Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
d0d7a49c
Commit
d0d7a49c
authored
Dec 19, 2019
by
Aleksandr Soborov
Committed by
Ramya Authappan
Dec 19, 2019
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Trim length of E2E SAST report fixture
parent
92430659
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
1 addition
and
816 deletions
+1
-816
qa/qa/ee/fixtures/secure_premade_reports/gl-sast-report.json
qa/qa/ee/fixtures/secure_premade_reports/gl-sast-report.json
+0
-815
qa/qa/specs/features/ee/browser_ui/secure/create_merge_request_with_secure_spec.rb
...rowser_ui/secure/create_merge_request_with_secure_spec.rb
+1
-1
No files found.
qa/qa/ee/fixtures/secure_premade_reports/gl-sast-report.json
View file @
d0d7a49c
...
@@ -62,92 +62,6 @@
...
@@ -62,92 +62,6 @@
"url"
:
"https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM"
,
"url"
:
"https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM"
,
"tool"
:
"find_sec_bugs"
"tool"
:
"find_sec_bugs"
},
},
{
"category"
:
"sast"
,
"name"
:
"Predictable pseudorandom number generator"
,
"message"
:
"Predictable pseudorandom number generator"
,
"cve"
:
"groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:41:PREDICTABLE_RANDOM"
,
"severity"
:
"Medium"
,
"confidence"
:
"Medium"
,
"scanner"
:
{
"id"
:
"find_sec_bugs"
,
"name"
:
"Find Security Bugs"
},
"location"
:
{
"file"
:
"groovy/src/main/java/com/gitlab/security_products/tests/App.groovy"
,
"start_line"
:
41
,
"end_line"
:
41
,
"class"
:
"com.gitlab.security_products.tests.App"
,
"method"
:
"generateSecretToken1"
},
"identifiers"
:
[
{
"type"
:
"find_sec_bugs_type"
,
"name"
:
"Find Security Bugs-PREDICTABLE_RANDOM"
,
"value"
:
"PREDICTABLE_RANDOM"
,
"url"
:
"https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM"
}
],
"priority"
:
"Medium"
,
"file"
:
"groovy/src/main/java/com/gitlab/security_products/tests/App.groovy"
,
"line"
:
41
,
"url"
:
"https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM"
,
"tool"
:
"find_sec_bugs"
},
{
"category"
:
"sast"
,
"message"
:
"Use of insecure MD2, MD4, or MD5 hash function."
,
"cve"
:
"python/imports/imports-aliases.py:cb203b465dffb0cb3a8e8bd8910b84b93b0a5995a938e4b903dbb0cd6ffa1254:B303"
,
"severity"
:
"Medium"
,
"confidence"
:
"High"
,
"scanner"
:
{
"id"
:
"bandit"
,
"name"
:
"Bandit"
},
"location"
:
{
"file"
:
"python/imports/imports-aliases.py"
,
"start_line"
:
11
,
"end_line"
:
11
},
"identifiers"
:
[
{
"type"
:
"bandit_test_id"
,
"name"
:
"Bandit Test ID B303"
,
"value"
:
"B303"
}
],
"priority"
:
"Medium"
,
"file"
:
"python/imports/imports-aliases.py"
,
"line"
:
11
,
"tool"
:
"bandit"
},
{
"category"
:
"sast"
,
"message"
:
"Use of insecure MD2, MD4, or MD5 hash function."
,
"cve"
:
"python/imports/imports-aliases.py:a7173c43ae66bd07466632d819d450e0071e02dbf782763640d1092981f9631b:B303"
,
"severity"
:
"Medium"
,
"confidence"
:
"High"
,
"scanner"
:
{
"id"
:
"bandit"
,
"name"
:
"Bandit"
},
"location"
:
{
"file"
:
"python/imports/imports-aliases.py"
,
"start_line"
:
12
,
"end_line"
:
12
},
"identifiers"
:
[
{
"type"
:
"bandit_test_id"
,
"name"
:
"Bandit Test ID B303"
,
"value"
:
"B303"
}
],
"priority"
:
"Medium"
,
"file"
:
"python/imports/imports-aliases.py"
,
"line"
:
12
,
"tool"
:
"bandit"
},
{
{
"category"
:
"sast"
,
"category"
:
"sast"
,
"message"
:
"Use of insecure MD2, MD4, or MD5 hash function."
,
"message"
:
"Use of insecure MD2, MD4, or MD5 hash function."
,
...
@@ -175,33 +89,6 @@
...
@@ -175,33 +89,6 @@
"line"
:
13
,
"line"
:
13
,
"tool"
:
"bandit"
"tool"
:
"bandit"
},
},
{
"category"
:
"sast"
,
"message"
:
"Use of insecure MD2, MD4, or MD5 hash function."
,
"cve"
:
"python/imports/imports-aliases.py:45fc8c53aea7b84f06bc4e590cc667678d6073c4c8a1d471177ca2146fb22db2:B303"
,
"severity"
:
"Medium"
,
"confidence"
:
"High"
,
"scanner"
:
{
"id"
:
"bandit"
,
"name"
:
"Bandit"
},
"location"
:
{
"file"
:
"python/imports/imports-aliases.py"
,
"start_line"
:
14
,
"end_line"
:
14
},
"identifiers"
:
[
{
"type"
:
"bandit_test_id"
,
"name"
:
"Bandit Test ID B303"
,
"value"
:
"B303"
}
],
"priority"
:
"Medium"
,
"file"
:
"python/imports/imports-aliases.py"
,
"line"
:
14
,
"tool"
:
"bandit"
},
{
{
"category"
:
"sast"
,
"category"
:
"sast"
,
"message"
:
"Pickle library appears to be in use, possible security issue."
,
"message"
:
"Pickle library appears to be in use, possible security issue."
,
...
@@ -229,38 +116,6 @@
...
@@ -229,38 +116,6 @@
"line"
:
15
,
"line"
:
15
,
"tool"
:
"bandit"
"tool"
:
"bandit"
},
},
{
"category"
:
"sast"
,
"name"
:
"ECB mode is insecure"
,
"message"
:
"ECB mode is insecure"
,
"cve"
:
"groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:29:ECB_MODE"
,
"severity"
:
"Medium"
,
"confidence"
:
"High"
,
"scanner"
:
{
"id"
:
"find_sec_bugs"
,
"name"
:
"Find Security Bugs"
},
"location"
:
{
"file"
:
"groovy/src/main/java/com/gitlab/security_products/tests/App.groovy"
,
"start_line"
:
29
,
"end_line"
:
29
,
"class"
:
"com.gitlab.security_products.tests.App"
,
"method"
:
"insecureCypher"
},
"identifiers"
:
[
{
"type"
:
"find_sec_bugs_type"
,
"name"
:
"Find Security Bugs-ECB_MODE"
,
"value"
:
"ECB_MODE"
,
"url"
:
"https://find-sec-bugs.github.io/bugs.htm#ECB_MODE"
}
],
"priority"
:
"Medium"
,
"file"
:
"groovy/src/main/java/com/gitlab/security_products/tests/App.groovy"
,
"line"
:
29
,
"url"
:
"https://find-sec-bugs.github.io/bugs.htm#ECB_MODE"
,
"tool"
:
"find_sec_bugs"
},
{
{
"category"
:
"sast"
,
"category"
:
"sast"
,
"name"
:
"Cipher with no integrity"
,
"name"
:
"Cipher with no integrity"
,
...
@@ -292,676 +147,6 @@
...
@@ -292,676 +147,6 @@
"line"
:
29
,
"line"
:
29
,
"url"
:
"https://find-sec-bugs.github.io/bugs.htm#CIPHER_INTEGRITY"
,
"url"
:
"https://find-sec-bugs.github.io/bugs.htm#CIPHER_INTEGRITY"
,
"tool"
:
"find_sec_bugs"
"tool"
:
"find_sec_bugs"
},
{
"category"
:
"sast"
,
"message"
:
"Probable insecure usage of temp file/directory."
,
"cve"
:
"python/hardcoded/hardcoded-tmp.py:63dd4d626855555b816985d82c4614a790462a0a3ada89dc58eb97f9c50f3077:B108"
,
"severity"
:
"Medium"
,
"confidence"
:
"Medium"
,
"scanner"
:
{
"id"
:
"bandit"
,
"name"
:
"Bandit"
},
"location"
:
{
"file"
:
"python/hardcoded/hardcoded-tmp.py"
,
"start_line"
:
14
,
"end_line"
:
14
},
"identifiers"
:
[
{
"type"
:
"bandit_test_id"
,
"name"
:
"Bandit Test ID B108"
,
"value"
:
"B108"
,
"url"
:
"https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html"
}
],
"priority"
:
"Medium"
,
"file"
:
"python/hardcoded/hardcoded-tmp.py"
,
"line"
:
14
,
"url"
:
"https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html"
,
"tool"
:
"bandit"
},
{
"category"
:
"sast"
,
"message"
:
"Probable insecure usage of temp file/directory."
,
"cve"
:
"python/hardcoded/hardcoded-tmp.py:4ad6d4c40a8c263fc265f3384724014e0a4f8dd6200af83e51ff120420038031:B108"
,
"severity"
:
"Medium"
,
"confidence"
:
"Medium"
,
"scanner"
:
{
"id"
:
"bandit"
,
"name"
:
"Bandit"
},
"location"
:
{
"file"
:
"python/hardcoded/hardcoded-tmp.py"
,
"start_line"
:
10
,
"end_line"
:
10
},
"identifiers"
:
[
{
"type"
:
"bandit_test_id"
,
"name"
:
"Bandit Test ID B108"
,
"value"
:
"B108"
,
"url"
:
"https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html"
}
],
"priority"
:
"Medium"
,
"file"
:
"python/hardcoded/hardcoded-tmp.py"
,
"line"
:
10
,
"url"
:
"https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html"
,
"tool"
:
"bandit"
},
{
"category"
:
"sast"
,
"message"
:
"Consider possible security implications associated with Popen module."
,
"cve"
:
"python/imports/imports-aliases.py:2c3e1fa1e54c3c6646e8bcfaee2518153c6799b77587ff8d9a7b0631f6d34785:B404"
,
"severity"
:
"Low"
,
"confidence"
:
"High"
,
"scanner"
:
{
"id"
:
"bandit"
,
"name"
:
"Bandit"
},
"location"
:
{
"file"
:
"python/imports/imports-aliases.py"
,
"start_line"
:
1
,
"end_line"
:
1
},
"identifiers"
:
[
{
"type"
:
"bandit_test_id"
,
"name"
:
"Bandit Test ID B404"
,
"value"
:
"B404"
}
],
"priority"
:
"Low"
,
"file"
:
"python/imports/imports-aliases.py"
,
"line"
:
1
,
"tool"
:
"bandit"
},
{
"category"
:
"sast"
,
"message"
:
"Consider possible security implications associated with pickle module."
,
"cve"
:
"python/imports/imports.py:af58d07f6ad519ef5287fcae65bf1a6999448a1a3a8bc1ac2a11daa80d0b96bf:B403"
,
"severity"
:
"Low"
,
"confidence"
:
"High"
,
"scanner"
:
{
"id"
:
"bandit"
,
"name"
:
"Bandit"
},
"location"
:
{
"file"
:
"python/imports/imports.py"
,
"start_line"
:
2
,
"end_line"
:
2
},
"identifiers"
:
[
{
"type"
:
"bandit_test_id"
,
"name"
:
"Bandit Test ID B403"
,
"value"
:
"B403"
}
],
"priority"
:
"Low"
,
"file"
:
"python/imports/imports.py"
,
"line"
:
2
,
"tool"
:
"bandit"
},
{
"category"
:
"sast"
,
"message"
:
"Consider possible security implications associated with subprocess module."
,
"cve"
:
"python/imports/imports.py:8de9bc98029d212db530785a5f6780cfa663548746ff228ab8fa96c5bb82f089:B404"
,
"severity"
:
"Low"
,
"confidence"
:
"High"
,
"scanner"
:
{
"id"
:
"bandit"
,
"name"
:
"Bandit"
},
"location"
:
{
"file"
:
"python/imports/imports.py"
,
"start_line"
:
4
,
"end_line"
:
4
},
"identifiers"
:
[
{
"type"
:
"bandit_test_id"
,
"name"
:
"Bandit Test ID B404"
,
"value"
:
"B404"
}
],
"priority"
:
"Low"
,
"file"
:
"python/imports/imports.py"
,
"line"
:
4
,
"tool"
:
"bandit"
},
{
"category"
:
"sast"
,
"message"
:
"Possible hardcoded password: 'blerg'"
,
"cve"
:
"python/hardcoded/hardcoded-passwords.py:97c30f1d76d2a88913e3ce9ae74087874d740f87de8af697a9c455f01119f633:B106"
,
"severity"
:
"Low"
,
"confidence"
:
"Medium"
,
"scanner"
:
{
"id"
:
"bandit"
,
"name"
:
"Bandit"
},
"location"
:
{
"file"
:
"python/hardcoded/hardcoded-passwords.py"
,
"start_line"
:
22
,
"end_line"
:
22
},
"identifiers"
:
[
{
"type"
:
"bandit_test_id"
,
"name"
:
"Bandit Test ID B106"
,
"value"
:
"B106"
,
"url"
:
"https://docs.openstack.org/bandit/latest/plugins/b106_hardcoded_password_funcarg.html"
}
],
"priority"
:
"Low"
,
"file"
:
"python/hardcoded/hardcoded-passwords.py"
,
"line"
:
22
,
"url"
:
"https://docs.openstack.org/bandit/latest/plugins/b106_hardcoded_password_funcarg.html"
,
"tool"
:
"bandit"
},
{
"category"
:
"sast"
,
"message"
:
"Possible hardcoded password: 'root'"
,
"cve"
:
"python/hardcoded/hardcoded-passwords.py:7431c73a0bc16d94ece2a2e75ef38f302574d42c37ac0c3c38ad0b3bf8a59f10:B105"
,
"severity"
:
"Low"
,
"confidence"
:
"Medium"
,
"scanner"
:
{
"id"
:
"bandit"
,
"name"
:
"Bandit"
},
"location"
:
{
"file"
:
"python/hardcoded/hardcoded-passwords.py"
,
"start_line"
:
5
,
"end_line"
:
5
},
"identifiers"
:
[
{
"type"
:
"bandit_test_id"
,
"name"
:
"Bandit Test ID B105"
,
"value"
:
"B105"
,
"url"
:
"https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
}
],
"priority"
:
"Low"
,
"file"
:
"python/hardcoded/hardcoded-passwords.py"
,
"line"
:
5
,
"url"
:
"https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
,
"tool"
:
"bandit"
},
{
"category"
:
"sast"
,
"message"
:
"Possible hardcoded password: ''"
,
"cve"
:
"python/hardcoded/hardcoded-passwords.py:d2d1857c27caedd49c57bfbcdc23afcc92bd66a22701fcdc632869aab4ca73ee:B105"
,
"severity"
:
"Low"
,
"confidence"
:
"Medium"
,
"scanner"
:
{
"id"
:
"bandit"
,
"name"
:
"Bandit"
},
"location"
:
{
"file"
:
"python/hardcoded/hardcoded-passwords.py"
,
"start_line"
:
9
,
"end_line"
:
9
},
"identifiers"
:
[
{
"type"
:
"bandit_test_id"
,
"name"
:
"Bandit Test ID B105"
,
"value"
:
"B105"
,
"url"
:
"https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
}
],
"priority"
:
"Low"
,
"file"
:
"python/hardcoded/hardcoded-passwords.py"
,
"line"
:
9
,
"url"
:
"https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
,
"tool"
:
"bandit"
},
{
"category"
:
"sast"
,
"message"
:
"Possible hardcoded password: 'ajklawejrkl42348swfgkg'"
,
"cve"
:
"python/hardcoded/hardcoded-passwords.py:fb3866215a61393a5c9c32a3b60e2058171a23219c353f722cbd3567acab21d2:B105"
,
"severity"
:
"Low"
,
"confidence"
:
"Medium"
,
"scanner"
:
{
"id"
:
"bandit"
,
"name"
:
"Bandit"
},
"location"
:
{
"file"
:
"python/hardcoded/hardcoded-passwords.py"
,
"start_line"
:
13
,
"end_line"
:
13
},
"identifiers"
:
[
{
"type"
:
"bandit_test_id"
,
"name"
:
"Bandit Test ID B105"
,
"value"
:
"B105"
,
"url"
:
"https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
}
],
"priority"
:
"Low"
,
"file"
:
"python/hardcoded/hardcoded-passwords.py"
,
"line"
:
13
,
"url"
:
"https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
,
"tool"
:
"bandit"
},
{
"category"
:
"sast"
,
"message"
:
"Possible hardcoded password: 'blerg'"
,
"cve"
:
"python/hardcoded/hardcoded-passwords.py:63c62a8b7e1e5224439bd26b28030585ac48741e28ca64561a6071080c560a5f:B105"
,
"severity"
:
"Low"
,
"confidence"
:
"Medium"
,
"scanner"
:
{
"id"
:
"bandit"
,
"name"
:
"Bandit"
},
"location"
:
{
"file"
:
"python/hardcoded/hardcoded-passwords.py"
,
"start_line"
:
23
,
"end_line"
:
23
},
"identifiers"
:
[
{
"type"
:
"bandit_test_id"
,
"name"
:
"Bandit Test ID B105"
,
"value"
:
"B105"
,
"url"
:
"https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
}
],
"priority"
:
"Low"
,
"file"
:
"python/hardcoded/hardcoded-passwords.py"
,
"line"
:
23
,
"url"
:
"https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
,
"tool"
:
"bandit"
},
{
"category"
:
"sast"
,
"message"
:
"Possible hardcoded password: 'blerg'"
,
"cve"
:
"python/hardcoded/hardcoded-passwords.py:4311b06d08df8fa58229b341c531da8e1a31ec4520597bdff920cd5c098d86f9:B105"
,
"severity"
:
"Low"
,
"confidence"
:
"Medium"
,
"scanner"
:
{
"id"
:
"bandit"
,
"name"
:
"Bandit"
},
"location"
:
{
"file"
:
"python/hardcoded/hardcoded-passwords.py"
,
"start_line"
:
24
,
"end_line"
:
24
},
"identifiers"
:
[
{
"type"
:
"bandit_test_id"
,
"name"
:
"Bandit Test ID B105"
,
"value"
:
"B105"
,
"url"
:
"https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
}
],
"priority"
:
"Low"
,
"file"
:
"python/hardcoded/hardcoded-passwords.py"
,
"line"
:
24
,
"url"
:
"https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
,
"tool"
:
"bandit"
},
{
"category"
:
"sast"
,
"message"
:
"Consider possible security implications associated with subprocess module."
,
"cve"
:
"python/imports/imports-function.py:5858400c2f39047787702de44d03361ef8d954c9d14bd54ee1c2bef9e6a7df93:B404"
,
"severity"
:
"Low"
,
"confidence"
:
"High"
,
"scanner"
:
{
"id"
:
"bandit"
,
"name"
:
"Bandit"
},
"location"
:
{
"file"
:
"python/imports/imports-function.py"
,
"start_line"
:
4
,
"end_line"
:
4
},
"identifiers"
:
[
{
"type"
:
"bandit_test_id"
,
"name"
:
"Bandit Test ID B404"
,
"value"
:
"B404"
}
],
"priority"
:
"Low"
,
"file"
:
"python/imports/imports-function.py"
,
"line"
:
4
,
"tool"
:
"bandit"
},
{
"category"
:
"sast"
,
"message"
:
"Consider possible security implications associated with pickle module."
,
"cve"
:
"python/imports/imports-function.py:dbda3cf4190279d30e0aad7dd137eca11272b0b225e8af4e8bf39682da67d956:B403"
,
"severity"
:
"Low"
,
"confidence"
:
"High"
,
"scanner"
:
{
"id"
:
"bandit"
,
"name"
:
"Bandit"
},
"location"
:
{
"file"
:
"python/imports/imports-function.py"
,
"start_line"
:
2
,
"end_line"
:
2
},
"identifiers"
:
[
{
"type"
:
"bandit_test_id"
,
"name"
:
"Bandit Test ID B403"
,
"value"
:
"B403"
}
],
"priority"
:
"Low"
,
"file"
:
"python/imports/imports-function.py"
,
"line"
:
2
,
"tool"
:
"bandit"
},
{
"category"
:
"sast"
,
"message"
:
"Consider possible security implications associated with Popen module."
,
"cve"
:
"python/imports/imports-from.py:eb8a0db9cd1a8c1ab39a77e6025021b1261cc2a0b026b2f4a11fca4e0636d8dd:B404"
,
"severity"
:
"Low"
,
"confidence"
:
"High"
,
"scanner"
:
{
"id"
:
"bandit"
,
"name"
:
"Bandit"
},
"location"
:
{
"file"
:
"python/imports/imports-from.py"
,
"start_line"
:
7
,
"end_line"
:
7
},
"identifiers"
:
[
{
"type"
:
"bandit_test_id"
,
"name"
:
"Bandit Test ID B404"
,
"value"
:
"B404"
}
],
"priority"
:
"Low"
,
"file"
:
"python/imports/imports-from.py"
,
"line"
:
7
,
"tool"
:
"bandit"
},
{
"category"
:
"sast"
,
"message"
:
"subprocess call with shell=True seems safe, but may be changed in the future, consider rewriting without shell"
,
"cve"
:
"python/imports/imports-aliases.py:f99f9721e27537fbcb6699a4cf39c6740d6234d2c6f06cfc2d9ea977313c483d:B602"
,
"severity"
:
"Low"
,
"confidence"
:
"High"
,
"scanner"
:
{
"id"
:
"bandit"
,
"name"
:
"Bandit"
},
"location"
:
{
"file"
:
"python/imports/imports-aliases.py"
,
"start_line"
:
9
,
"end_line"
:
9
},
"identifiers"
:
[
{
"type"
:
"bandit_test_id"
,
"name"
:
"Bandit Test ID B602"
,
"value"
:
"B602"
,
"url"
:
"https://docs.openstack.org/bandit/latest/plugins/b602_subprocess_popen_with_shell_equals_true.html"
}
],
"priority"
:
"Low"
,
"file"
:
"python/imports/imports-aliases.py"
,
"line"
:
9
,
"url"
:
"https://docs.openstack.org/bandit/latest/plugins/b602_subprocess_popen_with_shell_equals_true.html"
,
"tool"
:
"bandit"
},
{
"category"
:
"sast"
,
"message"
:
"Consider possible security implications associated with subprocess module."
,
"cve"
:
"python/imports/imports-from.py:332a12ab1146698f614a905ce6a6a5401497a12281aef200e80522711c69dcf4:B404"
,
"severity"
:
"Low"
,
"confidence"
:
"High"
,
"scanner"
:
{
"id"
:
"bandit"
,
"name"
:
"Bandit"
},
"location"
:
{
"file"
:
"python/imports/imports-from.py"
,
"start_line"
:
6
,
"end_line"
:
6
},
"identifiers"
:
[
{
"type"
:
"bandit_test_id"
,
"name"
:
"Bandit Test ID B404"
,
"value"
:
"B404"
}
],
"priority"
:
"Low"
,
"file"
:
"python/imports/imports-from.py"
,
"line"
:
6
,
"tool"
:
"bandit"
},
{
"category"
:
"sast"
,
"message"
:
"Consider possible security implications associated with Popen module."
,
"cve"
:
"python/imports/imports-from.py:0a48de4a3d5348853a03666cb574697e3982998355e7a095a798bd02a5947276:B404"
,
"severity"
:
"Low"
,
"confidence"
:
"High"
,
"scanner"
:
{
"id"
:
"bandit"
,
"name"
:
"Bandit"
},
"location"
:
{
"file"
:
"python/imports/imports-from.py"
,
"start_line"
:
1
,
"end_line"
:
2
},
"identifiers"
:
[
{
"type"
:
"bandit_test_id"
,
"name"
:
"Bandit Test ID B404"
,
"value"
:
"B404"
}
],
"priority"
:
"Low"
,
"file"
:
"python/imports/imports-from.py"
,
"line"
:
1
,
"tool"
:
"bandit"
},
{
"category"
:
"sast"
,
"message"
:
"Consider possible security implications associated with pickle module."
,
"cve"
:
"python/imports/imports-aliases.py:51b71661dff994bde3529639a727a678c8f5c4c96f00d300913f6d5be1bbdf26:B403"
,
"severity"
:
"Low"
,
"confidence"
:
"High"
,
"scanner"
:
{
"id"
:
"bandit"
,
"name"
:
"Bandit"
},
"location"
:
{
"file"
:
"python/imports/imports-aliases.py"
,
"start_line"
:
7
,
"end_line"
:
8
},
"identifiers"
:
[
{
"type"
:
"bandit_test_id"
,
"name"
:
"Bandit Test ID B403"
,
"value"
:
"B403"
}
],
"priority"
:
"Low"
,
"file"
:
"python/imports/imports-aliases.py"
,
"line"
:
7
,
"tool"
:
"bandit"
},
{
"category"
:
"sast"
,
"message"
:
"Consider possible security implications associated with loads module."
,
"cve"
:
"python/imports/imports-aliases.py:6ff02aeb3149c01ab68484d794a94f58d5d3e3bb0d58557ef4153644ea68ea54:B403"
,
"severity"
:
"Low"
,
"confidence"
:
"High"
,
"scanner"
:
{
"id"
:
"bandit"
,
"name"
:
"Bandit"
},
"location"
:
{
"file"
:
"python/imports/imports-aliases.py"
,
"start_line"
:
6
,
"end_line"
:
6
},
"identifiers"
:
[
{
"type"
:
"bandit_test_id"
,
"name"
:
"Bandit Test ID B403"
,
"value"
:
"B403"
}
],
"priority"
:
"Low"
,
"file"
:
"python/imports/imports-aliases.py"
,
"line"
:
6
,
"tool"
:
"bandit"
},
{
"category"
:
"sast"
,
"message"
:
"Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120)"
,
"cve"
:
"c/subdir/utils.c:b466873101951fe96e1332f6728eb7010acbbd5dfc3b65d7d53571d091a06d9e:CWE-119!/CWE-120"
,
"confidence"
:
"Low"
,
"solution"
:
"Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length"
,
"scanner"
:
{
"id"
:
"flawfinder"
,
"name"
:
"Flawfinder"
},
"location"
:
{
"file"
:
"c/subdir/utils.c"
,
"start_line"
:
4
},
"identifiers"
:
[
{
"type"
:
"flawfinder_func_name"
,
"name"
:
"Flawfinder - char"
,
"value"
:
"char"
},
{
"type"
:
"cwe"
,
"name"
:
"CWE-119"
,
"value"
:
"119"
,
"url"
:
"https://cwe.mitre.org/data/definitions/119.html"
},
{
"type"
:
"cwe"
,
"name"
:
"CWE-120"
,
"value"
:
"120"
,
"url"
:
"https://cwe.mitre.org/data/definitions/120.html"
}
],
"file"
:
"c/subdir/utils.c"
,
"line"
:
4
,
"url"
:
"https://cwe.mitre.org/data/definitions/119.html"
,
"tool"
:
"flawfinder"
},
{
"category"
:
"sast"
,
"message"
:
"Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362)"
,
"cve"
:
"c/subdir/utils.c:bab681140fcc8fc3085b6bba74081b44ea145c1c98b5e70cf19ace2417d30770:CWE-362"
,
"confidence"
:
"Low"
,
"scanner"
:
{
"id"
:
"flawfinder"
,
"name"
:
"Flawfinder"
},
"location"
:
{
"file"
:
"c/subdir/utils.c"
,
"start_line"
:
8
},
"identifiers"
:
[
{
"type"
:
"flawfinder_func_name"
,
"name"
:
"Flawfinder - fopen"
,
"value"
:
"fopen"
},
{
"type"
:
"cwe"
,
"name"
:
"CWE-362"
,
"value"
:
"362"
,
"url"
:
"https://cwe.mitre.org/data/definitions/362.html"
}
],
"file"
:
"c/subdir/utils.c"
,
"line"
:
8
,
"url"
:
"https://cwe.mitre.org/data/definitions/362.html"
,
"tool"
:
"flawfinder"
},
{
"category"
:
"sast"
,
"message"
:
"Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120)"
,
"cve"
:
"cplusplus/src/hello.cpp:c8c6dd0afdae6814194cf0930b719f757ab7b379cf8f261e7f4f9f2f323a818a:CWE-119!/CWE-120"
,
"confidence"
:
"Low"
,
"solution"
:
"Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length"
,
"scanner"
:
{
"id"
:
"flawfinder"
,
"name"
:
"Flawfinder"
},
"location"
:
{
"file"
:
"cplusplus/src/hello.cpp"
,
"start_line"
:
6
},
"identifiers"
:
[
{
"type"
:
"flawfinder_func_name"
,
"name"
:
"Flawfinder - char"
,
"value"
:
"char"
},
{
"type"
:
"cwe"
,
"name"
:
"CWE-119"
,
"value"
:
"119"
,
"url"
:
"https://cwe.mitre.org/data/definitions/119.html"
},
{
"type"
:
"cwe"
,
"name"
:
"CWE-120"
,
"value"
:
"120"
,
"url"
:
"https://cwe.mitre.org/data/definitions/120.html"
}
],
"file"
:
"cplusplus/src/hello.cpp"
,
"line"
:
6
,
"url"
:
"https://cwe.mitre.org/data/definitions/119.html"
,
"tool"
:
"flawfinder"
},
{
"category"
:
"sast"
,
"message"
:
"Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120)"
,
"cve"
:
"cplusplus/src/hello.cpp:331c04062c4fe0c7c486f66f59e82ad146ab33cdd76ae757ca41f392d568cbd0:CWE-120"
,
"confidence"
:
"Low"
,
"solution"
:
"Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)"
,
"scanner"
:
{
"id"
:
"flawfinder"
,
"name"
:
"Flawfinder"
},
"location"
:
{
"file"
:
"cplusplus/src/hello.cpp"
,
"start_line"
:
7
},
"identifiers"
:
[
{
"type"
:
"flawfinder_func_name"
,
"name"
:
"Flawfinder - strcpy"
,
"value"
:
"strcpy"
},
{
"type"
:
"cwe"
,
"name"
:
"CWE-120"
,
"value"
:
"120"
,
"url"
:
"https://cwe.mitre.org/data/definitions/120.html"
}
],
"file"
:
"cplusplus/src/hello.cpp"
,
"line"
:
7
,
"url"
:
"https://cwe.mitre.org/data/definitions/120.html"
,
"tool"
:
"flawfinder"
}
}
]
]
}
}
qa/qa/specs/features/ee/browser_ui/secure/create_merge_request_with_secure_spec.rb
View file @
d0d7a49c
...
@@ -8,7 +8,7 @@ module QA
...
@@ -8,7 +8,7 @@ module QA
# https://gitlab.com/gitlab-org/gitlab/issues/36559
# https://gitlab.com/gitlab-org/gitlab/issues/36559
context
'Secure'
,
:docker
,
:quarantine
do
context
'Secure'
,
:docker
,
:quarantine
do
describe
'Security Reports in a Merge Request'
do
describe
'Security Reports in a Merge Request'
do
let
(
:sast_vuln_count
)
{
33
}
let
(
:sast_vuln_count
)
{
5
}
let
(
:dependency_scan_vuln_count
)
{
4
}
let
(
:dependency_scan_vuln_count
)
{
4
}
let
(
:container_scan_vuln_count
)
{
8
}
let
(
:container_scan_vuln_count
)
{
8
}
let
(
:vuln_name
)
{
"Regular Expression Denial of Service in debug"
}
let
(
:vuln_name
)
{
"Regular Expression Denial of Service in debug"
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment