diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-03-18 20:02:30 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-03-18 20:02:30 +0000 |
| commit | 41fe97390ceddf945f3d967b8fdb3de4c66b7dea (patch) | |
| tree | 9c8d89a8624828992f06d892cd2f43818ff5dcc8 /spec/fixtures | |
| parent | 0804d2dc31052fb45a1efecedc8e06ce9bc32862 (diff) | |
| download | gitlab-ce-41fe97390ceddf945f3d967b8fdb3de4c66b7dea.tar.gz | |
Add latest changes from gitlab-org/gitlab@14-9-stable-eev14.9.0-rc42
Diffstat (limited to 'spec/fixtures')
12 files changed, 315 insertions, 25 deletions
diff --git a/spec/fixtures/api/schemas/deployment.json b/spec/fixtures/api/schemas/deployment.json index fa34a61c7d3..7d96147314c 100644 --- a/spec/fixtures/api/schemas/deployment.json +++ b/spec/fixtures/api/schemas/deployment.json @@ -64,6 +64,5 @@ "items": { "$ref": "job/job.json" } }, "status": { "type": "string" } - }, - "additionalProperties": false + } } diff --git a/spec/fixtures/api/schemas/environment.json b/spec/fixtures/api/schemas/environment.json index 4f54a77e6b2..87b6e5da370 100644 --- a/spec/fixtures/api/schemas/environment.json +++ b/spec/fixtures/api/schemas/environment.json @@ -35,6 +35,8 @@ "auto_stop_at": { "type": "string", "format": "date-time" }, "can_stop": { "type": "boolean" }, "has_opened_alert": { "type": "boolean" }, + "tier": { "type": "string" }, + "required_approval_count": { "type": "integer" }, "cluster_type": { "type": "types/nullable_string.json" }, "terminal_path": { "type": "types/nullable_string.json" }, "rollout_status": { diff --git a/spec/fixtures/api/schemas/list.json b/spec/fixtures/api/schemas/list.json index 65e140f9e28..0985874a500 100644 --- a/spec/fixtures/api/schemas/list.json +++ b/spec/fixtures/api/schemas/list.json @@ -34,7 +34,7 @@ "priority": { "type": ["integer", "null"] } } }, - "title": { "type": "string" }, + "title": { "type": ["string", "null"] }, "position": { "type": ["integer", "null"] }, "max_issue_count": { "type": "integer" }, "max_issue_weight": { "type": "integer" }, diff --git a/spec/fixtures/api/schemas/public_api/v4/deploy_token.json b/spec/fixtures/api/schemas/public_api/v4/deploy_token.json index c4d3f944aea..102ab95a4ee 100644 --- a/spec/fixtures/api/schemas/public_api/v4/deploy_token.json +++ b/spec/fixtures/api/schemas/public_api/v4/deploy_token.json @@ -5,7 +5,9 @@ "name", "username", "expires_at", - "scopes" + "scopes", + "revoked", + "expired" ], "properties": { "id": { @@ -26,6 +28,12 @@ }, "token": { "type": "string" + }, + "revoked": { + "type": "boolean" + }, + "expired": { + "type": "boolean" } } }
\ No newline at end of file diff --git a/spec/fixtures/api/schemas/public_api/v4/system_hook.json b/spec/fixtures/api/schemas/public_api/v4/system_hook.json new file mode 100644 index 00000000000..f992bc8b809 --- /dev/null +++ b/spec/fixtures/api/schemas/public_api/v4/system_hook.json @@ -0,0 +1,24 @@ +{ + "type": "object", + "required": [ + "id", + "url", + "created_at", + "push_events", + "tag_push_events", + "merge_requests_events", + "repository_update_events", + "enable_ssl_verification" + ], + "properties": { + "id": { "type": "integer" }, + "url": { "type": "string" }, + "created_at": { "type": "string" }, + "push_events": { "type": "boolean" }, + "tag_push_events": { "type": "boolean" }, + "merge_requests_events": { "type": "boolean" }, + "repository_update_events": { "type": "boolean" }, + "enable_ssl_verification": { "type": "boolean" } + }, + "additionalProperties": false +} diff --git a/spec/fixtures/api/schemas/public_api/v4/system_hooks.json b/spec/fixtures/api/schemas/public_api/v4/system_hooks.json new file mode 100644 index 00000000000..a56542a8b99 --- /dev/null +++ b/spec/fixtures/api/schemas/public_api/v4/system_hooks.json @@ -0,0 +1,9 @@ +{ + "type": "array", + "items": { + "type": "object", + "properties" : { + "$ref": "./system_hook.json" + } + } +} diff --git a/spec/fixtures/emails/missing_delivered_to_header.eml b/spec/fixtures/emails/missing_delivered_to_header.eml new file mode 100644 index 00000000000..511f60ab719 --- /dev/null +++ b/spec/fixtures/emails/missing_delivered_to_header.eml @@ -0,0 +1,35 @@ +Return-Path: <jake@example.com> +Received: from myserver.example.com ([unix socket]) by myserver (Cyrus v2.2.13-Debian-2.2.13-19+squeeze3) with LMTPA; Thu, 13 Jun 2013 17:03:50 -0400 +Received: by 10.0.0.1 with HTTP; Thu, 13 Jun 2013 14:03:48 -0700 +Received: from blabla.google.com (blabla.google.com. [1.1.1.1]) + by bla.google.com with SMTPS id something.1.1.1.1.1.1.1 + for <incoming+gitlabhq/gitlabhq+auth_token@appmail.example.com> + (Google Transport Security); + Mon, 21 Feb 2022 14:41:58 -0800 (PST) +Received: from mail.example.com (mail.example.com [IPv6:2607:f8b0:4001:c03::234]) by myserver.example.com (8.14.3/8.14.3/Debian-9.4) with ESMTP id r5DL3nFJ016967 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT) for <incoming+gitlabhq/gitlabhq@example.com>; Thu, 13 Jun 2013 17:03:50 -0400 +From: "jake@example.com" <jake@example.com> +To: "support@example.com" <support@example.com> +Subject: Insert hilarious subject line here +Date: Tue, 26 Nov 2019 14:22:41 +0000 +Message-ID: <7e2296f83dbf4de388cbf5f56f52c11f@EXDAG29-1.EXCHANGE.INT> +Accept-Language: de-DE, en-US +Content-Language: de-DE +X-MS-Has-Attach: +X-MS-TNEF-Correlator: +x-ms-exchange-transport-fromentityheader: Hosted +x-originating-ip: [62.96.54.178] +Content-Type: multipart/alternative; + boundary="_000_7e2296f83dbf4de388cbf5f56f52c11fEXDAG291EXCHANGEINT_" +MIME-Version: 1.0 + +--_000_7e2296f83dbf4de388cbf5f56f52c11fEXDAG291EXCHANGEINT_ +Content-Type: text/plain; charset="iso-8859-1" +Content-Transfer-Encoding: quoted-printable + + + +--_000_7e2296f83dbf4de388cbf5f56f52c11fEXDAG291EXCHANGEINT_ +Content-Type: text/html; charset="iso-8859-1" +Content-Transfer-Encoding: quoted-printable + +Look, a message with no Delivered-To header! Let's fallback to Received: in case it's there. diff --git a/spec/fixtures/emails/service_desk_reply_to_and_from.eml b/spec/fixtures/emails/service_desk_reply_to_and_from.eml new file mode 100644 index 00000000000..2545e0d30f8 --- /dev/null +++ b/spec/fixtures/emails/service_desk_reply_to_and_from.eml @@ -0,0 +1,28 @@ +Delivered-To: incoming+email-test-project_id-issue-@appmail.adventuretime.ooo +Return-Path: <jake@adventuretime.ooo> +Received: from iceking.adventuretime.ooo ([unix socket]) by iceking (Cyrus v2.2.13-Debian-2.2.13-19+squeeze3) with LMTPA; Thu, 13 Jun 2013 17:03:50 -0400 +Received: from mail-ie0-x234.google.com (mail-ie0-x234.google.com [IPv6:2607:f8b0:4001:c03::234]) by iceking.adventuretime.ooo (8.14.3/8.14.3/Debian-9.4) with ESMTP id r5DL3nFJ016967 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT) for <incoming+gitlabhq/gitlabhq@appmail.adventuretime.ooo>; Thu, 13 Jun 2013 17:03:50 -0400 +Received: by mail-ie0-f180.google.com with SMTP id f4so21977375iea.25 for <incoming+email-test-project_id-issue-@appmail.adventuretime.ooo>; Thu, 13 Jun 2013 14:03:48 -0700 +Received: by 10.0.0.1 with HTTP; Thu, 13 Jun 2013 14:03:48 -0700 +Date: Thu, 13 Jun 2013 17:03:48 -0400 +Reply-To: Marceline <marceline@adventuretime.ooo> +From: Finn the Human <finn@adventuretime.ooo> +Sender: Jake the Dog <jake@adventuretime.ooo> +To: support@adventuretime.ooo +Delivered-To: support@adventuretime.ooo +Message-ID: <CADkmRc+rNGAGGbV2iE5p918UVy4UyJqVcXRO2=otppgzduJSg@mail.gmail.com> +Subject: The message subject! @all +Mime-Version: 1.0 +Content-Type: text/plain; + charset=ISO-8859-1 +Content-Transfer-Encoding: 7bit +X-Sieve: CMU Sieve 2.2 +X-Received: by 10.0.0.1 with SMTP id n7mr11234144ipb.85.1371157428600; Thu, + 13 Jun 2013 14:03:48 -0700 (PDT) +X-Scanned-By: MIMEDefang 2.69 on IPv6:2001:470:1d:165::1 + +Service desk stuff! + +``` +a = b +``` diff --git a/spec/fixtures/emails/valid_note_on_issuable.eml b/spec/fixtures/emails/valid_note_on_issuable.eml index 29308c9d969..38b733b6a32 100644 --- a/spec/fixtures/emails/valid_note_on_issuable.eml +++ b/spec/fixtures/emails/valid_note_on_issuable.eml @@ -1,6 +1,6 @@ Return-Path: <jake@adventuretime.ooo> Received: from iceking.adventuretime.ooo ([unix socket]) by iceking (Cyrus v2.2.13-Debian-2.2.13-19+squeeze3) with LMTPA; Thu, 13 Jun 2013 17:03:50 -0400 -Received: from mail-ie0-x234.google.com (mail-ie0-x234.google.com [IPv6:2607:f8b0:4001:c03::234]) by iceking.adventuretime.ooo (8.14.3/8.14.3/Debian-9.4) with ESMTP id r5DL3nFJ016967 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT) for <incoming+gitlabhq/gitlabhq@appmail.adventuretime.ooo>; Thu, 13 Jun 2013 17:03:50 -0400 +Received: from mail-ie0-x234.google.com (mail-ie0-x234.google.com [IPv6:2607:f8b0:4001:c03::234]) by iceking.adventuretime.ooo (8.14.3/8.14.3/Debian-9.4) with ESMTP id r5DL3nFJ016967 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT) for <incoming+gitlabhq-gitlabhq-project_id-auth_token-issue-issue_iid@appmail.adventuretime.ooo>; Thu, 13 Jun 2013 17:03:50 -0400 Received: by mail-ie0-f180.google.com with SMTP id f4so21977375iea.25 for <incoming+gitlabhq-gitlabhq-project_id-auth_token-issue-issue_iid@appmail.adventuretime.ooo>; Thu, 13 Jun 2013 14:03:48 -0700 Received: by 10.0.0.1 with HTTP; Thu, 13 Jun 2013 14:03:48 -0700 Date: Thu, 13 Jun 2013 17:03:48 -0400 diff --git a/spec/fixtures/error_tracking/php_empty_transaction.json b/spec/fixtures/error_tracking/php_empty_transaction.json new file mode 100644 index 00000000000..fc51894145d --- /dev/null +++ b/spec/fixtures/error_tracking/php_empty_transaction.json @@ -0,0 +1,45 @@ +{ + "event_id": "dquJXuPF9sP1fMy5RpKo979xUALjNDQB", + "timestamp": 1645191605.123456, + "platform": "php", + "sdk": { + "name": "sentry.php", + "version": "3.3.7" + }, + "logger": "php", + "transaction": "", + "server_name": "oAjA5zTgIjqP", + "release": "C0FFEE", + "environment": "Development/Berlin", + "exception": { + "values": [ + { + "type": "TestException", + "value": "Sentry test exception", + "stacktrace": { + "frames": [ + { + "filename": "/src/Path/To/Class.php", + "lineno": 3, + "in_app": true, + "abs_path": "/var/www/html/src/Path/To/Class.php", + "function": "Path\\To\\Class::method", + "raw_function": "Path\\To\\Class::method", + "pre_context": [ + "// Pre-context" + ], + "context_line": "throw new TestException('Sentry test exception');", + "post_context": [ + "// Post-context" + ] + } + ] + }, + "mechanism": { + "type": "generic", + "handled": true + } + } + ] + } +} diff --git a/spec/fixtures/markdown/markdown_golden_master_examples.yml b/spec/fixtures/markdown/markdown_golden_master_examples.yml index b024064dc21..8556811974d 100644 --- a/spec/fixtures/markdown/markdown_golden_master_examples.yml +++ b/spec/fixtures/markdown/markdown_golden_master_examples.yml @@ -218,13 +218,13 @@ </ol> <ul data-sourcepos="7:1-9:47" class="task-list" dir="auto"> <li data-sourcepos="7:1-7:47" class="task-list-item"> - <input type="checkbox" class="task-list-item-checkbox" checked disabled> <span class="media-container audio-container"><audio src="https://gitlab.com/1.mp3" controls="true" data-setup="{}" data-title="Sample Audio"></audio><a href="https://gitlab.com/1.mp3" target="_blank" rel="nofollow noreferrer noopener" title="Download 'Sample Audio'">Sample Audio</a></span> + <task-button></task-button><input type="checkbox" class="task-list-item-checkbox" checked disabled> <span class="media-container audio-container"><audio src="https://gitlab.com/1.mp3" controls="true" data-setup="{}" data-title="Sample Audio"></audio><a href="https://gitlab.com/1.mp3" target="_blank" rel="nofollow noreferrer noopener" title="Download 'Sample Audio'">Sample Audio</a></span> </li> <li data-sourcepos="8:1-8:47" class="task-list-item"> - <input type="checkbox" class="task-list-item-checkbox" checked disabled> <span class="media-container audio-container"><audio src="https://gitlab.com/2.mp3" controls="true" data-setup="{}" data-title="Sample Audio"></audio><a href="https://gitlab.com/2.mp3" target="_blank" rel="nofollow noreferrer noopener" title="Download 'Sample Audio'">Sample Audio</a></span> + <task-button></task-button><input type="checkbox" class="task-list-item-checkbox" checked disabled> <span class="media-container audio-container"><audio src="https://gitlab.com/2.mp3" controls="true" data-setup="{}" data-title="Sample Audio"></audio><a href="https://gitlab.com/2.mp3" target="_blank" rel="nofollow noreferrer noopener" title="Download 'Sample Audio'">Sample Audio</a></span> </li> <li data-sourcepos="9:1-9:47" class="task-list-item"> - <input type="checkbox" class="task-list-item-checkbox" checked disabled> <span class="media-container video-container"><video src="https://gitlab.com/3.mp4" controls="true" data-setup="{}" data-title="Sample Video" width="400" preload="metadata"></video><a href="https://gitlab.com/3.mp4" target="_blank" rel="nofollow noreferrer noopener" title="Download 'Sample Video'">Sample Video</a></span> + <task-button></task-button><input type="checkbox" class="task-list-item-checkbox" checked disabled> <span class="media-container video-container"><video src="https://gitlab.com/3.mp4" controls="true" data-setup="{}" data-title="Sample Video" width="400" preload="metadata"></video><a href="https://gitlab.com/3.mp4" target="_blank" rel="nofollow noreferrer noopener" title="Download 'Sample Video'">Sample Video</a></span> </li> </ul> @@ -553,7 +553,7 @@ * The concert starts at <time datetime="20:00">20:00</time> and you'll be able to enjoy the band for at least <time datetime="PT2H30M">2h 30m</time>. * Press <kbd>Ctrl</kbd> + <kbd>C</kbd> to copy text (Windows). * WWF's goal is to: <q>Build a future where people live in harmony with nature.</q> We hope they succeed. - * The error occured was: <samp>Keyboard not found. Press F1 to continue.</samp> + * The error occurred was: <samp>Keyboard not found. Press F1 to continue.</samp> * The area of a triangle is: 1/2 x <var>b</var> x <var>h</var>, where <var>b</var> is the base, and <var>h</var> is the vertical height. * <ruby>漢<rt>ㄏㄢˋ</rt></ruby> * C<sub>7</sub>H<sub>16</sub> + O<sub>2</sub> → CO<sub>2</sub> + H<sub>2</sub>O @@ -572,7 +572,7 @@ <li data-sourcepos="8:1-8:149">The concert starts at <time datetime="20:00">20:00</time> and you'll be able to enjoy the band for at least <time datetime="PT2H30M">2h 30m</time>.</li> <li data-sourcepos="9:1-9:62">Press <kbd>Ctrl</kbd> + <kbd>C</kbd> to copy text (Windows).</li> <li data-sourcepos="10:1-10:105">WWF's goal is to: <q>Build a future where people live in harmony with nature.</q> We hope they succeed.</li> - <li data-sourcepos="11:1-11:79">The error occured was: <samp>Keyboard not found. Press F1 to continue.</samp> + <li data-sourcepos="11:1-11:80">The error occurred was: <samp>Keyboard not found. Press F1 to continue.</samp> </li> <li data-sourcepos="12:1-12:136">The area of a triangle is: 1/2 x <var>b</var> x <var>h</var>, where <var>b</var> is the base, and <var>h</var> is the vertical height.</li> <li data-sourcepos="13:1-13:35"><ruby>漢<rt>ㄏㄢˋ</rt></ruby></li> @@ -670,19 +670,19 @@ html: |- <ol data-sourcepos="1:1-6:18" class="task-list" dir="auto"> <li data-sourcepos="1:1-1:12" class="task-list-item"> - <input type="checkbox" class="task-list-item-checkbox" checked disabled> hello</li> + <task-button></task-button><input type="checkbox" class="task-list-item-checkbox" checked disabled> hello</li> <li data-sourcepos="2:1-2:12" class="task-list-item"> - <input type="checkbox" class="task-list-item-checkbox" checked disabled> world</li> + <task-button></task-button><input type="checkbox" class="task-list-item-checkbox" checked disabled> world</li> <li data-sourcepos="3:1-6:18" class="task-list-item"> - <input type="checkbox" class="task-list-item-checkbox" disabled> example + <task-button></task-button><input type="checkbox" class="task-list-item-checkbox" disabled> example <ol data-sourcepos="4:4-6:18" class="task-list"> <li data-sourcepos="4:4-6:18" class="task-list-item"> - <input type="checkbox" class="task-list-item-checkbox" disabled> of nested + <task-button></task-button><input type="checkbox" class="task-list-item-checkbox" disabled> of nested <ol data-sourcepos="5:7-6:18" class="task-list"> <li data-sourcepos="5:7-5:22" class="task-list-item"> - <input type="checkbox" class="task-list-item-checkbox" checked disabled> task list</li> + <task-button></task-button><input type="checkbox" class="task-list-item-checkbox" checked disabled> task list</li> <li data-sourcepos="6:7-6:18" class="task-list-item"> - <input type="checkbox" class="task-list-item-checkbox" disabled> items</li> + <task-button></task-button><input type="checkbox" class="task-list-item-checkbox" disabled> items</li> </ol> </li> </ol> @@ -697,11 +697,11 @@ html: |- <ol start="4893" data-sourcepos="1:1-3:17" class="task-list" dir="auto"> <li data-sourcepos="1:1-1:15" class="task-list-item"> - <input type="checkbox" class="task-list-item-checkbox" checked disabled> hello</li> + <task-button></task-button><input type="checkbox" class="task-list-item-checkbox" checked disabled> hello</li> <li data-sourcepos="2:1-2:15" class="task-list-item"> - <input type="checkbox" class="task-list-item-checkbox" checked disabled> world</li> + <task-button></task-button><input type="checkbox" class="task-list-item-checkbox" checked disabled> world</li> <li data-sourcepos="3:1-3:17" class="task-list-item"> - <input type="checkbox" class="task-list-item-checkbox" disabled> example</li> + <task-button></task-button><input type="checkbox" class="task-list-item-checkbox" disabled> example</li> </ol> - name: reference_for_project_wiki @@ -810,19 +810,19 @@ html: |- <ul data-sourcepos="1:1-6:15" class="task-list" dir="auto"> <li data-sourcepos="1:1-1:11" class="task-list-item"> - <input type="checkbox" class="task-list-item-checkbox" checked disabled> hello</li> + <task-button></task-button><input type="checkbox" class="task-list-item-checkbox" checked disabled> hello</li> <li data-sourcepos="2:1-2:11" class="task-list-item"> - <input type="checkbox" class="task-list-item-checkbox" checked disabled> world</li> + <task-button></task-button><input type="checkbox" class="task-list-item-checkbox" checked disabled> world</li> <li data-sourcepos="3:1-6:15" class="task-list-item"> - <input type="checkbox" class="task-list-item-checkbox" disabled> example + <task-button></task-button><input type="checkbox" class="task-list-item-checkbox" disabled> example <ul data-sourcepos="4:3-6:15" class="task-list"> <li data-sourcepos="4:3-6:15" class="task-list-item"> - <input type="checkbox" class="task-list-item-checkbox" disabled> of nested + <task-button></task-button><input type="checkbox" class="task-list-item-checkbox" disabled> of nested <ul data-sourcepos="5:5-6:15" class="task-list"> <li data-sourcepos="5:5-5:19" class="task-list-item"> - <input type="checkbox" class="task-list-item-checkbox" checked disabled> task list</li> + <task-button></task-button><input type="checkbox" class="task-list-item-checkbox" checked disabled> task list</li> <li data-sourcepos="6:5-6:15" class="task-list-item"> - <input type="checkbox" class="task-list-item-checkbox" disabled> items</li> + <task-button></task-button><input type="checkbox" class="task-list-item-checkbox" disabled> items</li> </ul> </li> </ul> diff --git a/spec/fixtures/security_reports/master/gl-common-scanning-report.json b/spec/fixtures/security_reports/master/gl-common-scanning-report.json index cf4c5239b57..1fb00b2ff3a 100644 --- a/spec/fixtures/security_reports/master/gl-common-scanning-report.json +++ b/spec/fixtures/security_reports/master/gl-common-scanning-report.json @@ -12,6 +12,76 @@ "id": "gemnasium", "name": "Gemnasium" }, + "evidence": { + "source": { + "id": "assert:CORS - Bad 'Origin' value", + "name": "CORS - Bad 'Origin' value" + }, + "summary": "The Origin header was changed to an invalid value of http://peachapisecurity.com and the response contained an Access-Control-Allow-Origin header which included this invalid Origin, indicating that the CORS configuration on the server is overly permissive.\n\n\n", + "request": { + "headers": [ + { + "name": "Host", + "value": "127.0.0.1:7777" + } + ], + "method": "GET", + "url": "http://127.0.0.1:7777/api/users", + "body": "" + }, + "response": { + "headers": [ + { + "name": "Server", + "value": "TwistedWeb/20.3.0" + } + ], + "reason_phrase": "OK", + "status_code": 200, + "body": "[{\"user_id\":1,\"user\":\"admin\",\"first\":\"Joe\",\"last\":\"Smith\",\"password\":\"Password!\"}]" + }, + "supporting_messages": [ + { + "name": "Origional", + "request": { + "headers": [ + { + "name": "Host", + "value": "127.0.0.1:7777" + } + ], + "method": "GET", + "url": "http://127.0.0.1:7777/api/users", + "body": "" + } + }, + { + "name": "Recorded", + "request": { + "headers": [ + { + "name": "Host", + "value": "127.0.0.1:7777" + } + ], + "method": "GET", + "url": "http://127.0.0.1:7777/api/users", + "body": "" + }, + "response": { + "headers": [ + { + "name": "Server", + "value": "TwistedWeb/20.3.0" + } + ], + "reason_phrase": "OK", + "status_code": 200, + "body": "[{\"user_id\":1,\"user\":\"admin\",\"first\":\"Joe\",\"last\":\"Smith\",\"password\":\"Password!\"}]" + } + } + ] + }, "location": {}, "identifiers": [ { @@ -57,6 +127,76 @@ "id": "gemnasium", "name": "Gemnasium" }, + "evidence": { + "source": { + "id": "assert:CORS - Bad 'Origin' value", + "name": "CORS - Bad 'Origin' value" + }, + "summary": "The Origin header was changed to an invalid value of http://peachapisecurity.com and the response contained an Access-Control-Allow-Origin header which included this invalid Origin, indicating that the CORS configuration on the server is overly permissive.\n\n\n", + "request": { + "headers": [ + { + "name": "Host", + "value": "127.0.0.1:7777" + } + ], + "method": "GET", + "url": "http://127.0.0.1:7777/api/users", + "body": "" + }, + "response": { + "headers": [ + { + "name": "Server", + "value": "TwistedWeb/20.3.0" + } + ], + "reason_phrase": "OK", + "status_code": 200, + "body": "[{\"user_id\":1,\"user\":\"admin\",\"first\":\"Joe\",\"last\":\"Smith\",\"password\":\"Password!\"}]" + }, + "supporting_messages": [ + { + "name": "Origional", + "request": { + "headers": [ + { + "name": "Host", + "value": "127.0.0.1:7777" + } + ], + "method": "GET", + "url": "http://127.0.0.1:7777/api/users", + "body": "" + } + }, + { + "name": "Recorded", + "request": { + "headers": [ + { + "name": "Host", + "value": "127.0.0.1:7777" + } + ], + "method": "GET", + "url": "http://127.0.0.1:7777/api/users", + "body": "" + }, + "response": { + "headers": [ + { + "name": "Server", + "value": "TwistedWeb/20.3.0" + } + ], + "reason_phrase": "OK", + "status_code": 200, + "body": "[{\"user_id\":1,\"user\":\"admin\",\"first\":\"Joe\",\"last\":\"Smith\",\"password\":\"Password!\"}]" + } + } + ] + }, "location": {}, "identifiers": [ { |