Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
a62dc11a
Commit
a62dc11a
authored
Sep 12, 2019
by
Aleksandr Soborov
Committed by
Walmyr Lima e Silva Filho
Sep 12, 2019
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Added E2E tests for SAST reports
Additionally updated fixture to provide SAST report
parent
96313e86
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
993 additions
and
1 deletion
+993
-1
qa/qa/ee/fixtures/secure_premade_reports/.gitlab-ci.yml
qa/qa/ee/fixtures/secure_premade_reports/.gitlab-ci.yml
+10
-0
qa/qa/ee/fixtures/secure_premade_reports/gl-sast-report.json
qa/qa/ee/fixtures/secure_premade_reports/gl-sast-report.json
+967
-0
qa/qa/specs/features/ee/browser_ui/secure/create_merge_request_with_secure_spec.rb
...rowser_ui/secure/create_merge_request_with_secure_spec.rb
+1
-1
qa/qa/specs/features/ee/browser_ui/secure/security_reports_spec.rb
...cs/features/ee/browser_ui/secure/security_reports_spec.rb
+15
-0
No files found.
qa/qa/ee/fixtures/secure_premade_reports/.gitlab-ci.yml
View file @
a62dc11a
...
@@ -24,3 +24,13 @@ container_scanning:
...
@@ -24,3 +24,13 @@ container_scanning:
artifacts
:
artifacts
:
reports
:
reports
:
container_scanning
:
gl-container-scanning-report.json
container_scanning
:
gl-container-scanning-report.json
sast
:
tags
:
-
qa
-
test
script
:
-
echo "Skipped"
artifacts
:
reports
:
sast
:
gl-sast-report.json
qa/qa/ee/fixtures/secure_premade_reports/gl-sast-report.json
0 → 100644
View file @
a62dc11a
{
"version"
:
"1.2"
,
"vulnerabilities"
:
[
{
"category"
:
"sast"
,
"message"
:
"Probable insecure usage of temp file/directory."
,
"cve"
:
"python/hardcoded/hardcoded-tmp.py:52865813c884a507be1f152d654245af34aba8a391626d01f1ab6d3f52ec8779:B108"
,
"severity"
:
"Medium"
,
"confidence"
:
"Medium"
,
"scanner"
:
{
"id"
:
"bandit"
,
"name"
:
"Bandit"
},
"location"
:
{
"file"
:
"python/hardcoded/hardcoded-tmp.py"
,
"start_line"
:
1
,
"end_line"
:
1
},
"identifiers"
:
[
{
"type"
:
"bandit_test_id"
,
"name"
:
"Bandit Test ID B108"
,
"value"
:
"B108"
,
"url"
:
"https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html"
}
],
"priority"
:
"Medium"
,
"file"
:
"python/hardcoded/hardcoded-tmp.py"
,
"line"
:
1
,
"url"
:
"https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html"
,
"tool"
:
"bandit"
},
{
"category"
:
"sast"
,
"name"
:
"Predictable pseudorandom number generator"
,
"message"
:
"Predictable pseudorandom number generator"
,
"cve"
:
"groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:47:PREDICTABLE_RANDOM"
,
"severity"
:
"Medium"
,
"confidence"
:
"Medium"
,
"scanner"
:
{
"id"
:
"find_sec_bugs"
,
"name"
:
"Find Security Bugs"
},
"location"
:
{
"file"
:
"groovy/src/main/java/com/gitlab/security_products/tests/App.groovy"
,
"start_line"
:
47
,
"end_line"
:
47
,
"class"
:
"com.gitlab.security_products.tests.App"
,
"method"
:
"generateSecretToken2"
},
"identifiers"
:
[
{
"type"
:
"find_sec_bugs_type"
,
"name"
:
"Find Security Bugs-PREDICTABLE_RANDOM"
,
"value"
:
"PREDICTABLE_RANDOM"
,
"url"
:
"https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM"
}
],
"priority"
:
"Medium"
,
"file"
:
"groovy/src/main/java/com/gitlab/security_products/tests/App.groovy"
,
"line"
:
47
,
"url"
:
"https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM"
,
"tool"
:
"find_sec_bugs"
},
{
"category"
:
"sast"
,
"name"
:
"Predictable pseudorandom number generator"
,
"message"
:
"Predictable pseudorandom number generator"
,
"cve"
:
"groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:41:PREDICTABLE_RANDOM"
,
"severity"
:
"Medium"
,
"confidence"
:
"Medium"
,
"scanner"
:
{
"id"
:
"find_sec_bugs"
,
"name"
:
"Find Security Bugs"
},
"location"
:
{
"file"
:
"groovy/src/main/java/com/gitlab/security_products/tests/App.groovy"
,
"start_line"
:
41
,
"end_line"
:
41
,
"class"
:
"com.gitlab.security_products.tests.App"
,
"method"
:
"generateSecretToken1"
},
"identifiers"
:
[
{
"type"
:
"find_sec_bugs_type"
,
"name"
:
"Find Security Bugs-PREDICTABLE_RANDOM"
,
"value"
:
"PREDICTABLE_RANDOM"
,
"url"
:
"https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM"
}
],
"priority"
:
"Medium"
,
"file"
:
"groovy/src/main/java/com/gitlab/security_products/tests/App.groovy"
,
"line"
:
41
,
"url"
:
"https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM"
,
"tool"
:
"find_sec_bugs"
},
{
"category"
:
"sast"
,
"message"
:
"Use of insecure MD2, MD4, or MD5 hash function."
,
"cve"
:
"python/imports/imports-aliases.py:cb203b465dffb0cb3a8e8bd8910b84b93b0a5995a938e4b903dbb0cd6ffa1254:B303"
,
"severity"
:
"Medium"
,
"confidence"
:
"High"
,
"scanner"
:
{
"id"
:
"bandit"
,
"name"
:
"Bandit"
},
"location"
:
{
"file"
:
"python/imports/imports-aliases.py"
,
"start_line"
:
11
,
"end_line"
:
11
},
"identifiers"
:
[
{
"type"
:
"bandit_test_id"
,
"name"
:
"Bandit Test ID B303"
,
"value"
:
"B303"
}
],
"priority"
:
"Medium"
,
"file"
:
"python/imports/imports-aliases.py"
,
"line"
:
11
,
"tool"
:
"bandit"
},
{
"category"
:
"sast"
,
"message"
:
"Use of insecure MD2, MD4, or MD5 hash function."
,
"cve"
:
"python/imports/imports-aliases.py:a7173c43ae66bd07466632d819d450e0071e02dbf782763640d1092981f9631b:B303"
,
"severity"
:
"Medium"
,
"confidence"
:
"High"
,
"scanner"
:
{
"id"
:
"bandit"
,
"name"
:
"Bandit"
},
"location"
:
{
"file"
:
"python/imports/imports-aliases.py"
,
"start_line"
:
12
,
"end_line"
:
12
},
"identifiers"
:
[
{
"type"
:
"bandit_test_id"
,
"name"
:
"Bandit Test ID B303"
,
"value"
:
"B303"
}
],
"priority"
:
"Medium"
,
"file"
:
"python/imports/imports-aliases.py"
,
"line"
:
12
,
"tool"
:
"bandit"
},
{
"category"
:
"sast"
,
"message"
:
"Use of insecure MD2, MD4, or MD5 hash function."
,
"cve"
:
"python/imports/imports-aliases.py:017017b77deb0b8369b6065947833eeea752a92ec8a700db590fece3e934cf0d:B303"
,
"severity"
:
"Medium"
,
"confidence"
:
"High"
,
"scanner"
:
{
"id"
:
"bandit"
,
"name"
:
"Bandit"
},
"location"
:
{
"file"
:
"python/imports/imports-aliases.py"
,
"start_line"
:
13
,
"end_line"
:
13
},
"identifiers"
:
[
{
"type"
:
"bandit_test_id"
,
"name"
:
"Bandit Test ID B303"
,
"value"
:
"B303"
}
],
"priority"
:
"Medium"
,
"file"
:
"python/imports/imports-aliases.py"
,
"line"
:
13
,
"tool"
:
"bandit"
},
{
"category"
:
"sast"
,
"message"
:
"Use of insecure MD2, MD4, or MD5 hash function."
,
"cve"
:
"python/imports/imports-aliases.py:45fc8c53aea7b84f06bc4e590cc667678d6073c4c8a1d471177ca2146fb22db2:B303"
,
"severity"
:
"Medium"
,
"confidence"
:
"High"
,
"scanner"
:
{
"id"
:
"bandit"
,
"name"
:
"Bandit"
},
"location"
:
{
"file"
:
"python/imports/imports-aliases.py"
,
"start_line"
:
14
,
"end_line"
:
14
},
"identifiers"
:
[
{
"type"
:
"bandit_test_id"
,
"name"
:
"Bandit Test ID B303"
,
"value"
:
"B303"
}
],
"priority"
:
"Medium"
,
"file"
:
"python/imports/imports-aliases.py"
,
"line"
:
14
,
"tool"
:
"bandit"
},
{
"category"
:
"sast"
,
"message"
:
"Pickle library appears to be in use, possible security issue."
,
"cve"
:
"python/imports/imports-aliases.py:5f200d47291e7bbd8352db23019b85453ca048dd98ea0c291260fa7d009963a4:B301"
,
"severity"
:
"Medium"
,
"confidence"
:
"High"
,
"scanner"
:
{
"id"
:
"bandit"
,
"name"
:
"Bandit"
},
"location"
:
{
"file"
:
"python/imports/imports-aliases.py"
,
"start_line"
:
15
,
"end_line"
:
15
},
"identifiers"
:
[
{
"type"
:
"bandit_test_id"
,
"name"
:
"Bandit Test ID B301"
,
"value"
:
"B301"
}
],
"priority"
:
"Medium"
,
"file"
:
"python/imports/imports-aliases.py"
,
"line"
:
15
,
"tool"
:
"bandit"
},
{
"category"
:
"sast"
,
"name"
:
"ECB mode is insecure"
,
"message"
:
"ECB mode is insecure"
,
"cve"
:
"groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:29:ECB_MODE"
,
"severity"
:
"Medium"
,
"confidence"
:
"High"
,
"scanner"
:
{
"id"
:
"find_sec_bugs"
,
"name"
:
"Find Security Bugs"
},
"location"
:
{
"file"
:
"groovy/src/main/java/com/gitlab/security_products/tests/App.groovy"
,
"start_line"
:
29
,
"end_line"
:
29
,
"class"
:
"com.gitlab.security_products.tests.App"
,
"method"
:
"insecureCypher"
},
"identifiers"
:
[
{
"type"
:
"find_sec_bugs_type"
,
"name"
:
"Find Security Bugs-ECB_MODE"
,
"value"
:
"ECB_MODE"
,
"url"
:
"https://find-sec-bugs.github.io/bugs.htm#ECB_MODE"
}
],
"priority"
:
"Medium"
,
"file"
:
"groovy/src/main/java/com/gitlab/security_products/tests/App.groovy"
,
"line"
:
29
,
"url"
:
"https://find-sec-bugs.github.io/bugs.htm#ECB_MODE"
,
"tool"
:
"find_sec_bugs"
},
{
"category"
:
"sast"
,
"name"
:
"Cipher with no integrity"
,
"message"
:
"Cipher with no integrity"
,
"cve"
:
"groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:29:CIPHER_INTEGRITY"
,
"severity"
:
"Medium"
,
"confidence"
:
"High"
,
"scanner"
:
{
"id"
:
"find_sec_bugs"
,
"name"
:
"Find Security Bugs"
},
"location"
:
{
"file"
:
"groovy/src/main/java/com/gitlab/security_products/tests/App.groovy"
,
"start_line"
:
29
,
"end_line"
:
29
,
"class"
:
"com.gitlab.security_products.tests.App"
,
"method"
:
"insecureCypher"
},
"identifiers"
:
[
{
"type"
:
"find_sec_bugs_type"
,
"name"
:
"Find Security Bugs-CIPHER_INTEGRITY"
,
"value"
:
"CIPHER_INTEGRITY"
,
"url"
:
"https://find-sec-bugs.github.io/bugs.htm#CIPHER_INTEGRITY"
}
],
"priority"
:
"Medium"
,
"file"
:
"groovy/src/main/java/com/gitlab/security_products/tests/App.groovy"
,
"line"
:
29
,
"url"
:
"https://find-sec-bugs.github.io/bugs.htm#CIPHER_INTEGRITY"
,
"tool"
:
"find_sec_bugs"
},
{
"category"
:
"sast"
,
"message"
:
"Probable insecure usage of temp file/directory."
,
"cve"
:
"python/hardcoded/hardcoded-tmp.py:63dd4d626855555b816985d82c4614a790462a0a3ada89dc58eb97f9c50f3077:B108"
,
"severity"
:
"Medium"
,
"confidence"
:
"Medium"
,
"scanner"
:
{
"id"
:
"bandit"
,
"name"
:
"Bandit"
},
"location"
:
{
"file"
:
"python/hardcoded/hardcoded-tmp.py"
,
"start_line"
:
14
,
"end_line"
:
14
},
"identifiers"
:
[
{
"type"
:
"bandit_test_id"
,
"name"
:
"Bandit Test ID B108"
,
"value"
:
"B108"
,
"url"
:
"https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html"
}
],
"priority"
:
"Medium"
,
"file"
:
"python/hardcoded/hardcoded-tmp.py"
,
"line"
:
14
,
"url"
:
"https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html"
,
"tool"
:
"bandit"
},
{
"category"
:
"sast"
,
"message"
:
"Probable insecure usage of temp file/directory."
,
"cve"
:
"python/hardcoded/hardcoded-tmp.py:4ad6d4c40a8c263fc265f3384724014e0a4f8dd6200af83e51ff120420038031:B108"
,
"severity"
:
"Medium"
,
"confidence"
:
"Medium"
,
"scanner"
:
{
"id"
:
"bandit"
,
"name"
:
"Bandit"
},
"location"
:
{
"file"
:
"python/hardcoded/hardcoded-tmp.py"
,
"start_line"
:
10
,
"end_line"
:
10
},
"identifiers"
:
[
{
"type"
:
"bandit_test_id"
,
"name"
:
"Bandit Test ID B108"
,
"value"
:
"B108"
,
"url"
:
"https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html"
}
],
"priority"
:
"Medium"
,
"file"
:
"python/hardcoded/hardcoded-tmp.py"
,
"line"
:
10
,
"url"
:
"https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html"
,
"tool"
:
"bandit"
},
{
"category"
:
"sast"
,
"message"
:
"Consider possible security implications associated with Popen module."
,
"cve"
:
"python/imports/imports-aliases.py:2c3e1fa1e54c3c6646e8bcfaee2518153c6799b77587ff8d9a7b0631f6d34785:B404"
,
"severity"
:
"Low"
,
"confidence"
:
"High"
,
"scanner"
:
{
"id"
:
"bandit"
,
"name"
:
"Bandit"
},
"location"
:
{
"file"
:
"python/imports/imports-aliases.py"
,
"start_line"
:
1
,
"end_line"
:
1
},
"identifiers"
:
[
{
"type"
:
"bandit_test_id"
,
"name"
:
"Bandit Test ID B404"
,
"value"
:
"B404"
}
],
"priority"
:
"Low"
,
"file"
:
"python/imports/imports-aliases.py"
,
"line"
:
1
,
"tool"
:
"bandit"
},
{
"category"
:
"sast"
,
"message"
:
"Consider possible security implications associated with pickle module."
,
"cve"
:
"python/imports/imports.py:af58d07f6ad519ef5287fcae65bf1a6999448a1a3a8bc1ac2a11daa80d0b96bf:B403"
,
"severity"
:
"Low"
,
"confidence"
:
"High"
,
"scanner"
:
{
"id"
:
"bandit"
,
"name"
:
"Bandit"
},
"location"
:
{
"file"
:
"python/imports/imports.py"
,
"start_line"
:
2
,
"end_line"
:
2
},
"identifiers"
:
[
{
"type"
:
"bandit_test_id"
,
"name"
:
"Bandit Test ID B403"
,
"value"
:
"B403"
}
],
"priority"
:
"Low"
,
"file"
:
"python/imports/imports.py"
,
"line"
:
2
,
"tool"
:
"bandit"
},
{
"category"
:
"sast"
,
"message"
:
"Consider possible security implications associated with subprocess module."
,
"cve"
:
"python/imports/imports.py:8de9bc98029d212db530785a5f6780cfa663548746ff228ab8fa96c5bb82f089:B404"
,
"severity"
:
"Low"
,
"confidence"
:
"High"
,
"scanner"
:
{
"id"
:
"bandit"
,
"name"
:
"Bandit"
},
"location"
:
{
"file"
:
"python/imports/imports.py"
,
"start_line"
:
4
,
"end_line"
:
4
},
"identifiers"
:
[
{
"type"
:
"bandit_test_id"
,
"name"
:
"Bandit Test ID B404"
,
"value"
:
"B404"
}
],
"priority"
:
"Low"
,
"file"
:
"python/imports/imports.py"
,
"line"
:
4
,
"tool"
:
"bandit"
},
{
"category"
:
"sast"
,
"message"
:
"Possible hardcoded password: 'blerg'"
,
"cve"
:
"python/hardcoded/hardcoded-passwords.py:97c30f1d76d2a88913e3ce9ae74087874d740f87de8af697a9c455f01119f633:B106"
,
"severity"
:
"Low"
,
"confidence"
:
"Medium"
,
"scanner"
:
{
"id"
:
"bandit"
,
"name"
:
"Bandit"
},
"location"
:
{
"file"
:
"python/hardcoded/hardcoded-passwords.py"
,
"start_line"
:
22
,
"end_line"
:
22
},
"identifiers"
:
[
{
"type"
:
"bandit_test_id"
,
"name"
:
"Bandit Test ID B106"
,
"value"
:
"B106"
,
"url"
:
"https://docs.openstack.org/bandit/latest/plugins/b106_hardcoded_password_funcarg.html"
}
],
"priority"
:
"Low"
,
"file"
:
"python/hardcoded/hardcoded-passwords.py"
,
"line"
:
22
,
"url"
:
"https://docs.openstack.org/bandit/latest/plugins/b106_hardcoded_password_funcarg.html"
,
"tool"
:
"bandit"
},
{
"category"
:
"sast"
,
"message"
:
"Possible hardcoded password: 'root'"
,
"cve"
:
"python/hardcoded/hardcoded-passwords.py:7431c73a0bc16d94ece2a2e75ef38f302574d42c37ac0c3c38ad0b3bf8a59f10:B105"
,
"severity"
:
"Low"
,
"confidence"
:
"Medium"
,
"scanner"
:
{
"id"
:
"bandit"
,
"name"
:
"Bandit"
},
"location"
:
{
"file"
:
"python/hardcoded/hardcoded-passwords.py"
,
"start_line"
:
5
,
"end_line"
:
5
},
"identifiers"
:
[
{
"type"
:
"bandit_test_id"
,
"name"
:
"Bandit Test ID B105"
,
"value"
:
"B105"
,
"url"
:
"https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
}
],
"priority"
:
"Low"
,
"file"
:
"python/hardcoded/hardcoded-passwords.py"
,
"line"
:
5
,
"url"
:
"https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
,
"tool"
:
"bandit"
},
{
"category"
:
"sast"
,
"message"
:
"Possible hardcoded password: ''"
,
"cve"
:
"python/hardcoded/hardcoded-passwords.py:d2d1857c27caedd49c57bfbcdc23afcc92bd66a22701fcdc632869aab4ca73ee:B105"
,
"severity"
:
"Low"
,
"confidence"
:
"Medium"
,
"scanner"
:
{
"id"
:
"bandit"
,
"name"
:
"Bandit"
},
"location"
:
{
"file"
:
"python/hardcoded/hardcoded-passwords.py"
,
"start_line"
:
9
,
"end_line"
:
9
},
"identifiers"
:
[
{
"type"
:
"bandit_test_id"
,
"name"
:
"Bandit Test ID B105"
,
"value"
:
"B105"
,
"url"
:
"https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
}
],
"priority"
:
"Low"
,
"file"
:
"python/hardcoded/hardcoded-passwords.py"
,
"line"
:
9
,
"url"
:
"https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
,
"tool"
:
"bandit"
},
{
"category"
:
"sast"
,
"message"
:
"Possible hardcoded password: 'ajklawejrkl42348swfgkg'"
,
"cve"
:
"python/hardcoded/hardcoded-passwords.py:fb3866215a61393a5c9c32a3b60e2058171a23219c353f722cbd3567acab21d2:B105"
,
"severity"
:
"Low"
,
"confidence"
:
"Medium"
,
"scanner"
:
{
"id"
:
"bandit"
,
"name"
:
"Bandit"
},
"location"
:
{
"file"
:
"python/hardcoded/hardcoded-passwords.py"
,
"start_line"
:
13
,
"end_line"
:
13
},
"identifiers"
:
[
{
"type"
:
"bandit_test_id"
,
"name"
:
"Bandit Test ID B105"
,
"value"
:
"B105"
,
"url"
:
"https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
}
],
"priority"
:
"Low"
,
"file"
:
"python/hardcoded/hardcoded-passwords.py"
,
"line"
:
13
,
"url"
:
"https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
,
"tool"
:
"bandit"
},
{
"category"
:
"sast"
,
"message"
:
"Possible hardcoded password: 'blerg'"
,
"cve"
:
"python/hardcoded/hardcoded-passwords.py:63c62a8b7e1e5224439bd26b28030585ac48741e28ca64561a6071080c560a5f:B105"
,
"severity"
:
"Low"
,
"confidence"
:
"Medium"
,
"scanner"
:
{
"id"
:
"bandit"
,
"name"
:
"Bandit"
},
"location"
:
{
"file"
:
"python/hardcoded/hardcoded-passwords.py"
,
"start_line"
:
23
,
"end_line"
:
23
},
"identifiers"
:
[
{
"type"
:
"bandit_test_id"
,
"name"
:
"Bandit Test ID B105"
,
"value"
:
"B105"
,
"url"
:
"https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
}
],
"priority"
:
"Low"
,
"file"
:
"python/hardcoded/hardcoded-passwords.py"
,
"line"
:
23
,
"url"
:
"https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
,
"tool"
:
"bandit"
},
{
"category"
:
"sast"
,
"message"
:
"Possible hardcoded password: 'blerg'"
,
"cve"
:
"python/hardcoded/hardcoded-passwords.py:4311b06d08df8fa58229b341c531da8e1a31ec4520597bdff920cd5c098d86f9:B105"
,
"severity"
:
"Low"
,
"confidence"
:
"Medium"
,
"scanner"
:
{
"id"
:
"bandit"
,
"name"
:
"Bandit"
},
"location"
:
{
"file"
:
"python/hardcoded/hardcoded-passwords.py"
,
"start_line"
:
24
,
"end_line"
:
24
},
"identifiers"
:
[
{
"type"
:
"bandit_test_id"
,
"name"
:
"Bandit Test ID B105"
,
"value"
:
"B105"
,
"url"
:
"https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
}
],
"priority"
:
"Low"
,
"file"
:
"python/hardcoded/hardcoded-passwords.py"
,
"line"
:
24
,
"url"
:
"https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
,
"tool"
:
"bandit"
},
{
"category"
:
"sast"
,
"message"
:
"Consider possible security implications associated with subprocess module."
,
"cve"
:
"python/imports/imports-function.py:5858400c2f39047787702de44d03361ef8d954c9d14bd54ee1c2bef9e6a7df93:B404"
,
"severity"
:
"Low"
,
"confidence"
:
"High"
,
"scanner"
:
{
"id"
:
"bandit"
,
"name"
:
"Bandit"
},
"location"
:
{
"file"
:
"python/imports/imports-function.py"
,
"start_line"
:
4
,
"end_line"
:
4
},
"identifiers"
:
[
{
"type"
:
"bandit_test_id"
,
"name"
:
"Bandit Test ID B404"
,
"value"
:
"B404"
}
],
"priority"
:
"Low"
,
"file"
:
"python/imports/imports-function.py"
,
"line"
:
4
,
"tool"
:
"bandit"
},
{
"category"
:
"sast"
,
"message"
:
"Consider possible security implications associated with pickle module."
,
"cve"
:
"python/imports/imports-function.py:dbda3cf4190279d30e0aad7dd137eca11272b0b225e8af4e8bf39682da67d956:B403"
,
"severity"
:
"Low"
,
"confidence"
:
"High"
,
"scanner"
:
{
"id"
:
"bandit"
,
"name"
:
"Bandit"
},
"location"
:
{
"file"
:
"python/imports/imports-function.py"
,
"start_line"
:
2
,
"end_line"
:
2
},
"identifiers"
:
[
{
"type"
:
"bandit_test_id"
,
"name"
:
"Bandit Test ID B403"
,
"value"
:
"B403"
}
],
"priority"
:
"Low"
,
"file"
:
"python/imports/imports-function.py"
,
"line"
:
2
,
"tool"
:
"bandit"
},
{
"category"
:
"sast"
,
"message"
:
"Consider possible security implications associated with Popen module."
,
"cve"
:
"python/imports/imports-from.py:eb8a0db9cd1a8c1ab39a77e6025021b1261cc2a0b026b2f4a11fca4e0636d8dd:B404"
,
"severity"
:
"Low"
,
"confidence"
:
"High"
,
"scanner"
:
{
"id"
:
"bandit"
,
"name"
:
"Bandit"
},
"location"
:
{
"file"
:
"python/imports/imports-from.py"
,
"start_line"
:
7
,
"end_line"
:
7
},
"identifiers"
:
[
{
"type"
:
"bandit_test_id"
,
"name"
:
"Bandit Test ID B404"
,
"value"
:
"B404"
}
],
"priority"
:
"Low"
,
"file"
:
"python/imports/imports-from.py"
,
"line"
:
7
,
"tool"
:
"bandit"
},
{
"category"
:
"sast"
,
"message"
:
"subprocess call with shell=True seems safe, but may be changed in the future, consider rewriting without shell"
,
"cve"
:
"python/imports/imports-aliases.py:f99f9721e27537fbcb6699a4cf39c6740d6234d2c6f06cfc2d9ea977313c483d:B602"
,
"severity"
:
"Low"
,
"confidence"
:
"High"
,
"scanner"
:
{
"id"
:
"bandit"
,
"name"
:
"Bandit"
},
"location"
:
{
"file"
:
"python/imports/imports-aliases.py"
,
"start_line"
:
9
,
"end_line"
:
9
},
"identifiers"
:
[
{
"type"
:
"bandit_test_id"
,
"name"
:
"Bandit Test ID B602"
,
"value"
:
"B602"
,
"url"
:
"https://docs.openstack.org/bandit/latest/plugins/b602_subprocess_popen_with_shell_equals_true.html"
}
],
"priority"
:
"Low"
,
"file"
:
"python/imports/imports-aliases.py"
,
"line"
:
9
,
"url"
:
"https://docs.openstack.org/bandit/latest/plugins/b602_subprocess_popen_with_shell_equals_true.html"
,
"tool"
:
"bandit"
},
{
"category"
:
"sast"
,
"message"
:
"Consider possible security implications associated with subprocess module."
,
"cve"
:
"python/imports/imports-from.py:332a12ab1146698f614a905ce6a6a5401497a12281aef200e80522711c69dcf4:B404"
,
"severity"
:
"Low"
,
"confidence"
:
"High"
,
"scanner"
:
{
"id"
:
"bandit"
,
"name"
:
"Bandit"
},
"location"
:
{
"file"
:
"python/imports/imports-from.py"
,
"start_line"
:
6
,
"end_line"
:
6
},
"identifiers"
:
[
{
"type"
:
"bandit_test_id"
,
"name"
:
"Bandit Test ID B404"
,
"value"
:
"B404"
}
],
"priority"
:
"Low"
,
"file"
:
"python/imports/imports-from.py"
,
"line"
:
6
,
"tool"
:
"bandit"
},
{
"category"
:
"sast"
,
"message"
:
"Consider possible security implications associated with Popen module."
,
"cve"
:
"python/imports/imports-from.py:0a48de4a3d5348853a03666cb574697e3982998355e7a095a798bd02a5947276:B404"
,
"severity"
:
"Low"
,
"confidence"
:
"High"
,
"scanner"
:
{
"id"
:
"bandit"
,
"name"
:
"Bandit"
},
"location"
:
{
"file"
:
"python/imports/imports-from.py"
,
"start_line"
:
1
,
"end_line"
:
2
},
"identifiers"
:
[
{
"type"
:
"bandit_test_id"
,
"name"
:
"Bandit Test ID B404"
,
"value"
:
"B404"
}
],
"priority"
:
"Low"
,
"file"
:
"python/imports/imports-from.py"
,
"line"
:
1
,
"tool"
:
"bandit"
},
{
"category"
:
"sast"
,
"message"
:
"Consider possible security implications associated with pickle module."
,
"cve"
:
"python/imports/imports-aliases.py:51b71661dff994bde3529639a727a678c8f5c4c96f00d300913f6d5be1bbdf26:B403"
,
"severity"
:
"Low"
,
"confidence"
:
"High"
,
"scanner"
:
{
"id"
:
"bandit"
,
"name"
:
"Bandit"
},
"location"
:
{
"file"
:
"python/imports/imports-aliases.py"
,
"start_line"
:
7
,
"end_line"
:
8
},
"identifiers"
:
[
{
"type"
:
"bandit_test_id"
,
"name"
:
"Bandit Test ID B403"
,
"value"
:
"B403"
}
],
"priority"
:
"Low"
,
"file"
:
"python/imports/imports-aliases.py"
,
"line"
:
7
,
"tool"
:
"bandit"
},
{
"category"
:
"sast"
,
"message"
:
"Consider possible security implications associated with loads module."
,
"cve"
:
"python/imports/imports-aliases.py:6ff02aeb3149c01ab68484d794a94f58d5d3e3bb0d58557ef4153644ea68ea54:B403"
,
"severity"
:
"Low"
,
"confidence"
:
"High"
,
"scanner"
:
{
"id"
:
"bandit"
,
"name"
:
"Bandit"
},
"location"
:
{
"file"
:
"python/imports/imports-aliases.py"
,
"start_line"
:
6
,
"end_line"
:
6
},
"identifiers"
:
[
{
"type"
:
"bandit_test_id"
,
"name"
:
"Bandit Test ID B403"
,
"value"
:
"B403"
}
],
"priority"
:
"Low"
,
"file"
:
"python/imports/imports-aliases.py"
,
"line"
:
6
,
"tool"
:
"bandit"
},
{
"category"
:
"sast"
,
"message"
:
"Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120)"
,
"cve"
:
"c/subdir/utils.c:b466873101951fe96e1332f6728eb7010acbbd5dfc3b65d7d53571d091a06d9e:CWE-119!/CWE-120"
,
"confidence"
:
"Low"
,
"solution"
:
"Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length"
,
"scanner"
:
{
"id"
:
"flawfinder"
,
"name"
:
"Flawfinder"
},
"location"
:
{
"file"
:
"c/subdir/utils.c"
,
"start_line"
:
4
},
"identifiers"
:
[
{
"type"
:
"flawfinder_func_name"
,
"name"
:
"Flawfinder - char"
,
"value"
:
"char"
},
{
"type"
:
"cwe"
,
"name"
:
"CWE-119"
,
"value"
:
"119"
,
"url"
:
"https://cwe.mitre.org/data/definitions/119.html"
},
{
"type"
:
"cwe"
,
"name"
:
"CWE-120"
,
"value"
:
"120"
,
"url"
:
"https://cwe.mitre.org/data/definitions/120.html"
}
],
"file"
:
"c/subdir/utils.c"
,
"line"
:
4
,
"url"
:
"https://cwe.mitre.org/data/definitions/119.html"
,
"tool"
:
"flawfinder"
},
{
"category"
:
"sast"
,
"message"
:
"Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362)"
,
"cve"
:
"c/subdir/utils.c:bab681140fcc8fc3085b6bba74081b44ea145c1c98b5e70cf19ace2417d30770:CWE-362"
,
"confidence"
:
"Low"
,
"scanner"
:
{
"id"
:
"flawfinder"
,
"name"
:
"Flawfinder"
},
"location"
:
{
"file"
:
"c/subdir/utils.c"
,
"start_line"
:
8
},
"identifiers"
:
[
{
"type"
:
"flawfinder_func_name"
,
"name"
:
"Flawfinder - fopen"
,
"value"
:
"fopen"
},
{
"type"
:
"cwe"
,
"name"
:
"CWE-362"
,
"value"
:
"362"
,
"url"
:
"https://cwe.mitre.org/data/definitions/362.html"
}
],
"file"
:
"c/subdir/utils.c"
,
"line"
:
8
,
"url"
:
"https://cwe.mitre.org/data/definitions/362.html"
,
"tool"
:
"flawfinder"
},
{
"category"
:
"sast"
,
"message"
:
"Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120)"
,
"cve"
:
"cplusplus/src/hello.cpp:c8c6dd0afdae6814194cf0930b719f757ab7b379cf8f261e7f4f9f2f323a818a:CWE-119!/CWE-120"
,
"confidence"
:
"Low"
,
"solution"
:
"Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length"
,
"scanner"
:
{
"id"
:
"flawfinder"
,
"name"
:
"Flawfinder"
},
"location"
:
{
"file"
:
"cplusplus/src/hello.cpp"
,
"start_line"
:
6
},
"identifiers"
:
[
{
"type"
:
"flawfinder_func_name"
,
"name"
:
"Flawfinder - char"
,
"value"
:
"char"
},
{
"type"
:
"cwe"
,
"name"
:
"CWE-119"
,
"value"
:
"119"
,
"url"
:
"https://cwe.mitre.org/data/definitions/119.html"
},
{
"type"
:
"cwe"
,
"name"
:
"CWE-120"
,
"value"
:
"120"
,
"url"
:
"https://cwe.mitre.org/data/definitions/120.html"
}
],
"file"
:
"cplusplus/src/hello.cpp"
,
"line"
:
6
,
"url"
:
"https://cwe.mitre.org/data/definitions/119.html"
,
"tool"
:
"flawfinder"
},
{
"category"
:
"sast"
,
"message"
:
"Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120)"
,
"cve"
:
"cplusplus/src/hello.cpp:331c04062c4fe0c7c486f66f59e82ad146ab33cdd76ae757ca41f392d568cbd0:CWE-120"
,
"confidence"
:
"Low"
,
"solution"
:
"Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)"
,
"scanner"
:
{
"id"
:
"flawfinder"
,
"name"
:
"Flawfinder"
},
"location"
:
{
"file"
:
"cplusplus/src/hello.cpp"
,
"start_line"
:
7
},
"identifiers"
:
[
{
"type"
:
"flawfinder_func_name"
,
"name"
:
"Flawfinder - strcpy"
,
"value"
:
"strcpy"
},
{
"type"
:
"cwe"
,
"name"
:
"CWE-120"
,
"value"
:
"120"
,
"url"
:
"https://cwe.mitre.org/data/definitions/120.html"
}
],
"file"
:
"cplusplus/src/hello.cpp"
,
"line"
:
7
,
"url"
:
"https://cwe.mitre.org/data/definitions/120.html"
,
"tool"
:
"flawfinder"
}
]
}
qa/qa/specs/features/ee/browser_ui/secure/create_merge_request_with_secure_spec.rb
View file @
a62dc11a
...
@@ -5,7 +5,7 @@ require 'pathname'
...
@@ -5,7 +5,7 @@ require 'pathname'
module
QA
module
QA
context
'Secure'
,
:docker
do
context
'Secure'
,
:docker
do
describe
'Security Reports in a Merge Request'
do
describe
'Security Reports in a Merge Request'
do
let
(
:total_vuln_count
)
{
12
}
let
(
:total_vuln_count
)
{
45
}
after
do
after
do
Service
::
Runner
.
new
(
@executor
).
remove!
Service
::
Runner
.
new
(
@executor
).
remove!
...
...
qa/qa/specs/features/ee/browser_ui/secure/security_reports_spec.rb
View file @
a62dc11a
...
@@ -10,6 +10,8 @@ module QA
...
@@ -10,6 +10,8 @@ module QA
let
(
:dependency_scan_example_vuln
)
{
'jQuery before 3.4.0'
}
let
(
:dependency_scan_example_vuln
)
{
'jQuery before 3.4.0'
}
let
(
:container_scan_vuln_count
)
{
8
}
let
(
:container_scan_vuln_count
)
{
8
}
let
(
:container_scan_example_vuln
)
{
'CVE-2017-18269 in glibc'
}
let
(
:container_scan_example_vuln
)
{
'CVE-2017-18269 in glibc'
}
let
(
:sast_scan_vuln_count
)
{
33
}
let
(
:sast_scan_example_vuln
)
{
'Cipher with no integrity'
}
describe
'Security Reports'
do
describe
'Security Reports'
do
after
do
after
do
...
@@ -64,6 +66,11 @@ module QA
...
@@ -64,6 +66,11 @@ module QA
expect
(
pipeline
).
to
have_vulnerability_count_of
container_scan_vuln_count
expect
(
pipeline
).
to
have_vulnerability_count_of
container_scan_vuln_count
expect
(
pipeline
).
to
have_content
container_scan_example_vuln
expect
(
pipeline
).
to
have_content
container_scan_example_vuln
end
end
filter_report_and_perform
(
pipeline
,
"SAST"
)
do
expect
(
pipeline
).
to
have_vulnerability_count_of
sast_scan_vuln_count
expect
(
pipeline
).
to
have_content
sast_scan_example_vuln
end
end
end
end
end
...
@@ -79,6 +86,10 @@ module QA
...
@@ -79,6 +86,10 @@ module QA
filter_report_and_perform
(
dashboard
,
"Container Scanning"
)
do
filter_report_and_perform
(
dashboard
,
"Container Scanning"
)
do
expect
(
dashboard
).
to
have_low_vulnerability_count_of
2
expect
(
dashboard
).
to
have_low_vulnerability_count_of
2
end
end
filter_report_and_perform
(
dashboard
,
"SAST"
)
do
expect
(
dashboard
).
to
have_low_vulnerability_count_of
17
end
end
end
end
end
...
@@ -99,6 +110,10 @@ module QA
...
@@ -99,6 +110,10 @@ module QA
filter_report_and_perform
(
dashboard
,
"Container Scanning"
)
do
filter_report_and_perform
(
dashboard
,
"Container Scanning"
)
do
expect
(
dashboard
).
to
have_content
container_scan_example_vuln
expect
(
dashboard
).
to
have_content
container_scan_example_vuln
end
end
filter_report_and_perform
(
dashboard
,
"SAST"
)
do
expect
(
dashboard
).
to
have_content
sast_scan_example_vuln
end
end
end
end
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment