."
]
}
},
{
"license": {
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "slim",
"url": "http://slim-lang.com/",
"description": "Slim is a template language.",
"pathes": [
"."
]
}
},
{
"license": {
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "temple",
"url": "https://github.com/judofyr/temple",
"description": "Template compilation framework in Ruby",
"pathes": [
"."
]
}
},
{
"license": {
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
}, },
"dependency": { "dependency": {
"name": "tilt", "name": "wtfpl_init",
"url": "http://github.com/rtomayko/tilt/", "url": "https://rubygems.org/gems/wtfpl_init",
"description": "Generic interface to multiple Ruby template engines", "description": "Download WTFPL license file and rename to LICENSE.md or something",
"pathes": [ "pathes": [
"." "."
] ]
......
[ {
{ "version": "1.2",
"category": "sast", "vulnerabilities": [
"message": "Probable insecure usage of temp file/directory.", {
"cve": "python/hardcoded/hardcoded-tmp.py:52865813c884a507be1f152d654245af34aba8a391626d01f1ab6d3f52ec8779:B108", "category": "sast",
"severity": "Medium", "message": "Probable insecure usage of temp file/directory.",
"confidence": "Medium", "cve": "python/hardcoded/hardcoded-tmp.py:52865813c884a507be1f152d654245af34aba8a391626d01f1ab6d3f52ec8779:B108",
"scanner": { "severity": "Medium",
"id": "bandit", "confidence": "Medium",
"name": "Bandit" "scanner": {
}, "id": "bandit",
"location": { "name": "Bandit"
},
"location": {
"file": "python/hardcoded/hardcoded-tmp.py",
"start_line": 1,
"end_line": 1
},
"identifiers": [
{
"type": "bandit_test_id",
"name": "Bandit Test ID B108",
"value": "B108",
"url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html"
}
],
"priority": "Medium",
"file": "python/hardcoded/hardcoded-tmp.py", "file": "python/hardcoded/hardcoded-tmp.py",
"start_line": 1, "line": 1,
"end_line": 1 "url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html",
}, "tool": "bandit"
"identifiers": [ },
{ {
"type": "bandit_test_id", "category": "sast",
"name": "Bandit Test ID B108", "name": "Predictable pseudorandom number generator",
"value": "B108", "message": "Predictable pseudorandom number generator",
"url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html" "cve": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:47:PREDICTABLE_RANDOM",
} "severity": "Medium",
], "confidence": "Medium",
"priority": "Medium", "scanner": {
"file": "python/hardcoded/hardcoded-tmp.py", "id": "find_sec_bugs",
"line": 1, "name": "Find Security Bugs"
"url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html", },
"tool": "bandit" "location": {
}, "file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
{ "start_line": 47,
"category": "sast", "end_line": 47,
"name": "Predictable pseudorandom number generator", "class": "com.gitlab.security_products.tests.App",
"message": "Predictable pseudorandom number generator", "method": "generateSecretToken2"
"cve": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:47:PREDICTABLE_RANDOM", },
"severity": "Medium", "identifiers": [
"confidence": "Medium", {
"scanner": { "type": "find_sec_bugs_type",
"id": "find_sec_bugs", "name": "Find Security Bugs-PREDICTABLE_RANDOM",
"name": "Find Security Bugs" "value": "PREDICTABLE_RANDOM",
}, "url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM"
"location": { }
],
"priority": "Medium",
"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy", "file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
"start_line": 47, "line": 47,
"end_line": 47, "url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM",
"class": "com.gitlab.security_products.tests.App", "tool": "find_sec_bugs"
"method": "generateSecretToken2" },
}, {
"identifiers": [ "category": "sast",
{ "name": "Predictable pseudorandom number generator",
"type": "find_sec_bugs_type", "message": "Predictable pseudorandom number generator",
"name": "Find Security Bugs-PREDICTABLE_RANDOM", "cve": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:41:PREDICTABLE_RANDOM",
"value": "PREDICTABLE_RANDOM", "severity": "Medium",
"url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM" "confidence": "Medium",
} "scanner": {
], "id": "find_sec_bugs",
"priority": "Medium", "name": "Find Security Bugs"
"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy", },
"line": 47, "location": {
"url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM", "file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
"tool": "find_sec_bugs" "start_line": 41,
}, "end_line": 41,
{ "class": "com.gitlab.security_products.tests.App",
"category": "sast", "method": "generateSecretToken1"
"name": "Predictable pseudorandom number generator", },
"message": "Predictable pseudorandom number generator", "identifiers": [
"cve": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:41:PREDICTABLE_RANDOM", {
"severity": "Medium", "type": "find_sec_bugs_type",
"confidence": "Medium", "name": "Find Security Bugs-PREDICTABLE_RANDOM",
"scanner": { "value": "PREDICTABLE_RANDOM",
"id": "find_sec_bugs", "url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM"
"name": "Find Security Bugs" }
}, ],
"location": { "priority": "Medium",
"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy", "file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
"start_line": 41, "line": 41,
"end_line": 41, "url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM",
"class": "com.gitlab.security_products.tests.App", "tool": "find_sec_bugs"
"method": "generateSecretToken1" },
}, {
"identifiers": [ "category": "sast",
{ "message": "Use of insecure MD2, MD4, or MD5 hash function.",
"type": "find_sec_bugs_type", "cve": "python/imports/imports-aliases.py:cb203b465dffb0cb3a8e8bd8910b84b93b0a5995a938e4b903dbb0cd6ffa1254:B303",
"name": "Find Security Bugs-PREDICTABLE_RANDOM", "severity": "Medium",
"value": "PREDICTABLE_RANDOM", "confidence": "High",
"url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM" "scanner": {
} "id": "bandit",
], "name": "Bandit"
"priority": "Medium", },
"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy", "location": {
"line": 41, "file": "python/imports/imports-aliases.py",
"url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM", "start_line": 11,
"tool": "find_sec_bugs" "end_line": 11
}, },
{ "identifiers": [
"category": "sast", {
"message": "Use of insecure MD2, MD4, or MD5 hash function.", "type": "bandit_test_id",
"cve": "python/imports/imports-aliases.py:cb203b465dffb0cb3a8e8bd8910b84b93b0a5995a938e4b903dbb0cd6ffa1254:B303", "name": "Bandit Test ID B303",
"severity": "Medium", "value": "B303"
"confidence": "High", }
"scanner": { ],
"id": "bandit", "priority": "Medium",
"name": "Bandit"
},
"location": {
"file": "python/imports/imports-aliases.py", "file": "python/imports/imports-aliases.py",
"start_line": 11, "line": 11,
"end_line": 11 "tool": "bandit"
}, },
"identifiers": [ {
{ "category": "sast",
"type": "bandit_test_id", "message": "Use of insecure MD2, MD4, or MD5 hash function.",
"name": "Bandit Test ID B303", "cve": "python/imports/imports-aliases.py:a7173c43ae66bd07466632d819d450e0071e02dbf782763640d1092981f9631b:B303",
"value": "B303" "severity": "Medium",
} "confidence": "High",
], "scanner": {
"priority": "Medium", "id": "bandit",
"file": "python/imports/imports-aliases.py", "name": "Bandit"
"line": 11, },
"tool": "bandit" "location": {
}, "file": "python/imports/imports-aliases.py",
{ "start_line": 12,
"category": "sast", "end_line": 12
"message": "Use of insecure MD2, MD4, or MD5 hash function.", },
"cve": "python/imports/imports-aliases.py:a7173c43ae66bd07466632d819d450e0071e02dbf782763640d1092981f9631b:B303", "identifiers": [
"severity": "Medium", {
"confidence": "High", "type": "bandit_test_id",
"scanner": { "name": "Bandit Test ID B303",
"id": "bandit", "value": "B303"
"name": "Bandit" }
}, ],
"location": { "priority": "Medium",
"file": "python/imports/imports-aliases.py", "file": "python/imports/imports-aliases.py",
"start_line": 12, "line": 12,
"end_line": 12 "tool": "bandit"
}, },
"identifiers": [ {
{ "category": "sast",
"type": "bandit_test_id", "message": "Use of insecure MD2, MD4, or MD5 hash function.",
"name": "Bandit Test ID B303", "cve": "python/imports/imports-aliases.py:017017b77deb0b8369b6065947833eeea752a92ec8a700db590fece3e934cf0d:B303",
"value": "B303" "severity": "Medium",
} "confidence": "High",
], "scanner": {
"priority": "Medium", "id": "bandit",
"file": "python/imports/imports-aliases.py", "name": "Bandit"
"line": 12, },
"tool": "bandit" "location": {
}, "file": "python/imports/imports-aliases.py",
{ "start_line": 13,
"category": "sast", "end_line": 13
"message": "Use of insecure MD2, MD4, or MD5 hash function.", },
"cve": "python/imports/imports-aliases.py:017017b77deb0b8369b6065947833eeea752a92ec8a700db590fece3e934cf0d:B303", "identifiers": [
"severity": "Medium", {
"confidence": "High", "type": "bandit_test_id",
"scanner": { "name": "Bandit Test ID B303",
"id": "bandit", "value": "B303"
"name": "Bandit" }
}, ],
"location": { "priority": "Medium",
"file": "python/imports/imports-aliases.py", "file": "python/imports/imports-aliases.py",
"start_line": 13, "line": 13,
"end_line": 13 "tool": "bandit"
}, },
"identifiers": [ {
{ "category": "sast",
"type": "bandit_test_id", "message": "Use of insecure MD2, MD4, or MD5 hash function.",
"name": "Bandit Test ID B303", "cve": "python/imports/imports-aliases.py:45fc8c53aea7b84f06bc4e590cc667678d6073c4c8a1d471177ca2146fb22db2:B303",
"value": "B303" "severity": "Medium",
} "confidence": "High",
], "scanner": {
"priority": "Medium", "id": "bandit",
"file": "python/imports/imports-aliases.py", "name": "Bandit"
"line": 13, },
"tool": "bandit" "location": {
}, "file": "python/imports/imports-aliases.py",
{ "start_line": 14,
"category": "sast", "end_line": 14
"message": "Use of insecure MD2, MD4, or MD5 hash function.", },
"cve": "python/imports/imports-aliases.py:45fc8c53aea7b84f06bc4e590cc667678d6073c4c8a1d471177ca2146fb22db2:B303", "identifiers": [
"severity": "Medium", {
"confidence": "High", "type": "bandit_test_id",
"scanner": { "name": "Bandit Test ID B303",
"id": "bandit", "value": "B303"
"name": "Bandit" }
}, ],
"location": { "priority": "Medium",
"file": "python/imports/imports-aliases.py", "file": "python/imports/imports-aliases.py",
"start_line": 14, "line": 14,
"end_line": 14 "tool": "bandit"
}, },
"identifiers": [ {
{ "category": "sast",
"type": "bandit_test_id", "message": "Pickle library appears to be in use, possible security issue.",
"name": "Bandit Test ID B303", "cve": "python/imports/imports-aliases.py:5f200d47291e7bbd8352db23019b85453ca048dd98ea0c291260fa7d009963a4:B301",
"value": "B303" "severity": "Medium",
} "confidence": "High",
], "scanner": {
"priority": "Medium", "id": "bandit",
"file": "python/imports/imports-aliases.py", "name": "Bandit"
"line": 14, },
"tool": "bandit" "location": {
}, "file": "python/imports/imports-aliases.py",
{ "start_line": 15,
"category": "sast", "end_line": 15
"message": "Pickle library appears to be in use, possible security issue.", },
"cve": "python/imports/imports-aliases.py:5f200d47291e7bbd8352db23019b85453ca048dd98ea0c291260fa7d009963a4:B301", "identifiers": [
"severity": "Medium", {
"confidence": "High", "type": "bandit_test_id",
"scanner": { "name": "Bandit Test ID B301",
"id": "bandit", "value": "B301"
"name": "Bandit" }
}, ],
"location": { "priority": "Medium",
"file": "python/imports/imports-aliases.py", "file": "python/imports/imports-aliases.py",
"start_line": 15, "line": 15,
"end_line": 15 "tool": "bandit"
}, },
"identifiers": [ {
{ "category": "sast",
"type": "bandit_test_id", "name": "ECB mode is insecure",
"name": "Bandit Test ID B301", "message": "ECB mode is insecure",
"value": "B301" "cve": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:29:ECB_MODE",
} "severity": "Medium",
], "confidence": "High",
"priority": "Medium", "scanner": {
"file": "python/imports/imports-aliases.py", "id": "find_sec_bugs",
"line": 15, "name": "Find Security Bugs"
"tool": "bandit" },
}, "location": {
{ "file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
"category": "sast", "start_line": 29,
"name": "ECB mode is insecure", "end_line": 29,
"message": "ECB mode is insecure", "class": "com.gitlab.security_products.tests.App",
"cve": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:29:ECB_MODE", "method": "insecureCypher"
"severity": "Medium", },
"confidence": "High", "identifiers": [
"scanner": { {
"id": "find_sec_bugs", "type": "find_sec_bugs_type",
"name": "Find Security Bugs" "name": "Find Security Bugs-ECB_MODE",
}, "value": "ECB_MODE",
"location": { "url": "https://find-sec-bugs.github.io/bugs.htm#ECB_MODE"
}
],
"priority": "Medium",
"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy", "file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
"start_line": 29, "line": 29,
"end_line": 29, "url": "https://find-sec-bugs.github.io/bugs.htm#ECB_MODE",
"class": "com.gitlab.security_products.tests.App", "tool": "find_sec_bugs"
"method": "insecureCypher" },
}, {
"identifiers": [ "category": "sast",
{ "name": "Cipher with no integrity",
"type": "find_sec_bugs_type", "message": "Cipher with no integrity",
"name": "Find Security Bugs-ECB_MODE", "cve": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:29:CIPHER_INTEGRITY",
"value": "ECB_MODE", "severity": "Medium",
"url": "https://find-sec-bugs.github.io/bugs.htm#ECB_MODE" "confidence": "High",
} "scanner": {
], "id": "find_sec_bugs",
"priority": "Medium", "name": "Find Security Bugs"
"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy", },
"line": 29, "location": {
"url": "https://find-sec-bugs.github.io/bugs.htm#ECB_MODE", "file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
"tool": "find_sec_bugs" "start_line": 29,
}, "end_line": 29,
{ "class": "com.gitlab.security_products.tests.App",
"category": "sast", "method": "insecureCypher"
"name": "Cipher with no integrity", },
"message": "Cipher with no integrity", "identifiers": [
"cve": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:29:CIPHER_INTEGRITY", {
"severity": "Medium", "type": "find_sec_bugs_type",
"confidence": "High", "name": "Find Security Bugs-CIPHER_INTEGRITY",
"scanner": { "value": "CIPHER_INTEGRITY",
"id": "find_sec_bugs", "url": "https://find-sec-bugs.github.io/bugs.htm#CIPHER_INTEGRITY"
"name": "Find Security Bugs" }
}, ],
"location": { "priority": "Medium",
"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy", "file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
"start_line": 29, "line": 29,
"end_line": 29, "url": "https://find-sec-bugs.github.io/bugs.htm#CIPHER_INTEGRITY",
"class": "com.gitlab.security_products.tests.App", "tool": "find_sec_bugs"
"method": "insecureCypher" },
}, {
"identifiers": [ "category": "sast",
{ "message": "Probable insecure usage of temp file/directory.",
"type": "find_sec_bugs_type", "cve": "python/hardcoded/hardcoded-tmp.py:63dd4d626855555b816985d82c4614a790462a0a3ada89dc58eb97f9c50f3077:B108",
"name": "Find Security Bugs-CIPHER_INTEGRITY", "severity": "Medium",
"value": "CIPHER_INTEGRITY", "confidence": "Medium",
"url": "https://find-sec-bugs.github.io/bugs.htm#CIPHER_INTEGRITY" "scanner": {
} "id": "bandit",
], "name": "Bandit"
"priority": "Medium", },
"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy", "location": {
"line": 29, "file": "python/hardcoded/hardcoded-tmp.py",
"url": "https://find-sec-bugs.github.io/bugs.htm#CIPHER_INTEGRITY", "start_line": 14,
"tool": "find_sec_bugs" "end_line": 14
}, },
{ "identifiers": [
"category": "sast", {
"message": "Probable insecure usage of temp file/directory.", "type": "bandit_test_id",
"cve": "python/hardcoded/hardcoded-tmp.py:63dd4d626855555b816985d82c4614a790462a0a3ada89dc58eb97f9c50f3077:B108", "name": "Bandit Test ID B108",
"severity": "Medium", "value": "B108",
"confidence": "Medium", "url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html"
"scanner": { }
"id": "bandit", ],
"name": "Bandit" "priority": "Medium",
},
"location": {
"file": "python/hardcoded/hardcoded-tmp.py", "file": "python/hardcoded/hardcoded-tmp.py",
"start_line": 14, "line": 14,
"end_line": 14 "url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html",
}, "tool": "bandit"
"identifiers": [ },
{ {
"type": "bandit_test_id", "category": "sast",
"name": "Bandit Test ID B108", "message": "Probable insecure usage of temp file/directory.",
"value": "B108", "cve": "python/hardcoded/hardcoded-tmp.py:4ad6d4c40a8c263fc265f3384724014e0a4f8dd6200af83e51ff120420038031:B108",
"url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html" "severity": "Medium",
} "confidence": "Medium",
], "scanner": {
"priority": "Medium", "id": "bandit",
"file": "python/hardcoded/hardcoded-tmp.py", "name": "Bandit"
"line": 14, },
"url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html", "location": {
"tool": "bandit" "file": "python/hardcoded/hardcoded-tmp.py",
}, "start_line": 10,
{ "end_line": 10
"category": "sast", },
"message": "Probable insecure usage of temp file/directory.", "identifiers": [
"cve": "python/hardcoded/hardcoded-tmp.py:4ad6d4c40a8c263fc265f3384724014e0a4f8dd6200af83e51ff120420038031:B108", {
"severity": "Medium", "type": "bandit_test_id",
"confidence": "Medium", "name": "Bandit Test ID B108",
"scanner": { "value": "B108",
"id": "bandit", "url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html"
"name": "Bandit" }
}, ],
"location": { "priority": "Medium",
"file": "python/hardcoded/hardcoded-tmp.py", "file": "python/hardcoded/hardcoded-tmp.py",
"start_line": 10, "line": 10,
"end_line": 10 "url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html",
}, "tool": "bandit"
"identifiers": [ },
{ {
"type": "bandit_test_id", "category": "sast",
"name": "Bandit Test ID B108", "message": "Consider possible security implications associated with Popen module.",
"value": "B108", "cve": "python/imports/imports-aliases.py:2c3e1fa1e54c3c6646e8bcfaee2518153c6799b77587ff8d9a7b0631f6d34785:B404",
"url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html" "severity": "Low",
} "confidence": "High",
], "scanner": {
"priority": "Medium", "id": "bandit",
"file": "python/hardcoded/hardcoded-tmp.py", "name": "Bandit"
"line": 10, },
"url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html", "location": {
"tool": "bandit" "file": "python/imports/imports-aliases.py",
}, "start_line": 1,
{ "end_line": 1
"category": "sast", },
"message": "Consider possible security implications associated with Popen module.", "identifiers": [
"cve": "python/imports/imports-aliases.py:2c3e1fa1e54c3c6646e8bcfaee2518153c6799b77587ff8d9a7b0631f6d34785:B404", {
"severity": "Low", "type": "bandit_test_id",
"confidence": "High", "name": "Bandit Test ID B404",
"scanner": { "value": "B404"
"id": "bandit", }
"name": "Bandit" ],
}, "priority": "Low",
"location": {
"file": "python/imports/imports-aliases.py", "file": "python/imports/imports-aliases.py",
"start_line": 1, "line": 1,
"end_line": 1 "tool": "bandit"
}, },
"identifiers": [ {
{ "category": "sast",
"type": "bandit_test_id", "message": "Consider possible security implications associated with pickle module.",
"name": "Bandit Test ID B404", "cve": "python/imports/imports.py:af58d07f6ad519ef5287fcae65bf1a6999448a1a3a8bc1ac2a11daa80d0b96bf:B403",
"value": "B404" "severity": "Low",
} "confidence": "High",
], "scanner": {
"priority": "Low", "id": "bandit",
"file": "python/imports/imports-aliases.py", "name": "Bandit"
"line": 1, },
"tool": "bandit" "location": {
}, "file": "python/imports/imports.py",
{ "start_line": 2,
"category": "sast", "end_line": 2
"message": "Consider possible security implications associated with pickle module.", },
"cve": "python/imports/imports.py:af58d07f6ad519ef5287fcae65bf1a6999448a1a3a8bc1ac2a11daa80d0b96bf:B403", "identifiers": [
"severity": "Low", {
"confidence": "High", "type": "bandit_test_id",
"scanner": { "name": "Bandit Test ID B403",
"id": "bandit", "value": "B403"
"name": "Bandit" }
}, ],
"location": { "priority": "Low",
"file": "python/imports/imports.py", "file": "python/imports/imports.py",
"start_line": 2, "line": 2,
"end_line": 2 "tool": "bandit"
}, },
"identifiers": [ {
{ "category": "sast",
"type": "bandit_test_id", "message": "Consider possible security implications associated with subprocess module.",
"name": "Bandit Test ID B403", "cve": "python/imports/imports.py:8de9bc98029d212db530785a5f6780cfa663548746ff228ab8fa96c5bb82f089:B404",
"value": "B403" "severity": "Low",
} "confidence": "High",
], "scanner": {
"priority": "Low", "id": "bandit",
"file": "python/imports/imports.py", "name": "Bandit"
"line": 2, },
"tool": "bandit" "location": {
}, "file": "python/imports/imports.py",
{ "start_line": 4,
"category": "sast", "end_line": 4
"message": "Consider possible security implications associated with subprocess module.", },
"cve": "python/imports/imports.py:8de9bc98029d212db530785a5f6780cfa663548746ff228ab8fa96c5bb82f089:B404", "identifiers": [
"severity": "Low", {
"confidence": "High", "type": "bandit_test_id",
"scanner": { "name": "Bandit Test ID B404",
"id": "bandit", "value": "B404"
"name": "Bandit" }
}, ],
"location": { "priority": "Low",
"file": "python/imports/imports.py", "file": "python/imports/imports.py",
"start_line": 4, "line": 4,
"end_line": 4 "tool": "bandit"
}, },
"identifiers": [ {
{ "category": "sast",
"type": "bandit_test_id", "message": "Possible hardcoded password: 'blerg'",
"name": "Bandit Test ID B404", "cve": "python/hardcoded/hardcoded-passwords.py:97c30f1d76d2a88913e3ce9ae74087874d740f87de8af697a9c455f01119f633:B106",
"value": "B404" "severity": "Low",
} "confidence": "Medium",
], "scanner": {
"priority": "Low", "id": "bandit",
"file": "python/imports/imports.py", "name": "Bandit"
"line": 4, },
"tool": "bandit" "location": {
}, "file": "python/hardcoded/hardcoded-passwords.py",
{ "start_line": 22,
"category": "sast", "end_line": 22
"message": "Possible hardcoded password: 'blerg'", },
"cve": "python/hardcoded/hardcoded-passwords.py:97c30f1d76d2a88913e3ce9ae74087874d740f87de8af697a9c455f01119f633:B106", "identifiers": [
"severity": "Low", {
"confidence": "Medium", "type": "bandit_test_id",
"scanner": { "name": "Bandit Test ID B106",
"id": "bandit", "value": "B106",
"name": "Bandit" "url": "https://docs.openstack.org/bandit/latest/plugins/b106_hardcoded_password_funcarg.html"
}, }
"location": { ],
"priority": "Low",
"file": "python/hardcoded/hardcoded-passwords.py", "file": "python/hardcoded/hardcoded-passwords.py",
"start_line": 22, "line": 22,
"end_line": 22 "url": "https://docs.openstack.org/bandit/latest/plugins/b106_hardcoded_password_funcarg.html",
}, "tool": "bandit"
"identifiers": [ },
{ {
"type": "bandit_test_id", "category": "sast",
"name": "Bandit Test ID B106", "message": "Possible hardcoded password: 'root'",
"value": "B106", "cve": "python/hardcoded/hardcoded-passwords.py:7431c73a0bc16d94ece2a2e75ef38f302574d42c37ac0c3c38ad0b3bf8a59f10:B105",
"url": "https://docs.openstack.org/bandit/latest/plugins/b106_hardcoded_password_funcarg.html" "severity": "Low",
} "confidence": "Medium",
], "scanner": {
"priority": "Low", "id": "bandit",
"file": "python/hardcoded/hardcoded-passwords.py", "name": "Bandit"
"line": 22, },
"url": "https://docs.openstack.org/bandit/latest/plugins/b106_hardcoded_password_funcarg.html", "location": {
"tool": "bandit" "file": "python/hardcoded/hardcoded-passwords.py",
}, "start_line": 5,
{ "end_line": 5
"category": "sast", },
"message": "Possible hardcoded password: 'root'", "identifiers": [
"cve": "python/hardcoded/hardcoded-passwords.py:7431c73a0bc16d94ece2a2e75ef38f302574d42c37ac0c3c38ad0b3bf8a59f10:B105", {
"severity": "Low", "type": "bandit_test_id",
"confidence": "Medium", "name": "Bandit Test ID B105",
"scanner": { "value": "B105",
"id": "bandit", "url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
"name": "Bandit" }
}, ],
"location": { "priority": "Low",
"file": "python/hardcoded/hardcoded-passwords.py", "file": "python/hardcoded/hardcoded-passwords.py",
"start_line": 5, "line": 5,
"end_line": 5 "url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html",
}, "tool": "bandit"
"identifiers": [ },
{ {
"type": "bandit_test_id", "category": "sast",
"name": "Bandit Test ID B105", "message": "Possible hardcoded password: ''",
"value": "B105", "cve": "python/hardcoded/hardcoded-passwords.py:d2d1857c27caedd49c57bfbcdc23afcc92bd66a22701fcdc632869aab4ca73ee:B105",
"url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html" "severity": "Low",
} "confidence": "Medium",
], "scanner": {
"priority": "Low", "id": "bandit",
"file": "python/hardcoded/hardcoded-passwords.py", "name": "Bandit"
"line": 5, },
"url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html", "location": {
"tool": "bandit" "file": "python/hardcoded/hardcoded-passwords.py",
}, "start_line": 9,
{ "end_line": 9
"category": "sast", },
"message": "Possible hardcoded password: ''", "identifiers": [
"cve": "python/hardcoded/hardcoded-passwords.py:d2d1857c27caedd49c57bfbcdc23afcc92bd66a22701fcdc632869aab4ca73ee:B105", {
"severity": "Low", "type": "bandit_test_id",
"confidence": "Medium", "name": "Bandit Test ID B105",
"scanner": { "value": "B105",
"id": "bandit", "url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
"name": "Bandit" }
}, ],
"location": { "priority": "Low",
"file": "python/hardcoded/hardcoded-passwords.py", "file": "python/hardcoded/hardcoded-passwords.py",
"start_line": 9, "line": 9,
"end_line": 9 "url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html",
}, "tool": "bandit"
"identifiers": [ },
{ {
"type": "bandit_test_id", "category": "sast",
"name": "Bandit Test ID B105", "message": "Possible hardcoded password: 'ajklawejrkl42348swfgkg'",
"value": "B105", "cve": "python/hardcoded/hardcoded-passwords.py:fb3866215a61393a5c9c32a3b60e2058171a23219c353f722cbd3567acab21d2:B105",
"url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html" "severity": "Low",
} "confidence": "Medium",
], "scanner": {
"priority": "Low", "id": "bandit",
"file": "python/hardcoded/hardcoded-passwords.py", "name": "Bandit"
"line": 9, },
"url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html", "location": {
"tool": "bandit" "file": "python/hardcoded/hardcoded-passwords.py",
}, "start_line": 13,
{ "end_line": 13
"category": "sast", },
"message": "Possible hardcoded password: 'ajklawejrkl42348swfgkg'", "identifiers": [
"cve": "python/hardcoded/hardcoded-passwords.py:fb3866215a61393a5c9c32a3b60e2058171a23219c353f722cbd3567acab21d2:B105", {
"severity": "Low", "type": "bandit_test_id",
"confidence": "Medium", "name": "Bandit Test ID B105",
"scanner": { "value": "B105",
"id": "bandit", "url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
"name": "Bandit" }
}, ],
"location": { "priority": "Low",
"file": "python/hardcoded/hardcoded-passwords.py", "file": "python/hardcoded/hardcoded-passwords.py",
"start_line": 13, "line": 13,
"end_line": 13 "url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html",
}, "tool": "bandit"
"identifiers": [ },
{ {
"type": "bandit_test_id", "category": "sast",
"name": "Bandit Test ID B105", "message": "Possible hardcoded password: 'blerg'",
"value": "B105", "cve": "python/hardcoded/hardcoded-passwords.py:63c62a8b7e1e5224439bd26b28030585ac48741e28ca64561a6071080c560a5f:B105",
"url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html" "severity": "Low",
} "confidence": "Medium",
], "scanner": {
"priority": "Low", "id": "bandit",
"file": "python/hardcoded/hardcoded-passwords.py", "name": "Bandit"
"line": 13, },
"url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html", "location": {
"tool": "bandit" "file": "python/hardcoded/hardcoded-passwords.py",
}, "start_line": 23,
{ "end_line": 23
"category": "sast", },
"message": "Possible hardcoded password: 'blerg'", "identifiers": [
"cve": "python/hardcoded/hardcoded-passwords.py:63c62a8b7e1e5224439bd26b28030585ac48741e28ca64561a6071080c560a5f:B105", {
"severity": "Low", "type": "bandit_test_id",
"confidence": "Medium", "name": "Bandit Test ID B105",
"scanner": { "value": "B105",
"id": "bandit", "url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
"name": "Bandit" }
}, ],
"location": { "priority": "Low",
"file": "python/hardcoded/hardcoded-passwords.py", "file": "python/hardcoded/hardcoded-passwords.py",
"start_line": 23, "line": 23,
"end_line": 23 "url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html",
}, "tool": "bandit"
"identifiers": [ },
{ {
"type": "bandit_test_id", "category": "sast",
"name": "Bandit Test ID B105", "message": "Possible hardcoded password: 'blerg'",
"value": "B105", "cve": "python/hardcoded/hardcoded-passwords.py:4311b06d08df8fa58229b341c531da8e1a31ec4520597bdff920cd5c098d86f9:B105",
"url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html" "severity": "Low",
} "confidence": "Medium",
], "scanner": {
"priority": "Low", "id": "bandit",
"file": "python/hardcoded/hardcoded-passwords.py", "name": "Bandit"
"line": 23, },
"url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html", "location": {
"tool": "bandit" "file": "python/hardcoded/hardcoded-passwords.py",
}, "start_line": 24,
{ "end_line": 24
"category": "sast", },
"message": "Possible hardcoded password: 'blerg'", "identifiers": [
"cve": "python/hardcoded/hardcoded-passwords.py:4311b06d08df8fa58229b341c531da8e1a31ec4520597bdff920cd5c098d86f9:B105", {
"severity": "Low", "type": "bandit_test_id",
"confidence": "Medium", "name": "Bandit Test ID B105",
"scanner": { "value": "B105",
"id": "bandit", "url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
"name": "Bandit" }
}, ],
"location": { "priority": "Low",
"file": "python/hardcoded/hardcoded-passwords.py", "file": "python/hardcoded/hardcoded-passwords.py",
"start_line": 24, "line": 24,
"end_line": 24 "url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html",
}, "tool": "bandit"
"identifiers": [ },
{ {
"type": "bandit_test_id", "category": "sast",
"name": "Bandit Test ID B105", "message": "Consider possible security implications associated with subprocess module.",
"value": "B105", "cve": "python/imports/imports-function.py:5858400c2f39047787702de44d03361ef8d954c9d14bd54ee1c2bef9e6a7df93:B404",
"url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html" "severity": "Low",
} "confidence": "High",
], "scanner": {
"priority": "Low", "id": "bandit",
"file": "python/hardcoded/hardcoded-passwords.py", "name": "Bandit"
"line": 24, },
"url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html", "location": {
"tool": "bandit" "file": "python/imports/imports-function.py",
}, "start_line": 4,
{ "end_line": 4
"category": "sast", },
"message": "Consider possible security implications associated with subprocess module.", "identifiers": [
"cve": "python/imports/imports-function.py:5858400c2f39047787702de44d03361ef8d954c9d14bd54ee1c2bef9e6a7df93:B404", {
"severity": "Low", "type": "bandit_test_id",
"confidence": "High", "name": "Bandit Test ID B404",
"scanner": { "value": "B404"
"id": "bandit", }
"name": "Bandit" ],
}, "priority": "Low",
"location": {
"file": "python/imports/imports-function.py", "file": "python/imports/imports-function.py",
"start_line": 4, "line": 4,
"end_line": 4 "tool": "bandit"
}, },
"identifiers": [ {
{ "category": "sast",
"type": "bandit_test_id", "message": "Consider possible security implications associated with pickle module.",
"name": "Bandit Test ID B404", "cve": "python/imports/imports-function.py:dbda3cf4190279d30e0aad7dd137eca11272b0b225e8af4e8bf39682da67d956:B403",
"value": "B404" "severity": "Low",
} "confidence": "High",
], "scanner": {
"priority": "Low", "id": "bandit",
"file": "python/imports/imports-function.py", "name": "Bandit"
"line": 4, },
"tool": "bandit" "location": {
}, "file": "python/imports/imports-function.py",
{ "start_line": 2,
"category": "sast", "end_line": 2
"message": "Consider possible security implications associated with pickle module.", },
"cve": "python/imports/imports-function.py:dbda3cf4190279d30e0aad7dd137eca11272b0b225e8af4e8bf39682da67d956:B403", "identifiers": [
"severity": "Low", {
"confidence": "High", "type": "bandit_test_id",
"scanner": { "name": "Bandit Test ID B403",
"id": "bandit", "value": "B403"
"name": "Bandit" }
}, ],
"location": { "priority": "Low",
"file": "python/imports/imports-function.py", "file": "python/imports/imports-function.py",
"start_line": 2, "line": 2,
"end_line": 2 "tool": "bandit"
}, },
"identifiers": [ {
{ "category": "sast",
"type": "bandit_test_id", "message": "Consider possible security implications associated with Popen module.",
"name": "Bandit Test ID B403", "cve": "python/imports/imports-from.py:eb8a0db9cd1a8c1ab39a77e6025021b1261cc2a0b026b2f4a11fca4e0636d8dd:B404",
"value": "B403" "severity": "Low",
} "confidence": "High",
], "scanner": {
"priority": "Low", "id": "bandit",
"file": "python/imports/imports-function.py", "name": "Bandit"
"line": 2, },
"tool": "bandit" "location": {
}, "file": "python/imports/imports-from.py",
{ "start_line": 7,
"category": "sast", "end_line": 7
"message": "Consider possible security implications associated with Popen module.", },
"cve": "python/imports/imports-from.py:eb8a0db9cd1a8c1ab39a77e6025021b1261cc2a0b026b2f4a11fca4e0636d8dd:B404", "identifiers": [
"severity": "Low", {
"confidence": "High", "type": "bandit_test_id",
"scanner": { "name": "Bandit Test ID B404",
"id": "bandit", "value": "B404"
"name": "Bandit" }
}, ],
"location": { "priority": "Low",
"file": "python/imports/imports-from.py", "file": "python/imports/imports-from.py",
"start_line": 7, "line": 7,
"end_line": 7 "tool": "bandit"
}, },
"identifiers": [ {
{ "category": "sast",
"type": "bandit_test_id", "message": "subprocess call with shell=True seems safe, but may be changed in the future, consider rewriting without shell",
"name": "Bandit Test ID B404", "cve": "python/imports/imports-aliases.py:f99f9721e27537fbcb6699a4cf39c6740d6234d2c6f06cfc2d9ea977313c483d:B602",
"value": "B404" "severity": "Low",
} "confidence": "High",
], "scanner": {
"priority": "Low", "id": "bandit",
"file": "python/imports/imports-from.py", "name": "Bandit"
"line": 7, },
"tool": "bandit" "location": {
}, "file": "python/imports/imports-aliases.py",
{ "start_line": 9,
"category": "sast", "end_line": 9
"message": "subprocess call with shell=True seems safe, but may be changed in the future, consider rewriting without shell", },
"cve": "python/imports/imports-aliases.py:f99f9721e27537fbcb6699a4cf39c6740d6234d2c6f06cfc2d9ea977313c483d:B602", "identifiers": [
"severity": "Low", {
"confidence": "High", "type": "bandit_test_id",
"scanner": { "name": "Bandit Test ID B602",
"id": "bandit", "value": "B602",
"name": "Bandit" "url": "https://docs.openstack.org/bandit/latest/plugins/b602_subprocess_popen_with_shell_equals_true.html"
}, }
"location": { ],
"priority": "Low",
"file": "python/imports/imports-aliases.py", "file": "python/imports/imports-aliases.py",
"start_line": 9, "line": 9,
"end_line": 9 "url": "https://docs.openstack.org/bandit/latest/plugins/b602_subprocess_popen_with_shell_equals_true.html",
}, "tool": "bandit"
"identifiers": [ },
{ {
"type": "bandit_test_id", "category": "sast",
"name": "Bandit Test ID B602", "message": "Consider possible security implications associated with subprocess module.",
"value": "B602", "cve": "python/imports/imports-from.py:332a12ab1146698f614a905ce6a6a5401497a12281aef200e80522711c69dcf4:B404",
"url": "https://docs.openstack.org/bandit/latest/plugins/b602_subprocess_popen_with_shell_equals_true.html" "severity": "Low",
} "confidence": "High",
], "scanner": {
"priority": "Low", "id": "bandit",
"file": "python/imports/imports-aliases.py", "name": "Bandit"
"line": 9, },
"url": "https://docs.openstack.org/bandit/latest/plugins/b602_subprocess_popen_with_shell_equals_true.html", "location": {
"tool": "bandit" "file": "python/imports/imports-from.py",
}, "start_line": 6,
{ "end_line": 6
"category": "sast", },
"message": "Consider possible security implications associated with subprocess module.", "identifiers": [
"cve": "python/imports/imports-from.py:332a12ab1146698f614a905ce6a6a5401497a12281aef200e80522711c69dcf4:B404", {
"severity": "Low", "type": "bandit_test_id",
"confidence": "High", "name": "Bandit Test ID B404",
"scanner": { "value": "B404"
"id": "bandit", }
"name": "Bandit" ],
}, "priority": "Low",
"location": {
"file": "python/imports/imports-from.py", "file": "python/imports/imports-from.py",
"start_line": 6, "line": 6,
"end_line": 6 "tool": "bandit"
}, },
"identifiers": [ {
{ "category": "sast",
"type": "bandit_test_id", "message": "Consider possible security implications associated with Popen module.",
"name": "Bandit Test ID B404", "cve": "python/imports/imports-from.py:0a48de4a3d5348853a03666cb574697e3982998355e7a095a798bd02a5947276:B404",
"value": "B404" "severity": "Low",
} "confidence": "High",
], "scanner": {
"priority": "Low", "id": "bandit",
"file": "python/imports/imports-from.py", "name": "Bandit"
"line": 6, },
"tool": "bandit" "location": {
}, "file": "python/imports/imports-from.py",
{ "start_line": 1,
"category": "sast", "end_line": 2
"message": "Consider possible security implications associated with Popen module.", },
"cve": "python/imports/imports-from.py:0a48de4a3d5348853a03666cb574697e3982998355e7a095a798bd02a5947276:B404", "identifiers": [
"severity": "Low", {
"confidence": "High", "type": "bandit_test_id",
"scanner": { "name": "Bandit Test ID B404",
"id": "bandit", "value": "B404"
"name": "Bandit" }
}, ],
"location": { "priority": "Low",
"file": "python/imports/imports-from.py", "file": "python/imports/imports-from.py",
"start_line": 1, "line": 1,
"end_line": 2 "tool": "bandit"
}, },
"identifiers": [ {
{ "category": "sast",
"type": "bandit_test_id", "message": "Consider possible security implications associated with pickle module.",
"name": "Bandit Test ID B404", "cve": "python/imports/imports-aliases.py:51b71661dff994bde3529639a727a678c8f5c4c96f00d300913f6d5be1bbdf26:B403",
"value": "B404" "severity": "Low",
} "confidence": "High",
], "scanner": {
"priority": "Low", "id": "bandit",
"file": "python/imports/imports-from.py", "name": "Bandit"
"line": 1, },
"tool": "bandit" "location": {
}, "file": "python/imports/imports-aliases.py",
{ "start_line": 7,
"category": "sast", "end_line": 8
"message": "Consider possible security implications associated with pickle module.", },
"cve": "python/imports/imports-aliases.py:51b71661dff994bde3529639a727a678c8f5c4c96f00d300913f6d5be1bbdf26:B403", "identifiers": [
"severity": "Low", {
"confidence": "High", "type": "bandit_test_id",
"scanner": { "name": "Bandit Test ID B403",
"id": "bandit", "value": "B403"
"name": "Bandit" }
}, ],
"location": { "priority": "Low",
"file": "python/imports/imports-aliases.py", "file": "python/imports/imports-aliases.py",
"start_line": 7, "line": 7,
"end_line": 8 "tool": "bandit"
}, },
"identifiers": [ {
{ "category": "sast",
"type": "bandit_test_id", "message": "Consider possible security implications associated with loads module.",
"name": "Bandit Test ID B403", "cve": "python/imports/imports-aliases.py:6ff02aeb3149c01ab68484d794a94f58d5d3e3bb0d58557ef4153644ea68ea54:B403",
"value": "B403" "severity": "Low",
} "confidence": "High",
], "scanner": {
"priority": "Low", "id": "bandit",
"file": "python/imports/imports-aliases.py", "name": "Bandit"
"line": 7, },
"tool": "bandit" "location": {
}, "file": "python/imports/imports-aliases.py",
{ "start_line": 6,
"category": "sast", "end_line": 6
"message": "Consider possible security implications associated with loads module.", },
"cve": "python/imports/imports-aliases.py:6ff02aeb3149c01ab68484d794a94f58d5d3e3bb0d58557ef4153644ea68ea54:B403", "identifiers": [
"severity": "Low", {
"confidence": "High", "type": "bandit_test_id",
"scanner": { "name": "Bandit Test ID B403",
"id": "bandit", "value": "B403"
"name": "Bandit" }
}, ],
"location": { "priority": "Low",
"file": "python/imports/imports-aliases.py", "file": "python/imports/imports-aliases.py",
"start_line": 6, "line": 6,
"end_line": 6 "tool": "bandit"
}, },
"identifiers": [ {
{ "category": "sast",
"type": "bandit_test_id", "message": "Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120)",
"name": "Bandit Test ID B403", "cve": "c/subdir/utils.c:b466873101951fe96e1332f6728eb7010acbbd5dfc3b65d7d53571d091a06d9e:CWE-119!/CWE-120",
"value": "B403" "confidence": "Low",
} "solution": "Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length",
], "scanner": {
"priority": "Low", "id": "flawfinder",
"file": "python/imports/imports-aliases.py", "name": "Flawfinder"
"line": 6, },
"tool": "bandit" "location": {
}, "file": "c/subdir/utils.c",
{ "start_line": 4
"category": "sast", },
"message": "Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120)", "identifiers": [
"cve": "c/subdir/utils.c:b466873101951fe96e1332f6728eb7010acbbd5dfc3b65d7d53571d091a06d9e:CWE-119!/CWE-120", {
"confidence": "Low", "type": "cwe",
"solution": "Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length", "name": "CWE-119",
"scanner": { "value": "119",
"id": "flawfinder", "url": "https://cwe.mitre.org/data/definitions/119.html"
"name": "Flawfinder" },
}, {
"location": { "type": "cwe",
"name": "CWE-120",
"value": "120",
"url": "https://cwe.mitre.org/data/definitions/120.html"
}
],
"file": "c/subdir/utils.c", "file": "c/subdir/utils.c",
"start_line": 4 "line": 4,
}, "url": "https://cwe.mitre.org/data/definitions/119.html",
"identifiers": [ "tool": "flawfinder"
{ },
"type": "cwe", {
"name": "CWE-119", "category": "sast",
"value": "119", "message": "Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362)",
"url": "https://cwe.mitre.org/data/definitions/119.html" "cve": "c/subdir/utils.c:bab681140fcc8fc3085b6bba74081b44ea145c1c98b5e70cf19ace2417d30770:CWE-362",
}, "confidence": "Low",
{ "scanner": {
"type": "cwe", "id": "flawfinder",
"name": "CWE-120", "name": "Flawfinder"
"value": "120", },
"url": "https://cwe.mitre.org/data/definitions/120.html" "location": {
} "file": "c/subdir/utils.c",
], "start_line": 8
"file": "c/subdir/utils.c", },
"line": 4, "identifiers": [
"url": "https://cwe.mitre.org/data/definitions/119.html", {
"tool": "flawfinder" "type": "cwe",
}, "name": "CWE-362",
{ "value": "362",
"category": "sast", "url": "https://cwe.mitre.org/data/definitions/362.html"
"message": "Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362)", }
"cve": "c/subdir/utils.c:bab681140fcc8fc3085b6bba74081b44ea145c1c98b5e70cf19ace2417d30770:CWE-362", ],
"confidence": "Low",
"scanner": {
"id": "flawfinder",
"name": "Flawfinder"
},
"location": {
"file": "c/subdir/utils.c", "file": "c/subdir/utils.c",
"start_line": 8 "line": 8,
}, "url": "https://cwe.mitre.org/data/definitions/362.html",
"identifiers": [ "tool": "flawfinder"
{ },
"type": "cwe", {
"name": "CWE-362", "category": "sast",
"value": "362", "message": "Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120)",
"url": "https://cwe.mitre.org/data/definitions/362.html" "cve": "cplusplus/src/hello.cpp:c8c6dd0afdae6814194cf0930b719f757ab7b379cf8f261e7f4f9f2f323a818a:CWE-119!/CWE-120",
} "confidence": "Low",
], "solution": "Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length",
"file": "c/subdir/utils.c", "scanner": {
"line": 8, "id": "flawfinder",
"url": "https://cwe.mitre.org/data/definitions/362.html", "name": "Flawfinder"
"tool": "flawfinder" },
}, "location": {
{ "file": "cplusplus/src/hello.cpp",
"category": "sast", "start_line": 6
"message": "Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120)", },
"cve": "cplusplus/src/hello.cpp:c8c6dd0afdae6814194cf0930b719f757ab7b379cf8f261e7f4f9f2f323a818a:CWE-119!/CWE-120", "identifiers": [
"confidence": "Low", {
"solution": "Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length", "type": "cwe",
"scanner": { "name": "CWE-119",
"id": "flawfinder", "value": "119",
"name": "Flawfinder" "url": "https://cwe.mitre.org/data/definitions/119.html"
}, },
"location": { {
"type": "cwe",
"name": "CWE-120",
"value": "120",
"url": "https://cwe.mitre.org/data/definitions/120.html"
}
],
"file": "cplusplus/src/hello.cpp", "file": "cplusplus/src/hello.cpp",
"start_line": 6 "line": 6,
}, "url": "https://cwe.mitre.org/data/definitions/119.html",
"identifiers": [ "tool": "flawfinder"
{ },
"type": "cwe", {
"name": "CWE-119", "category": "sast",
"value": "119", "message": "Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120)",
"url": "https://cwe.mitre.org/data/definitions/119.html" "cve": "cplusplus/src/hello.cpp:331c04062c4fe0c7c486f66f59e82ad146ab33cdd76ae757ca41f392d568cbd0:CWE-120",
}, "confidence": "Low",
{ "solution": "Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)",
"type": "cwe", "scanner": {
"name": "CWE-120", "id": "flawfinder",
"value": "120", "name": "Flawfinder"
"url": "https://cwe.mitre.org/data/definitions/120.html" },
} "location": {
], "file": "cplusplus/src/hello.cpp",
"file": "cplusplus/src/hello.cpp", "start_line": 7
"line": 6, },
"url": "https://cwe.mitre.org/data/definitions/119.html", "identifiers": [
"tool": "flawfinder" {
}, "type": "cwe",
{ "name": "CWE-120",
"category": "sast", "value": "120",
"message": "Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120)", "url": "https://cwe.mitre.org/data/definitions/120.html"
"cve": "cplusplus/src/hello.cpp:331c04062c4fe0c7c486f66f59e82ad146ab33cdd76ae757ca41f392d568cbd0:CWE-120", }
"confidence": "Low", ],
"solution": "Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)",
"scanner": {
"id": "flawfinder",
"name": "Flawfinder"
},
"location": {
"file": "cplusplus/src/hello.cpp", "file": "cplusplus/src/hello.cpp",
"start_line": 7 "line": 7,
}, "url": "https://cwe.mitre.org/data/definitions/120.html",
"identifiers": [ "tool": "flawfinder"
{ }
"type": "cwe", ]
"name": "CWE-120", }
"value": "120",
"url": "https://cwe.mitre.org/data/definitions/120.html"
}
],
"file": "cplusplus/src/hello.cpp",
"line": 7,
"url": "https://cwe.mitre.org/data/definitions/120.html",
"tool": "flawfinder"
}
]
[ {
{ "version": "1.3",
"category": "dependency_scanning", "vulnerabilities": [
"name": "io.netty/netty - CVE-2014-3488", {
"message": "DoS by CPU exhaustion when using malicious SSL packets", "category": "dependency_scanning",
"cve": "app/pom.xml:io.netty/netty@3.9.1.Final:CVE-2014-3488", "name": "io.netty/netty - CVE-2014-3488",
"severity": "Unknown", "message": "DoS by CPU exhaustion when using malicious SSL packets",
"solution": "Upgrade to the latest version", "cve": "app/pom.xml:io.netty/netty@3.9.1.Final:CVE-2014-3488",
"scanner": { "severity": "Unknown",
"id": "gemnasium", "solution": "Upgrade to the latest version",
"name": "Gemnasium" "scanner": {
}, "id": "gemnasium",
"location": { "name": "Gemnasium"
"file": "app/pom.xml", },
"dependency": { "location": {
"package": { "file": "app/pom.xml",
"name": "io.netty/netty" "dependency": {
"package": {
"name": "io.netty/netty"
},
"version": "3.9.1.Final"
}
},
"identifiers": [
{
"type": "gemnasium",
"name": "Gemnasium-d1bf36d9-9f07-46cd-9cfc-8675338ada8f",
"value": "d1bf36d9-9f07-46cd-9cfc-8675338ada8f",
"url": "https://deps.sec.gitlab.com/packages/maven/io.netty/netty/versions/3.9.1.Final/advisories"
},
{
"type": "cve",
"name": "CVE-2014-3488",
"value": "CVE-2014-3488",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3488"
}
],
"links": [
{
"url": "https://bugzilla.redhat.com/CVE-2014-3488"
}, },
"version": "3.9.1.Final" {
} "url": "http://netty.io/news/2014/06/11/3.html"
},
{
"url": "https://github.com/netty/netty/issues/2562"
}
],
"priority": "Unknown",
"file": "app/pom.xml",
"url": "https://bugzilla.redhat.com/CVE-2014-3488",
"tool": "gemnasium"
}, },
"identifiers": [ {
{ "category": "dependency_scanning",
"type": "gemnasium", "name": "Django - CVE-2017-12794",
"name": "Gemnasium-d1bf36d9-9f07-46cd-9cfc-8675338ada8f", "message": "Possible XSS in traceback section of technical 500 debug page",
"value": "d1bf36d9-9f07-46cd-9cfc-8675338ada8f", "cve": "app/requirements.txt:Django@1.11.3:CVE-2017-12794",
"url": "https://deps.sec.gitlab.com/packages/maven/io.netty/netty/versions/3.9.1.Final/advisories" "severity": "Unknown",
}, "solution": "Upgrade to latest version or apply patch.",
{ "scanner": {
"type": "cve", "id": "gemnasium",
"name": "CVE-2014-3488", "name": "Gemnasium"
"value": "CVE-2014-3488",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3488"
}
],
"links": [
{
"url": "https://bugzilla.redhat.com/CVE-2014-3488"
}, },
{ "location": {
"url": "http://netty.io/news/2014/06/11/3.html" "file": "app/requirements.txt",
"dependency": {
"package": {
"name": "Django"
},
"version": "1.11.3"
}
}, },
{ "identifiers": [
"url": "https://github.com/netty/netty/issues/2562" {
} "type": "gemnasium",
], "name": "Gemnasium-6162a015-8635-4a15-8d7c-dc9321db366f",
"priority": "Unknown", "value": "6162a015-8635-4a15-8d7c-dc9321db366f",
"file": "app/pom.xml", "url": "https://deps.sec.gitlab.com/packages/pypi/Django/versions/1.11.3/advisories"
"url": "https://bugzilla.redhat.com/CVE-2014-3488",
"tool": "gemnasium"
},
{
"category": "dependency_scanning",
"name": "Django - CVE-2017-12794",
"message": "Possible XSS in traceback section of technical 500 debug page",
"cve": "app/requirements.txt:Django@1.11.3:CVE-2017-12794",
"severity": "Unknown",
"solution": "Upgrade to latest version or apply patch.",
"scanner": {
"id": "gemnasium",
"name": "Gemnasium"
},
"location": {
"file": "app/requirements.txt",
"dependency": {
"package": {
"name": "Django"
}, },
"version": "1.11.3" {
} "type": "cve",
"name": "CVE-2017-12794",
"value": "CVE-2017-12794",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12794"
}
],
"links": [
{
"url": "https://www.djangoproject.com/weblog/2017/sep/05/security-releases/"
}
],
"priority": "Unknown",
"file": "app/requirements.txt",
"url": "https://www.djangoproject.com/weblog/2017/sep/05/security-releases/",
"tool": "gemnasium"
}, },
"identifiers": [ {
{ "category": "dependency_scanning",
"type": "gemnasium", "name": "nokogiri - USN-3424-1",
"name": "Gemnasium-6162a015-8635-4a15-8d7c-dc9321db366f", "message": "Vulnerabilities in libxml2",
"value": "6162a015-8635-4a15-8d7c-dc9321db366f", "cve": "rails/Gemfile.lock:nokogiri@1.8.0:USN-3424-1",
"url": "https://deps.sec.gitlab.com/packages/pypi/Django/versions/1.11.3/advisories" "severity": "Unknown",
"solution": "Upgrade to latest version.",
"scanner": {
"id": "gemnasium",
"name": "Gemnasium"
}, },
{ "location": {
"type": "cve", "file": "rails/Gemfile.lock",
"name": "CVE-2017-12794", "dependency": {
"value": "CVE-2017-12794", "package": {
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12794" "name": "nokogiri"
} },
], "version": "1.8.0"
"links": [ }
{ },
"url": "https://www.djangoproject.com/weblog/2017/sep/05/security-releases/" "identifiers": [
} {
], "type": "gemnasium",
"priority": "Unknown", "name": "Gemnasium-06565b64-486d-4326-b906-890d9915804d",
"file": "app/requirements.txt", "value": "06565b64-486d-4326-b906-890d9915804d",
"url": "https://www.djangoproject.com/weblog/2017/sep/05/security-releases/", "url": "https://deps.sec.gitlab.com/packages/gem/nokogiri/versions/1.8.0/advisories"
"tool": "gemnasium"
},
{
"category": "dependency_scanning",
"name": "nokogiri - USN-3424-1",
"message": "Vulnerabilities in libxml2",
"cve": "rails/Gemfile.lock:nokogiri@1.8.0:USN-3424-1",
"severity": "Unknown",
"solution": "Upgrade to latest version.",
"scanner": {
"id": "gemnasium",
"name": "Gemnasium"
},
"location": {
"file": "rails/Gemfile.lock",
"dependency": {
"package": {
"name": "nokogiri"
}, },
"version": "1.8.0" {
} "type": "usn",
"name": "USN-3424-1",
"value": "USN-3424-1",
"url": "https://usn.ubuntu.com/3424-1/"
}
],
"links": [
{
"url": "https://github.com/sparklemotion/nokogiri/issues/1673"
}
],
"priority": "Unknown",
"file": "rails/Gemfile.lock",
"url": "https://github.com/sparklemotion/nokogiri/issues/1673",
"tool": "gemnasium"
}, },
"identifiers": [ {
{ "category": "dependency_scanning",
"type": "gemnasium", "name": "ffi - CVE-2018-1000201",
"name": "Gemnasium-06565b64-486d-4326-b906-890d9915804d", "message": "ruby-ffi DDL loading issue on Windows OS",
"value": "06565b64-486d-4326-b906-890d9915804d", "cve": "ffi:1.9.18:CVE-2018-1000201",
"url": "https://deps.sec.gitlab.com/packages/gem/nokogiri/versions/1.8.0/advisories" "severity": "High",
"solution": "upgrade to \u003e= 1.9.24",
"scanner": {
"id": "bundler_audit",
"name": "bundler-audit"
}, },
{ "location": {
"type": "usn", "file": "sast-sample-rails/Gemfile.lock",
"name": "USN-3424-1", "dependency": {
"value": "USN-3424-1", "package": {
"url": "https://usn.ubuntu.com/3424-1/" "name": "ffi"
} },
], "version": "1.9.18"
"links": [ }
{ },
"url": "https://github.com/sparklemotion/nokogiri/issues/1673" "identifiers": [
} {
], "type": "cve",
"priority": "Unknown", "name": "CVE-2018-1000201",
"file": "rails/Gemfile.lock", "value": "CVE-2018-1000201",
"url": "https://github.com/sparklemotion/nokogiri/issues/1673", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000201"
"tool": "gemnasium" }
}, ],
{ "links": [
"category": "dependency_scanning", {
"name": "ffi - CVE-2018-1000201", "url": "https://github.com/ffi/ffi/releases/tag/1.9.24"
"message": "ruby-ffi DDL loading issue on Windows OS", }
"cve": "ffi:1.9.18:CVE-2018-1000201", ],
"severity": "High", "priority": "High",
"solution": "upgrade to \u003e= 1.9.24",
"scanner": {
"id": "bundler_audit",
"name": "bundler-audit"
},
"location": {
"file": "sast-sample-rails/Gemfile.lock", "file": "sast-sample-rails/Gemfile.lock",
"dependency": { "url": "https://github.com/ffi/ffi/releases/tag/1.9.24",
"package": { "tool": "bundler_audit"
"name": "ffi" }
}, ]
"version": "1.9.18" }
}
},
"identifiers": [
{
"type": "cve",
"name": "CVE-2018-1000201",
"value": "CVE-2018-1000201",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000201"
}
],
"links": [
{
"url": "https://github.com/ffi/ffi/releases/tag/1.9.24"
}
],
"priority": "High",
"file": "sast-sample-rails/Gemfile.lock",
"url": "https://github.com/ffi/ffi/releases/tag/1.9.24",
"tool": "bundler_audit"
}
]
{ {
"licenses": [ "licenses": [
{ {
"count": 10, "count": 52,
"name": "MIT" "name": "MIT"
},
{
"count": 3,
"name": "New BSD"
},
{
"count": 1,
"name": "Apache 2.0"
},
{
"count": 1,
"name": "unknown"
} }
], ],
"dependencies": [ "dependencies": [
{
"license": {
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "actioncable",
"url": "http://rubyonrails.org",
"description": "WebSocket framework for Rails.",
"pathes": [
"."
]
}
},
{
"license": {
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "actionmailer",
"url": "http://rubyonrails.org",
"description": "Email composition, delivery, and receiving framework (part of Rails).",
"pathes": [
"."
]
}
},
{
"license": {
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "actionpack",
"url": "http://rubyonrails.org",
"description": "Web-flow and rendering framework putting the VC in MVC (part of Rails).",
"pathes": [
"."
]
}
},
{
"license": {
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "actionview",
"url": "http://rubyonrails.org",
"description": "Rendering framework putting the V in MVC (part of Rails).",
"pathes": [
"."
]
}
},
{
"license": {
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "activejob",
"url": "http://rubyonrails.org",
"description": "Job framework with pluggable queues.",
"pathes": [
"."
]
}
},
{
"license": {
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "activemodel",
"url": "http://rubyonrails.org",
"description": "A toolkit for building modeling frameworks (part of Rails).",
"pathes": [
"."
]
}
},
{
"license": {
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "activerecord",
"url": "http://rubyonrails.org",
"description": "Object-relational mapper framework (part of Rails).",
"pathes": [
"."
]
}
},
{
"license": {
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "activesupport",
"url": "http://rubyonrails.org",
"description": "A toolkit of support libraries and Ruby core extensions extracted from the Rails framework.",
"pathes": [
"."
]
}
},
{
"license": {
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "arel",
"url": "https://github.com/rails/arel",
"description": "Arel Really Exasperates Logicians Arel is a SQL AST manager for Ruby",
"pathes": [
"."
]
}
},
{
"license": {
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "builder",
"url": "http://onestepback.org",
"description": "Builders for MarkUp.",
"pathes": [
"."
]
}
},
{
"license": {
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "bundler",
"url": "http://bundler.io",
"description": "The best way to manage your application's dependencies",
"pathes": [
"."
]
}
},
{
"license": {
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "coffee-rails",
"url": "https://github.com/rails/coffee-rails",
"description": "CoffeeScript adapter for the Rails asset pipeline.",
"pathes": [
"."
]
}
},
{
"license": {
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "coffee-script",
"url": "http://github.com/josh/ruby-coffee-script",
"description": "Ruby CoffeeScript Compiler",
"pathes": [
"."
]
}
},
{
"license": {
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "coffee-script-source",
"url": "http://coffeescript.org",
"description": "The CoffeeScript Compiler",
"pathes": [
"."
]
}
},
{
"license": {
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "concurrent-ruby",
"url": "http://www.concurrent-ruby.com",
"description": "Modern concurrency tools for Ruby. Inspired by Erlang, Clojure, Scala, Haskell, F#, C#, Java, and classic concurrency patterns.",
"pathes": [
"."
]
}
},
{
"license": {
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "crass",
"url": "https://github.com/rgrove/crass/",
"description": "CSS parser based on the CSS Syntax Level 3 spec.",
"pathes": [
"."
]
}
},
{
"license": {
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "erubis",
"url": "http://www.kuwata-lab.com/erubis/",
"description": "a fast and extensible eRuby implementation which supports multi-language",
"pathes": [
"."
]
}
},
{
"license": {
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "execjs",
"url": "https://github.com/rails/execjs",
"description": "Run JavaScript code from Ruby",
"pathes": [
"."
]
}
},
{
"license": {
"name": "New BSD",
"url": "http://opensource.org/licenses/BSD-3-Clause"
},
"dependency": {
"name": "ffi",
"url": "http://wiki.github.com/ffi/ffi",
"description": "Ruby FFI",
"pathes": [
"."
]
}
},
{
"license": {
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "globalid",
"url": "http://www.rubyonrails.org",
"description": "Refer to any model with a URI: gid://app/class/id",
"pathes": [
"."
]
}
},
{
"license": {
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "i18n",
"url": "http://github.com/svenfuchs/i18n",
"description": "New wave Internationalization support for Ruby",
"pathes": [
"."
]
}
},
{
"license": {
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "jbuilder",
"url": "https://github.com/rails/jbuilder",
"description": "Create JSON structures via a Builder-style DSL",
"pathes": [
"."
]
}
},
{
"license": {
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "loofah",
"description": "",
"pathes": [
"."
]
}
},
{
"license": {
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "mail",
"url": "https://github.com/mikel/mail",
"description": "Mail provides a nice Ruby DSL for making, sending and reading emails.",
"pathes": [
"."
]
}
},
{
"license": {
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "method_source",
"url": "http://banisterfiend.wordpress.com",
"description": "retrieve the sourcecode for a method",
"pathes": [
"."
]
}
},
{
"license": {
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "mini_mime",
"url": "https://github.com/discourse/mini_mime",
"description": "A lightweight mime type lookup toy",
"pathes": [
"."
]
}
},
{ {
"license": { "license": {
"name": "MIT", "name": "MIT",
...@@ -26,9 +401,37 @@ ...@@ -26,9 +401,37 @@
"url": "http://opensource.org/licenses/mit-license" "url": "http://opensource.org/licenses/mit-license"
}, },
"dependency": { "dependency": {
"name": "mustermann", "name": "minitest",
"url": "https://github.com/sinatra/mustermann", "url": "https://github.com/seattlerb/minitest",
"description": "Your personal string matching expert.", "description": "minitest provides a complete suite of testing facilities supporting TDD, BDD, mocking, and benchmarking",
"pathes": [
"."
]
}
},
{
"license": {
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "multi_json",
"url": "http://github.com/intridea/multi_json",
"description": "A common interface to multiple JSON libraries.",
"pathes": [
"."
]
}
},
{
"license": {
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "nio4r",
"url": "https://github.com/celluloid/nio4r",
"description": "NIO provides a high performance selector API for monitoring IO objects",
"pathes": [ "pathes": [
"." "."
] ]
...@@ -48,6 +451,20 @@ ...@@ -48,6 +451,20 @@
] ]
} }
}, },
{
"license": {
"name": "New BSD",
"url": "http://opensource.org/licenses/BSD-3-Clause"
},
"dependency": {
"name": "puma",
"url": "http://puma.io",
"description": "Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications",
"pathes": [
"."
]
}
},
{ {
"license": { "license": {
"name": "MIT", "name": "MIT",
...@@ -68,9 +485,147 @@ ...@@ -68,9 +485,147 @@
"url": "http://opensource.org/licenses/mit-license" "url": "http://opensource.org/licenses/mit-license"
}, },
"dependency": { "dependency": {
"name": "rack-protection", "name": "rack-test",
"url": "http://github.com/sinatra/sinatra/tree/master/rack-protection", "url": "http://github.com/brynary/rack-test",
"description": "Protect against typical web attacks, works with all Rack apps, including Rails.", "description": "Simple testing API built on Rack",
"pathes": [
"."
]
}
},
{
"license": {
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "rails",
"url": "http://rubyonrails.org",
"description": "Full-stack web application framework.",
"pathes": [
"."
]
}
},
{
"license": {
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "rails-dom-testing",
"url": "https://github.com/rails/rails-dom-testing",
"description": "Dom and Selector assertions for Rails applications",
"pathes": [
"."
]
}
},
{
"license": {
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "rails-html-sanitizer",
"url": "https://github.com/rails/rails-html-sanitizer",
"description": "This gem is responsible to sanitize HTML fragments in Rails applications.",
"pathes": [
"."
]
}
},
{
"license": {
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "railties",
"url": "http://rubyonrails.org",
"description": "Tools for creating, working with, and running Rails applications.",
"pathes": [
"."
]
}
},
{
"license": {
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "rake",
"url": "https://github.com/ruby/rake",
"description": "Rake is a Make-like program implemented in Ruby",
"pathes": [
"."
]
}
},
{
"license": {
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "rb-fsevent",
"url": "http://rubygems.org/gems/rb-fsevent",
"description": "Very simple & usable FSEvents API",
"pathes": [
"."
]
}
},
{
"license": {
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "rb-inotify",
"url": "https://github.com/guard/rb-inotify",
"description": "A Ruby wrapper for Linux inotify, using FFI",
"pathes": [
"."
]
}
},
{
"license": {
"name": "unknown"
},
"dependency": {
"name": "ruby-bundler-rails",
"description": "",
"pathes": [
"."
]
}
},
{
"license": {
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "sass",
"url": "http://sass-lang.com/",
"description": "A powerful but elegant CSS compiler that makes CSS fun again.",
"pathes": [
"."
]
}
},
{
"license": {
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "sass-listen",
"url": "https://github.com/sass/listen",
"description": "Fork of guard/listen",
"pathes": [ "pathes": [
"." "."
] ]
...@@ -82,9 +637,9 @@ ...@@ -82,9 +637,9 @@
"url": "http://opensource.org/licenses/mit-license" "url": "http://opensource.org/licenses/mit-license"
}, },
"dependency": { "dependency": {
"name": "redis", "name": "sass-rails",
"url": "https://github.com/redis/redis-rb", "url": "https://github.com/rails/sass-rails",
"description": "A Ruby client library for Redis", "description": "Sass adapter for the Rails asset pipeline.",
"pathes": [ "pathes": [
"." "."
] ]
...@@ -96,9 +651,9 @@ ...@@ -96,9 +651,9 @@
"url": "http://opensource.org/licenses/mit-license" "url": "http://opensource.org/licenses/mit-license"
}, },
"dependency": { "dependency": {
"name": "sinatra", "name": "sprockets",
"url": "http://www.sinatrarb.com/", "url": "https://github.com/rails/sprockets",
"description": "Classy web-development dressed in a DSL", "description": "Rack-based asset packaging system",
"pathes": [ "pathes": [
"." "."
] ]
...@@ -110,9 +665,23 @@ ...@@ -110,9 +665,23 @@
"url": "http://opensource.org/licenses/mit-license" "url": "http://opensource.org/licenses/mit-license"
}, },
"dependency": { "dependency": {
"name": "slim", "name": "sprockets-rails",
"url": "http://slim-lang.com/", "url": "https://github.com/rails/sprockets-rails",
"description": "Slim is a template language.", "description": "Sprockets Rails integration",
"pathes": [
"."
]
}
},
{
"license": {
"name": "New BSD",
"url": "http://opensource.org/licenses/BSD-3-Clause"
},
"dependency": {
"name": "sqlite3",
"url": "https://github.com/sparklemotion/sqlite3-ruby",
"description": "This module allows Ruby programs to interface with the SQLite3 database engine (http://www.sqlite.org)",
"pathes": [ "pathes": [
"." "."
] ]
...@@ -124,9 +693,23 @@ ...@@ -124,9 +693,23 @@
"url": "http://opensource.org/licenses/mit-license" "url": "http://opensource.org/licenses/mit-license"
}, },
"dependency": { "dependency": {
"name": "temple", "name": "thor",
"url": "https://github.com/judofyr/temple", "url": "http://whatisthor.com/",
"description": "Template compilation framework in Ruby", "description": "Thor is a toolkit for building powerful command-line interfaces.",
"pathes": [
"."
]
}
},
{
"license": {
"name": "Apache 2.0",
"url": "http://www.apache.org/licenses/LICENSE-2.0.txt"
},
"dependency": {
"name": "thread_safe",
"url": "https://github.com/ruby-concurrency/thread_safe",
"description": "Thread-safe collections and utilities for Ruby",
"pathes": [ "pathes": [
"." "."
] ]
...@@ -145,6 +728,90 @@ ...@@ -145,6 +728,90 @@
"." "."
] ]
} }
},
{
"license": {
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "turbolinks",
"url": "https://github.com/turbolinks/turbolinks",
"description": "Turbolinks makes navigating your web application faster",
"pathes": [
"."
]
}
},
{
"license": {
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "turbolinks-source",
"url": "https://github.com/turbolinks/turbolinks-source-gem",
"description": "Turbolinks JavaScript assets",
"pathes": [
"."
]
}
},
{
"license": {
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "tzinfo",
"url": "http://tzinfo.github.io",
"description": "Daylight savings aware timezone library",
"pathes": [
"."
]
}
},
{
"license": {
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "uglifier",
"url": "http://github.com/lautis/uglifier",
"description": "Ruby wrapper for UglifyJS JavaScript compressor",
"pathes": [
"."
]
}
},
{
"license": {
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "websocket-driver",
"url": "http://github.com/faye/websocket-driver-ruby",
"description": "WebSocket protocol handler with pluggable I/O",
"pathes": [
"."
]
}
},
{
"license": {
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "websocket-extensions",
"url": "https://github.com/faye/websocket-extensions-ruby",
"description": "Generic extension manager for WebSocket connections",
"pathes": [
"."
]
}
} }
] ]
} }
[ {
{ "version": "1.2",
"category": "sast", "vulnerabilities": [
"message": "Probable insecure usage of temp file/directory.", {
"cve": "python/hardcoded/hardcoded-tmp.py:52865813c884a507be1f152d654245af34aba8a391626d01f1ab6d3f52ec8779:B108", "category": "sast",
"severity": "Medium", "message": "Probable insecure usage of temp file/directory.",
"confidence": "Medium", "cve": "python/hardcoded/hardcoded-tmp.py:52865813c884a507be1f152d654245af34aba8a391626d01f1ab6d3f52ec8779:B108",
"scanner": { "severity": "Medium",
"id": "bandit", "confidence": "Medium",
"name": "Bandit" "scanner": {
}, "id": "bandit",
"location": { "name": "Bandit"
},
"location": {
"file": "python/hardcoded/hardcoded-tmp.py",
"start_line": 1,
"end_line": 1
},
"identifiers": [
{
"type": "bandit_test_id",
"name": "Bandit Test ID B108",
"value": "B108",
"url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html"
}
],
"priority": "Medium",
"file": "python/hardcoded/hardcoded-tmp.py", "file": "python/hardcoded/hardcoded-tmp.py",
"start_line": 1, "line": 1,
"end_line": 1 "url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html",
}, "tool": "bandit"
"identifiers": [ },
{ {
"type": "bandit_test_id", "category": "sast",
"name": "Bandit Test ID B108", "name": "Predictable pseudorandom number generator",
"value": "B108", "message": "Predictable pseudorandom number generator",
"url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html" "cve": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:47:PREDICTABLE_RANDOM",
} "severity": "Medium",
], "confidence": "Medium",
"priority": "Medium", "scanner": {
"file": "python/hardcoded/hardcoded-tmp.py", "id": "find_sec_bugs",
"line": 1, "name": "Find Security Bugs"
"url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html", },
"tool": "bandit" "location": {
}, "file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
{ "start_line": 47,
"category": "sast", "end_line": 47,
"name": "Predictable pseudorandom number generator", "class": "com.gitlab.security_products.tests.App",
"message": "Predictable pseudorandom number generator", "method": "generateSecretToken2"
"cve": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:47:PREDICTABLE_RANDOM", },
"severity": "Medium", "identifiers": [
"confidence": "Medium", {
"scanner": { "type": "find_sec_bugs_type",
"id": "find_sec_bugs", "name": "Find Security Bugs-PREDICTABLE_RANDOM",
"name": "Find Security Bugs" "value": "PREDICTABLE_RANDOM",
}, "url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM"
"location": { }
],
"priority": "Medium",
"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy", "file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
"start_line": 47, "line": 47,
"end_line": 47, "url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM",
"class": "com.gitlab.security_products.tests.App", "tool": "find_sec_bugs"
"method": "generateSecretToken2" },
}, {
"identifiers": [ "category": "sast",
{ "name": "Predictable pseudorandom number generator",
"type": "find_sec_bugs_type", "message": "Predictable pseudorandom number generator",
"name": "Find Security Bugs-PREDICTABLE_RANDOM", "cve": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:41:PREDICTABLE_RANDOM",
"value": "PREDICTABLE_RANDOM", "severity": "Medium",
"url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM" "confidence": "Medium",
} "scanner": {
], "id": "find_sec_bugs",
"priority": "Medium", "name": "Find Security Bugs"
"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy", },
"line": 47, "location": {
"url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM", "file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
"tool": "find_sec_bugs" "start_line": 41,
}, "end_line": 41,
{ "class": "com.gitlab.security_products.tests.App",
"category": "sast", "method": "generateSecretToken1"
"name": "Predictable pseudorandom number generator", },
"message": "Predictable pseudorandom number generator", "identifiers": [
"cve": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:41:PREDICTABLE_RANDOM", {
"severity": "Medium", "type": "find_sec_bugs_type",
"confidence": "Medium", "name": "Find Security Bugs-PREDICTABLE_RANDOM",
"scanner": { "value": "PREDICTABLE_RANDOM",
"id": "find_sec_bugs", "url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM"
"name": "Find Security Bugs" }
}, ],
"location": { "priority": "Medium",
"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy", "file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
"start_line": 41, "line": 41,
"end_line": 41, "url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM",
"class": "com.gitlab.security_products.tests.App", "tool": "find_sec_bugs"
"method": "generateSecretToken1" },
}, {
"identifiers": [ "category": "sast",
{ "message": "Use of insecure MD2, MD4, or MD5 hash function.",
"type": "find_sec_bugs_type", "cve": "python/imports/imports-aliases.py:cb203b465dffb0cb3a8e8bd8910b84b93b0a5995a938e4b903dbb0cd6ffa1254:B303",
"name": "Find Security Bugs-PREDICTABLE_RANDOM", "severity": "Medium",
"value": "PREDICTABLE_RANDOM", "confidence": "High",
"url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM" "scanner": {
} "id": "bandit",
], "name": "Bandit"
"priority": "Medium", },
"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy", "location": {
"line": 41, "file": "python/imports/imports-aliases.py",
"url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM", "start_line": 11,
"tool": "find_sec_bugs" "end_line": 11
}, },
{ "identifiers": [
"category": "sast", {
"message": "Use of insecure MD2, MD4, or MD5 hash function.", "type": "bandit_test_id",
"cve": "python/imports/imports-aliases.py:cb203b465dffb0cb3a8e8bd8910b84b93b0a5995a938e4b903dbb0cd6ffa1254:B303", "name": "Bandit Test ID B303",
"severity": "Medium", "value": "B303"
"confidence": "High", }
"scanner": { ],
"id": "bandit", "priority": "Medium",
"name": "Bandit"
},
"location": {
"file": "python/imports/imports-aliases.py", "file": "python/imports/imports-aliases.py",
"start_line": 11, "line": 11,
"end_line": 11 "tool": "bandit"
}, },
"identifiers": [ {
{ "category": "sast",
"type": "bandit_test_id", "message": "Use of insecure MD2, MD4, or MD5 hash function.",
"name": "Bandit Test ID B303", "cve": "python/imports/imports-aliases.py:a7173c43ae66bd07466632d819d450e0071e02dbf782763640d1092981f9631b:B303",
"value": "B303" "severity": "Medium",
} "confidence": "High",
], "scanner": {
"priority": "Medium", "id": "bandit",
"file": "python/imports/imports-aliases.py", "name": "Bandit"
"line": 11, },
"tool": "bandit" "location": {
}, "file": "python/imports/imports-aliases.py",
{ "start_line": 12,
"category": "sast", "end_line": 12
"message": "Use of insecure MD2, MD4, or MD5 hash function.", },
"cve": "python/imports/imports-aliases.py:a7173c43ae66bd07466632d819d450e0071e02dbf782763640d1092981f9631b:B303", "identifiers": [
"severity": "Medium", {
"confidence": "High", "type": "bandit_test_id",
"scanner": { "name": "Bandit Test ID B303",
"id": "bandit", "value": "B303"
"name": "Bandit" }
}, ],
"location": { "priority": "Medium",
"file": "python/imports/imports-aliases.py", "file": "python/imports/imports-aliases.py",
"start_line": 12, "line": 12,
"end_line": 12 "tool": "bandit"
}, },
"identifiers": [ {
{ "category": "sast",
"type": "bandit_test_id", "message": "Use of insecure MD2, MD4, or MD5 hash function.",
"name": "Bandit Test ID B303", "cve": "python/imports/imports-aliases.py:017017b77deb0b8369b6065947833eeea752a92ec8a700db590fece3e934cf0d:B303",
"value": "B303" "severity": "Medium",
} "confidence": "High",
], "scanner": {
"priority": "Medium", "id": "bandit",
"file": "python/imports/imports-aliases.py", "name": "Bandit"
"line": 12, },
"tool": "bandit" "location": {
}, "file": "python/imports/imports-aliases.py",
{ "start_line": 13,
"category": "sast", "end_line": 13
"message": "Use of insecure MD2, MD4, or MD5 hash function.", },
"cve": "python/imports/imports-aliases.py:017017b77deb0b8369b6065947833eeea752a92ec8a700db590fece3e934cf0d:B303", "identifiers": [
"severity": "Medium", {
"confidence": "High", "type": "bandit_test_id",
"scanner": { "name": "Bandit Test ID B303",
"id": "bandit", "value": "B303"
"name": "Bandit" }
}, ],
"location": { "priority": "Medium",
"file": "python/imports/imports-aliases.py", "file": "python/imports/imports-aliases.py",
"start_line": 13, "line": 13,
"end_line": 13 "tool": "bandit"
}, },
"identifiers": [ {
{ "category": "sast",
"type": "bandit_test_id", "message": "Use of insecure MD2, MD4, or MD5 hash function.",
"name": "Bandit Test ID B303", "cve": "python/imports/imports-aliases.py:45fc8c53aea7b84f06bc4e590cc667678d6073c4c8a1d471177ca2146fb22db2:B303",
"value": "B303" "severity": "Medium",
} "confidence": "High",
], "scanner": {
"priority": "Medium", "id": "bandit",
"file": "python/imports/imports-aliases.py", "name": "Bandit"
"line": 13, },
"tool": "bandit" "location": {
}, "file": "python/imports/imports-aliases.py",
{ "start_line": 14,
"category": "sast", "end_line": 14
"message": "Use of insecure MD2, MD4, or MD5 hash function.", },
"cve": "python/imports/imports-aliases.py:45fc8c53aea7b84f06bc4e590cc667678d6073c4c8a1d471177ca2146fb22db2:B303", "identifiers": [
"severity": "Medium", {
"confidence": "High", "type": "bandit_test_id",
"scanner": { "name": "Bandit Test ID B303",
"id": "bandit", "value": "B303"
"name": "Bandit" }
}, ],
"location": { "priority": "Medium",
"file": "python/imports/imports-aliases.py", "file": "python/imports/imports-aliases.py",
"start_line": 14, "line": 14,
"end_line": 14 "tool": "bandit"
}, },
"identifiers": [ {
{ "category": "sast",
"type": "bandit_test_id", "message": "Pickle library appears to be in use, possible security issue.",
"name": "Bandit Test ID B303", "cve": "python/imports/imports-aliases.py:5f200d47291e7bbd8352db23019b85453ca048dd98ea0c291260fa7d009963a4:B301",
"value": "B303" "severity": "Medium",
} "confidence": "High",
], "scanner": {
"priority": "Medium", "id": "bandit",
"file": "python/imports/imports-aliases.py", "name": "Bandit"
"line": 14, },
"tool": "bandit" "location": {
}, "file": "python/imports/imports-aliases.py",
{ "start_line": 15,
"category": "sast", "end_line": 15
"message": "Pickle library appears to be in use, possible security issue.", },
"cve": "python/imports/imports-aliases.py:5f200d47291e7bbd8352db23019b85453ca048dd98ea0c291260fa7d009963a4:B301", "identifiers": [
"severity": "Medium", {
"confidence": "High", "type": "bandit_test_id",
"scanner": { "name": "Bandit Test ID B301",
"id": "bandit", "value": "B301"
"name": "Bandit" }
}, ],
"location": { "priority": "Medium",
"file": "python/imports/imports-aliases.py", "file": "python/imports/imports-aliases.py",
"start_line": 15, "line": 15,
"end_line": 15 "tool": "bandit"
}, },
"identifiers": [ {
{ "category": "sast",
"type": "bandit_test_id", "name": "ECB mode is insecure",
"name": "Bandit Test ID B301", "message": "ECB mode is insecure",
"value": "B301" "cve": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:29:ECB_MODE",
} "severity": "Medium",
], "confidence": "High",
"priority": "Medium", "scanner": {
"file": "python/imports/imports-aliases.py", "id": "find_sec_bugs",
"line": 15, "name": "Find Security Bugs"
"tool": "bandit" },
}, "location": {
{ "file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
"category": "sast", "start_line": 29,
"name": "ECB mode is insecure", "end_line": 29,
"message": "ECB mode is insecure", "class": "com.gitlab.security_products.tests.App",
"cve": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:29:ECB_MODE", "method": "insecureCypher"
"severity": "Medium", },
"confidence": "High", "identifiers": [
"scanner": { {
"id": "find_sec_bugs", "type": "find_sec_bugs_type",
"name": "Find Security Bugs" "name": "Find Security Bugs-ECB_MODE",
}, "value": "ECB_MODE",
"location": { "url": "https://find-sec-bugs.github.io/bugs.htm#ECB_MODE"
}
],
"priority": "Medium",
"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy", "file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
"start_line": 29, "line": 29,
"end_line": 29, "url": "https://find-sec-bugs.github.io/bugs.htm#ECB_MODE",
"class": "com.gitlab.security_products.tests.App", "tool": "find_sec_bugs"
"method": "insecureCypher" },
}, {
"identifiers": [ "category": "sast",
{ "name": "Cipher with no integrity",
"type": "find_sec_bugs_type", "message": "Cipher with no integrity",
"name": "Find Security Bugs-ECB_MODE", "cve": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:29:CIPHER_INTEGRITY",
"value": "ECB_MODE", "severity": "Medium",
"url": "https://find-sec-bugs.github.io/bugs.htm#ECB_MODE" "confidence": "High",
} "scanner": {
], "id": "find_sec_bugs",
"priority": "Medium", "name": "Find Security Bugs"
"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy", },
"line": 29, "location": {
"url": "https://find-sec-bugs.github.io/bugs.htm#ECB_MODE", "file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
"tool": "find_sec_bugs" "start_line": 29,
}, "end_line": 29,
{ "class": "com.gitlab.security_products.tests.App",
"category": "sast", "method": "insecureCypher"
"name": "Cipher with no integrity", },
"message": "Cipher with no integrity", "identifiers": [
"cve": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:29:CIPHER_INTEGRITY", {
"severity": "Medium", "type": "find_sec_bugs_type",
"confidence": "High", "name": "Find Security Bugs-CIPHER_INTEGRITY",
"scanner": { "value": "CIPHER_INTEGRITY",
"id": "find_sec_bugs", "url": "https://find-sec-bugs.github.io/bugs.htm#CIPHER_INTEGRITY"
"name": "Find Security Bugs" }
}, ],
"location": { "priority": "Medium",
"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy", "file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
"start_line": 29, "line": 29,
"end_line": 29, "url": "https://find-sec-bugs.github.io/bugs.htm#CIPHER_INTEGRITY",
"class": "com.gitlab.security_products.tests.App", "tool": "find_sec_bugs"
"method": "insecureCypher" },
}, {
"identifiers": [ "category": "sast",
{ "message": "Probable insecure usage of temp file/directory.",
"type": "find_sec_bugs_type", "cve": "python/hardcoded/hardcoded-tmp.py:63dd4d626855555b816985d82c4614a790462a0a3ada89dc58eb97f9c50f3077:B108",
"name": "Find Security Bugs-CIPHER_INTEGRITY", "severity": "Medium",
"value": "CIPHER_INTEGRITY", "confidence": "Medium",
"url": "https://find-sec-bugs.github.io/bugs.htm#CIPHER_INTEGRITY" "scanner": {
} "id": "bandit",
], "name": "Bandit"
"priority": "Medium", },
"file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy", "location": {
"line": 29, "file": "python/hardcoded/hardcoded-tmp.py",
"url": "https://find-sec-bugs.github.io/bugs.htm#CIPHER_INTEGRITY", "start_line": 14,
"tool": "find_sec_bugs" "end_line": 14
}, },
{ "identifiers": [
"category": "sast", {
"message": "Probable insecure usage of temp file/directory.", "type": "bandit_test_id",
"cve": "python/hardcoded/hardcoded-tmp.py:63dd4d626855555b816985d82c4614a790462a0a3ada89dc58eb97f9c50f3077:B108", "name": "Bandit Test ID B108",
"severity": "Medium", "value": "B108",
"confidence": "Medium", "url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html"
"scanner": { }
"id": "bandit", ],
"name": "Bandit" "priority": "Medium",
},
"location": {
"file": "python/hardcoded/hardcoded-tmp.py", "file": "python/hardcoded/hardcoded-tmp.py",
"start_line": 14, "line": 14,
"end_line": 14 "url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html",
}, "tool": "bandit"
"identifiers": [ },
{ {
"type": "bandit_test_id", "category": "sast",
"name": "Bandit Test ID B108", "message": "Probable insecure usage of temp file/directory.",
"value": "B108", "cve": "python/hardcoded/hardcoded-tmp.py:4ad6d4c40a8c263fc265f3384724014e0a4f8dd6200af83e51ff120420038031:B108",
"url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html" "severity": "Medium",
} "confidence": "Medium",
], "scanner": {
"priority": "Medium", "id": "bandit",
"file": "python/hardcoded/hardcoded-tmp.py", "name": "Bandit"
"line": 14, },
"url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html", "location": {
"tool": "bandit" "file": "python/hardcoded/hardcoded-tmp.py",
}, "start_line": 10,
{ "end_line": 10
"category": "sast", },
"message": "Probable insecure usage of temp file/directory.", "identifiers": [
"cve": "python/hardcoded/hardcoded-tmp.py:4ad6d4c40a8c263fc265f3384724014e0a4f8dd6200af83e51ff120420038031:B108", {
"severity": "Medium", "type": "bandit_test_id",
"confidence": "Medium", "name": "Bandit Test ID B108",
"scanner": { "value": "B108",
"id": "bandit", "url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html"
"name": "Bandit" }
}, ],
"location": { "priority": "Medium",
"file": "python/hardcoded/hardcoded-tmp.py", "file": "python/hardcoded/hardcoded-tmp.py",
"start_line": 10, "line": 10,
"end_line": 10 "url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html",
}, "tool": "bandit"
"identifiers": [ },
{ {
"type": "bandit_test_id", "category": "sast",
"name": "Bandit Test ID B108", "message": "Consider possible security implications associated with Popen module.",
"value": "B108", "cve": "python/imports/imports-aliases.py:2c3e1fa1e54c3c6646e8bcfaee2518153c6799b77587ff8d9a7b0631f6d34785:B404",
"url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html" "severity": "Low",
} "confidence": "High",
], "scanner": {
"priority": "Medium", "id": "bandit",
"file": "python/hardcoded/hardcoded-tmp.py", "name": "Bandit"
"line": 10, },
"url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html", "location": {
"tool": "bandit" "file": "python/imports/imports-aliases.py",
}, "start_line": 1,
{ "end_line": 1
"category": "sast", },
"message": "Consider possible security implications associated with Popen module.", "identifiers": [
"cve": "python/imports/imports-aliases.py:2c3e1fa1e54c3c6646e8bcfaee2518153c6799b77587ff8d9a7b0631f6d34785:B404", {
"severity": "Low", "type": "bandit_test_id",
"confidence": "High", "name": "Bandit Test ID B404",
"scanner": { "value": "B404"
"id": "bandit", }
"name": "Bandit" ],
}, "priority": "Low",
"location": {
"file": "python/imports/imports-aliases.py", "file": "python/imports/imports-aliases.py",
"start_line": 1, "line": 1,
"end_line": 1 "tool": "bandit"
}, },
"identifiers": [ {
{ "category": "sast",
"type": "bandit_test_id", "message": "Consider possible security implications associated with pickle module.",
"name": "Bandit Test ID B404", "cve": "python/imports/imports.py:af58d07f6ad519ef5287fcae65bf1a6999448a1a3a8bc1ac2a11daa80d0b96bf:B403",
"value": "B404" "severity": "Low",
} "confidence": "High",
], "scanner": {
"priority": "Low", "id": "bandit",
"file": "python/imports/imports-aliases.py", "name": "Bandit"
"line": 1, },
"tool": "bandit" "location": {
}, "file": "python/imports/imports.py",
{ "start_line": 2,
"category": "sast", "end_line": 2
"message": "Consider possible security implications associated with pickle module.", },
"cve": "python/imports/imports.py:af58d07f6ad519ef5287fcae65bf1a6999448a1a3a8bc1ac2a11daa80d0b96bf:B403", "identifiers": [
"severity": "Low", {
"confidence": "High", "type": "bandit_test_id",
"scanner": { "name": "Bandit Test ID B403",
"id": "bandit", "value": "B403"
"name": "Bandit" }
}, ],
"location": { "priority": "Low",
"file": "python/imports/imports.py", "file": "python/imports/imports.py",
"start_line": 2, "line": 2,
"end_line": 2 "tool": "bandit"
}, },
"identifiers": [ {
{ "category": "sast",
"type": "bandit_test_id", "message": "Consider possible security implications associated with subprocess module.",
"name": "Bandit Test ID B403", "cve": "python/imports/imports.py:8de9bc98029d212db530785a5f6780cfa663548746ff228ab8fa96c5bb82f089:B404",
"value": "B403" "severity": "Low",
} "confidence": "High",
], "scanner": {
"priority": "Low", "id": "bandit",
"file": "python/imports/imports.py", "name": "Bandit"
"line": 2, },
"tool": "bandit" "location": {
}, "file": "python/imports/imports.py",
{ "start_line": 4,
"category": "sast", "end_line": 4
"message": "Consider possible security implications associated with subprocess module.", },
"cve": "python/imports/imports.py:8de9bc98029d212db530785a5f6780cfa663548746ff228ab8fa96c5bb82f089:B404", "identifiers": [
"severity": "Low", {
"confidence": "High", "type": "bandit_test_id",
"scanner": { "name": "Bandit Test ID B404",
"id": "bandit", "value": "B404"
"name": "Bandit" }
}, ],
"location": { "priority": "Low",
"file": "python/imports/imports.py", "file": "python/imports/imports.py",
"start_line": 4, "line": 4,
"end_line": 4 "tool": "bandit"
}, },
"identifiers": [ {
{ "category": "sast",
"type": "bandit_test_id", "message": "Possible hardcoded password: 'blerg'",
"name": "Bandit Test ID B404", "cve": "python/hardcoded/hardcoded-passwords.py:97c30f1d76d2a88913e3ce9ae74087874d740f87de8af697a9c455f01119f633:B106",
"value": "B404" "severity": "Low",
} "confidence": "Medium",
], "scanner": {
"priority": "Low", "id": "bandit",
"file": "python/imports/imports.py", "name": "Bandit"
"line": 4, },
"tool": "bandit" "location": {
}, "file": "python/hardcoded/hardcoded-passwords.py",
{ "start_line": 22,
"category": "sast", "end_line": 22
"message": "Possible hardcoded password: 'blerg'", },
"cve": "python/hardcoded/hardcoded-passwords.py:97c30f1d76d2a88913e3ce9ae74087874d740f87de8af697a9c455f01119f633:B106", "identifiers": [
"severity": "Low", {
"confidence": "Medium", "type": "bandit_test_id",
"scanner": { "name": "Bandit Test ID B106",
"id": "bandit", "value": "B106",
"name": "Bandit" "url": "https://docs.openstack.org/bandit/latest/plugins/b106_hardcoded_password_funcarg.html"
}, }
"location": { ],
"priority": "Low",
"file": "python/hardcoded/hardcoded-passwords.py", "file": "python/hardcoded/hardcoded-passwords.py",
"start_line": 22, "line": 22,
"end_line": 22 "url": "https://docs.openstack.org/bandit/latest/plugins/b106_hardcoded_password_funcarg.html",
}, "tool": "bandit"
"identifiers": [ },
{ {
"type": "bandit_test_id", "category": "sast",
"name": "Bandit Test ID B106", "message": "Possible hardcoded password: 'root'",
"value": "B106", "cve": "python/hardcoded/hardcoded-passwords.py:7431c73a0bc16d94ece2a2e75ef38f302574d42c37ac0c3c38ad0b3bf8a59f10:B105",
"url": "https://docs.openstack.org/bandit/latest/plugins/b106_hardcoded_password_funcarg.html" "severity": "Low",
} "confidence": "Medium",
], "scanner": {
"priority": "Low", "id": "bandit",
"file": "python/hardcoded/hardcoded-passwords.py", "name": "Bandit"
"line": 22, },
"url": "https://docs.openstack.org/bandit/latest/plugins/b106_hardcoded_password_funcarg.html", "location": {
"tool": "bandit" "file": "python/hardcoded/hardcoded-passwords.py",
}, "start_line": 5,
{ "end_line": 5
"category": "sast", },
"message": "Possible hardcoded password: 'root'", "identifiers": [
"cve": "python/hardcoded/hardcoded-passwords.py:7431c73a0bc16d94ece2a2e75ef38f302574d42c37ac0c3c38ad0b3bf8a59f10:B105", {
"severity": "Low", "type": "bandit_test_id",
"confidence": "Medium", "name": "Bandit Test ID B105",
"scanner": { "value": "B105",
"id": "bandit", "url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
"name": "Bandit" }
}, ],
"location": { "priority": "Low",
"file": "python/hardcoded/hardcoded-passwords.py", "file": "python/hardcoded/hardcoded-passwords.py",
"start_line": 5, "line": 5,
"end_line": 5 "url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html",
}, "tool": "bandit"
"identifiers": [ },
{ {
"type": "bandit_test_id", "category": "sast",
"name": "Bandit Test ID B105", "message": "Possible hardcoded password: ''",
"value": "B105", "cve": "python/hardcoded/hardcoded-passwords.py:d2d1857c27caedd49c57bfbcdc23afcc92bd66a22701fcdc632869aab4ca73ee:B105",
"url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html" "severity": "Low",
} "confidence": "Medium",
], "scanner": {
"priority": "Low", "id": "bandit",
"file": "python/hardcoded/hardcoded-passwords.py", "name": "Bandit"
"line": 5, },
"url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html", "location": {
"tool": "bandit" "file": "python/hardcoded/hardcoded-passwords.py",
}, "start_line": 9,
{ "end_line": 9
"category": "sast", },
"message": "Possible hardcoded password: ''", "identifiers": [
"cve": "python/hardcoded/hardcoded-passwords.py:d2d1857c27caedd49c57bfbcdc23afcc92bd66a22701fcdc632869aab4ca73ee:B105", {
"severity": "Low", "type": "bandit_test_id",
"confidence": "Medium", "name": "Bandit Test ID B105",
"scanner": { "value": "B105",
"id": "bandit", "url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
"name": "Bandit" }
}, ],
"location": { "priority": "Low",
"file": "python/hardcoded/hardcoded-passwords.py", "file": "python/hardcoded/hardcoded-passwords.py",
"start_line": 9, "line": 9,
"end_line": 9 "url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html",
}, "tool": "bandit"
"identifiers": [ },
{ {
"type": "bandit_test_id", "category": "sast",
"name": "Bandit Test ID B105", "message": "Possible hardcoded password: 'ajklawejrkl42348swfgkg'",
"value": "B105", "cve": "python/hardcoded/hardcoded-passwords.py:fb3866215a61393a5c9c32a3b60e2058171a23219c353f722cbd3567acab21d2:B105",
"url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html" "severity": "Low",
} "confidence": "Medium",
], "scanner": {
"priority": "Low", "id": "bandit",
"file": "python/hardcoded/hardcoded-passwords.py", "name": "Bandit"
"line": 9, },
"url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html", "location": {
"tool": "bandit" "file": "python/hardcoded/hardcoded-passwords.py",
}, "start_line": 13,
{ "end_line": 13
"category": "sast", },
"message": "Possible hardcoded password: 'ajklawejrkl42348swfgkg'", "identifiers": [
"cve": "python/hardcoded/hardcoded-passwords.py:fb3866215a61393a5c9c32a3b60e2058171a23219c353f722cbd3567acab21d2:B105", {
"severity": "Low", "type": "bandit_test_id",
"confidence": "Medium", "name": "Bandit Test ID B105",
"scanner": { "value": "B105",
"id": "bandit", "url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
"name": "Bandit" }
}, ],
"location": { "priority": "Low",
"file": "python/hardcoded/hardcoded-passwords.py", "file": "python/hardcoded/hardcoded-passwords.py",
"start_line": 13, "line": 13,
"end_line": 13 "url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html",
}, "tool": "bandit"
"identifiers": [ },
{ {
"type": "bandit_test_id", "category": "sast",
"name": "Bandit Test ID B105", "message": "Possible hardcoded password: 'blerg'",
"value": "B105", "cve": "python/hardcoded/hardcoded-passwords.py:63c62a8b7e1e5224439bd26b28030585ac48741e28ca64561a6071080c560a5f:B105",
"url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html" "severity": "Low",
} "confidence": "Medium",
], "scanner": {
"priority": "Low", "id": "bandit",
"file": "python/hardcoded/hardcoded-passwords.py", "name": "Bandit"
"line": 13, },
"url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html", "location": {
"tool": "bandit" "file": "python/hardcoded/hardcoded-passwords.py",
}, "start_line": 23,
{ "end_line": 23
"category": "sast", },
"message": "Possible hardcoded password: 'blerg'", "identifiers": [
"cve": "python/hardcoded/hardcoded-passwords.py:63c62a8b7e1e5224439bd26b28030585ac48741e28ca64561a6071080c560a5f:B105", {
"severity": "Low", "type": "bandit_test_id",
"confidence": "Medium", "name": "Bandit Test ID B105",
"scanner": { "value": "B105",
"id": "bandit", "url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
"name": "Bandit" }
}, ],
"location": { "priority": "Low",
"file": "python/hardcoded/hardcoded-passwords.py", "file": "python/hardcoded/hardcoded-passwords.py",
"start_line": 23, "line": 23,
"end_line": 23 "url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html",
}, "tool": "bandit"
"identifiers": [ },
{ {
"type": "bandit_test_id", "category": "sast",
"name": "Bandit Test ID B105", "message": "Possible hardcoded password: 'blerg'",
"value": "B105", "cve": "python/hardcoded/hardcoded-passwords.py:4311b06d08df8fa58229b341c531da8e1a31ec4520597bdff920cd5c098d86f9:B105",
"url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html" "severity": "Low",
} "confidence": "Medium",
], "scanner": {
"priority": "Low", "id": "bandit",
"file": "python/hardcoded/hardcoded-passwords.py", "name": "Bandit"
"line": 23, },
"url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html", "location": {
"tool": "bandit" "file": "python/hardcoded/hardcoded-passwords.py",
}, "start_line": 24,
{ "end_line": 24
"category": "sast", },
"message": "Possible hardcoded password: 'blerg'", "identifiers": [
"cve": "python/hardcoded/hardcoded-passwords.py:4311b06d08df8fa58229b341c531da8e1a31ec4520597bdff920cd5c098d86f9:B105", {
"severity": "Low", "type": "bandit_test_id",
"confidence": "Medium", "name": "Bandit Test ID B105",
"scanner": { "value": "B105",
"id": "bandit", "url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
"name": "Bandit" }
}, ],
"location": { "priority": "Low",
"file": "python/hardcoded/hardcoded-passwords.py", "file": "python/hardcoded/hardcoded-passwords.py",
"start_line": 24, "line": 24,
"end_line": 24 "url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html",
}, "tool": "bandit"
"identifiers": [ },
{ {
"type": "bandit_test_id", "category": "sast",
"name": "Bandit Test ID B105", "message": "Consider possible security implications associated with subprocess module.",
"value": "B105", "cve": "python/imports/imports-function.py:5858400c2f39047787702de44d03361ef8d954c9d14bd54ee1c2bef9e6a7df93:B404",
"url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html" "severity": "Low",
} "confidence": "High",
], "scanner": {
"priority": "Low", "id": "bandit",
"file": "python/hardcoded/hardcoded-passwords.py", "name": "Bandit"
"line": 24, },
"url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html", "location": {
"tool": "bandit" "file": "python/imports/imports-function.py",
}, "start_line": 4,
{ "end_line": 4
"category": "sast", },
"message": "Consider possible security implications associated with subprocess module.", "identifiers": [
"cve": "python/imports/imports-function.py:5858400c2f39047787702de44d03361ef8d954c9d14bd54ee1c2bef9e6a7df93:B404", {
"severity": "Low", "type": "bandit_test_id",
"confidence": "High", "name": "Bandit Test ID B404",
"scanner": { "value": "B404"
"id": "bandit", }
"name": "Bandit" ],
}, "priority": "Low",
"location": {
"file": "python/imports/imports-function.py", "file": "python/imports/imports-function.py",
"start_line": 4, "line": 4,
"end_line": 4 "tool": "bandit"
}, },
"identifiers": [ {
{ "category": "sast",
"type": "bandit_test_id", "message": "Consider possible security implications associated with pickle module.",
"name": "Bandit Test ID B404", "cve": "python/imports/imports-function.py:dbda3cf4190279d30e0aad7dd137eca11272b0b225e8af4e8bf39682da67d956:B403",
"value": "B404" "severity": "Low",
} "confidence": "High",
], "scanner": {
"priority": "Low", "id": "bandit",
"file": "python/imports/imports-function.py", "name": "Bandit"
"line": 4, },
"tool": "bandit" "location": {
}, "file": "python/imports/imports-function.py",
{ "start_line": 2,
"category": "sast", "end_line": 2
"message": "Consider possible security implications associated with pickle module.", },
"cve": "python/imports/imports-function.py:dbda3cf4190279d30e0aad7dd137eca11272b0b225e8af4e8bf39682da67d956:B403", "identifiers": [
"severity": "Low", {
"confidence": "High", "type": "bandit_test_id",
"scanner": { "name": "Bandit Test ID B403",
"id": "bandit", "value": "B403"
"name": "Bandit" }
}, ],
"location": { "priority": "Low",
"file": "python/imports/imports-function.py", "file": "python/imports/imports-function.py",
"start_line": 2, "line": 2,
"end_line": 2 "tool": "bandit"
}, },
"identifiers": [ {
{ "category": "sast",
"type": "bandit_test_id", "message": "Consider possible security implications associated with Popen module.",
"name": "Bandit Test ID B403", "cve": "python/imports/imports-from.py:eb8a0db9cd1a8c1ab39a77e6025021b1261cc2a0b026b2f4a11fca4e0636d8dd:B404",
"value": "B403" "severity": "Low",
} "confidence": "High",
], "scanner": {
"priority": "Low", "id": "bandit",
"file": "python/imports/imports-function.py", "name": "Bandit"
"line": 2, },
"tool": "bandit" "location": {
}, "file": "python/imports/imports-from.py",
{ "start_line": 7,
"category": "sast", "end_line": 7
"message": "Consider possible security implications associated with Popen module.", },
"cve": "python/imports/imports-from.py:eb8a0db9cd1a8c1ab39a77e6025021b1261cc2a0b026b2f4a11fca4e0636d8dd:B404", "identifiers": [
"severity": "Low", {
"confidence": "High", "type": "bandit_test_id",
"scanner": { "name": "Bandit Test ID B404",
"id": "bandit", "value": "B404"
"name": "Bandit" }
}, ],
"location": { "priority": "Low",
"file": "python/imports/imports-from.py", "file": "python/imports/imports-from.py",
"start_line": 7, "line": 7,
"end_line": 7 "tool": "bandit"
}, },
"identifiers": [ {
{ "category": "sast",
"type": "bandit_test_id", "message": "subprocess call with shell=True seems safe, but may be changed in the future, consider rewriting without shell",
"name": "Bandit Test ID B404", "cve": "python/imports/imports-aliases.py:f99f9721e27537fbcb6699a4cf39c6740d6234d2c6f06cfc2d9ea977313c483d:B602",
"value": "B404" "severity": "Low",
} "confidence": "High",
], "scanner": {
"priority": "Low", "id": "bandit",
"file": "python/imports/imports-from.py", "name": "Bandit"
"line": 7, },
"tool": "bandit" "location": {
}, "file": "python/imports/imports-aliases.py",
{ "start_line": 9,
"category": "sast", "end_line": 9
"message": "subprocess call with shell=True seems safe, but may be changed in the future, consider rewriting without shell", },
"cve": "python/imports/imports-aliases.py:f99f9721e27537fbcb6699a4cf39c6740d6234d2c6f06cfc2d9ea977313c483d:B602", "identifiers": [
"severity": "Low", {
"confidence": "High", "type": "bandit_test_id",
"scanner": { "name": "Bandit Test ID B602",
"id": "bandit", "value": "B602",
"name": "Bandit" "url": "https://docs.openstack.org/bandit/latest/plugins/b602_subprocess_popen_with_shell_equals_true.html"
}, }
"location": { ],
"priority": "Low",
"file": "python/imports/imports-aliases.py", "file": "python/imports/imports-aliases.py",
"start_line": 9, "line": 9,
"end_line": 9 "url": "https://docs.openstack.org/bandit/latest/plugins/b602_subprocess_popen_with_shell_equals_true.html",
}, "tool": "bandit"
"identifiers": [ },
{ {
"type": "bandit_test_id", "category": "sast",
"name": "Bandit Test ID B602", "message": "Consider possible security implications associated with subprocess module.",
"value": "B602", "cve": "python/imports/imports-from.py:332a12ab1146698f614a905ce6a6a5401497a12281aef200e80522711c69dcf4:B404",
"url": "https://docs.openstack.org/bandit/latest/plugins/b602_subprocess_popen_with_shell_equals_true.html" "severity": "Low",
} "confidence": "High",
], "scanner": {
"priority": "Low", "id": "bandit",
"file": "python/imports/imports-aliases.py", "name": "Bandit"
"line": 9, },
"url": "https://docs.openstack.org/bandit/latest/plugins/b602_subprocess_popen_with_shell_equals_true.html", "location": {
"tool": "bandit" "file": "python/imports/imports-from.py",
}, "start_line": 6,
{ "end_line": 6
"category": "sast", },
"message": "Consider possible security implications associated with subprocess module.", "identifiers": [
"cve": "python/imports/imports-from.py:332a12ab1146698f614a905ce6a6a5401497a12281aef200e80522711c69dcf4:B404", {
"severity": "Low", "type": "bandit_test_id",
"confidence": "High", "name": "Bandit Test ID B404",
"scanner": { "value": "B404"
"id": "bandit", }
"name": "Bandit" ],
}, "priority": "Low",
"location": {
"file": "python/imports/imports-from.py", "file": "python/imports/imports-from.py",
"start_line": 6, "line": 6,
"end_line": 6 "tool": "bandit"
}, },
"identifiers": [ {
{ "category": "sast",
"type": "bandit_test_id", "message": "Consider possible security implications associated with Popen module.",
"name": "Bandit Test ID B404", "cve": "python/imports/imports-from.py:0a48de4a3d5348853a03666cb574697e3982998355e7a095a798bd02a5947276:B404",
"value": "B404" "severity": "Low",
} "confidence": "High",
], "scanner": {
"priority": "Low", "id": "bandit",
"file": "python/imports/imports-from.py", "name": "Bandit"
"line": 6, },
"tool": "bandit" "location": {
}, "file": "python/imports/imports-from.py",
{ "start_line": 1,
"category": "sast", "end_line": 2
"message": "Consider possible security implications associated with Popen module.", },
"cve": "python/imports/imports-from.py:0a48de4a3d5348853a03666cb574697e3982998355e7a095a798bd02a5947276:B404", "identifiers": [
"severity": "Low", {
"confidence": "High", "type": "bandit_test_id",
"scanner": { "name": "Bandit Test ID B404",
"id": "bandit", "value": "B404"
"name": "Bandit" }
}, ],
"location": { "priority": "Low",
"file": "python/imports/imports-from.py", "file": "python/imports/imports-from.py",
"start_line": 1, "line": 1,
"end_line": 2 "tool": "bandit"
}, },
"identifiers": [ {
{ "category": "sast",
"type": "bandit_test_id", "message": "Consider possible security implications associated with pickle module.",
"name": "Bandit Test ID B404", "cve": "python/imports/imports-aliases.py:51b71661dff994bde3529639a727a678c8f5c4c96f00d300913f6d5be1bbdf26:B403",
"value": "B404" "severity": "Low",
} "confidence": "High",
], "scanner": {
"priority": "Low", "id": "bandit",
"file": "python/imports/imports-from.py", "name": "Bandit"
"line": 1, },
"tool": "bandit" "location": {
}, "file": "python/imports/imports-aliases.py",
{ "start_line": 7,
"category": "sast", "end_line": 8
"message": "Consider possible security implications associated with pickle module.", },
"cve": "python/imports/imports-aliases.py:51b71661dff994bde3529639a727a678c8f5c4c96f00d300913f6d5be1bbdf26:B403", "identifiers": [
"severity": "Low", {
"confidence": "High", "type": "bandit_test_id",
"scanner": { "name": "Bandit Test ID B403",
"id": "bandit", "value": "B403"
"name": "Bandit" }
}, ],
"location": { "priority": "Low",
"file": "python/imports/imports-aliases.py", "file": "python/imports/imports-aliases.py",
"start_line": 7, "line": 7,
"end_line": 8 "tool": "bandit"
}, },
"identifiers": [ {
{ "category": "sast",
"type": "bandit_test_id", "message": "Consider possible security implications associated with loads module.",
"name": "Bandit Test ID B403", "cve": "python/imports/imports-aliases.py:6ff02aeb3149c01ab68484d794a94f58d5d3e3bb0d58557ef4153644ea68ea54:B403",
"value": "B403" "severity": "Low",
} "confidence": "High",
], "scanner": {
"priority": "Low", "id": "bandit",
"file": "python/imports/imports-aliases.py", "name": "Bandit"
"line": 7, },
"tool": "bandit" "location": {
}, "file": "python/imports/imports-aliases.py",
{ "start_line": 6,
"category": "sast", "end_line": 6
"message": "Consider possible security implications associated with loads module.", },
"cve": "python/imports/imports-aliases.py:6ff02aeb3149c01ab68484d794a94f58d5d3e3bb0d58557ef4153644ea68ea54:B403", "identifiers": [
"severity": "Low", {
"confidence": "High", "type": "bandit_test_id",
"scanner": { "name": "Bandit Test ID B403",
"id": "bandit", "value": "B403"
"name": "Bandit" }
}, ],
"location": { "priority": "Low",
"file": "python/imports/imports-aliases.py", "file": "python/imports/imports-aliases.py",
"start_line": 6, "line": 6,
"end_line": 6 "tool": "bandit"
}, },
"identifiers": [ {
{ "category": "sast",
"type": "bandit_test_id", "message": "Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120)",
"name": "Bandit Test ID B403", "cve": "c/subdir/utils.c:b466873101951fe96e1332f6728eb7010acbbd5dfc3b65d7d53571d091a06d9e:CWE-119!/CWE-120",
"value": "B403" "confidence": "Low",
} "solution": "Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length",
], "scanner": {
"priority": "Low", "id": "flawfinder",
"file": "python/imports/imports-aliases.py", "name": "Flawfinder"
"line": 6, },
"tool": "bandit" "location": {
}, "file": "c/subdir/utils.c",
{ "start_line": 4
"category": "sast", },
"message": "Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120)", "identifiers": [
"cve": "c/subdir/utils.c:b466873101951fe96e1332f6728eb7010acbbd5dfc3b65d7d53571d091a06d9e:CWE-119!/CWE-120", {
"confidence": "Low", "type": "cwe",
"solution": "Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length", "name": "CWE-119",
"scanner": { "value": "119",
"id": "flawfinder", "url": "https://cwe.mitre.org/data/definitions/119.html"
"name": "Flawfinder" },
}, {
"location": { "type": "cwe",
"name": "CWE-120",
"value": "120",
"url": "https://cwe.mitre.org/data/definitions/120.html"
}
],
"file": "c/subdir/utils.c", "file": "c/subdir/utils.c",
"start_line": 4 "line": 4,
}, "url": "https://cwe.mitre.org/data/definitions/119.html",
"identifiers": [ "tool": "flawfinder"
{ },
"type": "cwe", {
"name": "CWE-119", "category": "sast",
"value": "119", "message": "Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362)",
"url": "https://cwe.mitre.org/data/definitions/119.html" "cve": "c/subdir/utils.c:bab681140fcc8fc3085b6bba74081b44ea145c1c98b5e70cf19ace2417d30770:CWE-362",
}, "confidence": "Low",
{ "scanner": {
"type": "cwe", "id": "flawfinder",
"name": "CWE-120", "name": "Flawfinder"
"value": "120", },
"url": "https://cwe.mitre.org/data/definitions/120.html" "location": {
} "file": "c/subdir/utils.c",
], "start_line": 8
"file": "c/subdir/utils.c", },
"line": 4, "identifiers": [
"url": "https://cwe.mitre.org/data/definitions/119.html", {
"tool": "flawfinder" "type": "cwe",
}, "name": "CWE-362",
{ "value": "362",
"category": "sast", "url": "https://cwe.mitre.org/data/definitions/362.html"
"message": "Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362)", }
"cve": "c/subdir/utils.c:bab681140fcc8fc3085b6bba74081b44ea145c1c98b5e70cf19ace2417d30770:CWE-362", ],
"confidence": "Low",
"scanner": {
"id": "flawfinder",
"name": "Flawfinder"
},
"location": {
"file": "c/subdir/utils.c", "file": "c/subdir/utils.c",
"start_line": 8 "line": 8,
}, "url": "https://cwe.mitre.org/data/definitions/362.html",
"identifiers": [ "tool": "flawfinder"
{ },
"type": "cwe", {
"name": "CWE-362", "category": "sast",
"value": "362", "message": "Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120)",
"url": "https://cwe.mitre.org/data/definitions/362.html" "cve": "cplusplus/src/hello.cpp:c8c6dd0afdae6814194cf0930b719f757ab7b379cf8f261e7f4f9f2f323a818a:CWE-119!/CWE-120",
} "confidence": "Low",
], "solution": "Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length",
"file": "c/subdir/utils.c", "scanner": {
"line": 8, "id": "flawfinder",
"url": "https://cwe.mitre.org/data/definitions/362.html", "name": "Flawfinder"
"tool": "flawfinder" },
}, "location": {
{ "file": "cplusplus/src/hello.cpp",
"category": "sast", "start_line": 6
"message": "Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120)", },
"cve": "cplusplus/src/hello.cpp:c8c6dd0afdae6814194cf0930b719f757ab7b379cf8f261e7f4f9f2f323a818a:CWE-119!/CWE-120", "identifiers": [
"confidence": "Low", {
"solution": "Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length", "type": "cwe",
"scanner": { "name": "CWE-119",
"id": "flawfinder", "value": "119",
"name": "Flawfinder" "url": "https://cwe.mitre.org/data/definitions/119.html"
}, },
"location": { {
"type": "cwe",
"name": "CWE-120",
"value": "120",
"url": "https://cwe.mitre.org/data/definitions/120.html"
}
],
"file": "cplusplus/src/hello.cpp", "file": "cplusplus/src/hello.cpp",
"start_line": 6 "line": 6,
}, "url": "https://cwe.mitre.org/data/definitions/119.html",
"identifiers": [ "tool": "flawfinder"
{ },
"type": "cwe", {
"name": "CWE-119", "category": "sast",
"value": "119", "message": "Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120)",
"url": "https://cwe.mitre.org/data/definitions/119.html" "cve": "cplusplus/src/hello.cpp:331c04062c4fe0c7c486f66f59e82ad146ab33cdd76ae757ca41f392d568cbd0:CWE-120",
}, "confidence": "Low",
{ "solution": "Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)",
"type": "cwe", "scanner": {
"name": "CWE-120", "id": "flawfinder",
"value": "120", "name": "Flawfinder"
"url": "https://cwe.mitre.org/data/definitions/120.html" },
} "location": {
], "file": "cplusplus/src/hello.cpp",
"file": "cplusplus/src/hello.cpp", "start_line": 7
"line": 6, },
"url": "https://cwe.mitre.org/data/definitions/119.html", "identifiers": [
"tool": "flawfinder" {
}, "type": "cwe",
{ "name": "CWE-120",
"category": "sast", "value": "120",
"message": "Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120)", "url": "https://cwe.mitre.org/data/definitions/120.html"
"cve": "cplusplus/src/hello.cpp:331c04062c4fe0c7c486f66f59e82ad146ab33cdd76ae757ca41f392d568cbd0:CWE-120", }
"confidence": "Low", ],
"solution": "Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)",
"scanner": {
"id": "flawfinder",
"name": "Flawfinder"
},
"location": {
"file": "cplusplus/src/hello.cpp", "file": "cplusplus/src/hello.cpp",
"start_line": 7 "line": 7,
}, "url": "https://cwe.mitre.org/data/definitions/120.html",
"identifiers": [ "tool": "flawfinder"
{ }
"type": "cwe", ]
"name": "CWE-120", }
"value": "120",
"url": "https://cwe.mitre.org/data/definitions/120.html"
}
],
"file": "cplusplus/src/hello.cpp",
"line": 7,
"url": "https://cwe.mitre.org/data/definitions/120.html",
"tool": "flawfinder"
}
]
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment