diff options
author | Olivier Gonzalez <ogonzalez@gitlab.com> | 2019-01-08 19:01:33 +0100 |
---|---|---|
committer | Olivier Gonzalez <ogonzalez@gitlab.com> | 2019-01-10 09:32:45 +0100 |
commit | 9f6f42dbdd46f7934cd82cc880573c89c1db6eee (patch) | |
tree | b6838bf3e1ec856acdbbafd7c8639b48bb3f4d6f /spec/fixtures | |
parent | bdc1ebd0c3a5d0b0639ae7f896c43b8ba3b8759e (diff) | |
download | gitlab-ce-9f6f42dbdd46f7934cd82cc880573c89c1db6eee.tar.gz |
Backport container scanning fixtures
Fix JSON formating and indent
Diffstat (limited to 'spec/fixtures')
-rw-r--r-- | spec/fixtures/security-reports/feature-branch/gl-container-scanning-report.json | 30 | ||||
-rw-r--r-- | spec/fixtures/security-reports/master/gl-container-scanning-report.json | 182 |
2 files changed, 105 insertions, 107 deletions
diff --git a/spec/fixtures/security-reports/feature-branch/gl-container-scanning-report.json b/spec/fixtures/security-reports/feature-branch/gl-container-scanning-report.json index 9840382df6f..6f89d20d4bf 100644 --- a/spec/fixtures/security-reports/feature-branch/gl-container-scanning-report.json +++ b/spec/fixtures/security-reports/feature-branch/gl-container-scanning-report.json @@ -1,18 +1,16 @@ { - "image": "registry.gitlab.com/bikebilly/auto-devops-10-6/feature-branch:e7315ba964febb11bac8f5cd6ec433db8a3a1583", - "unapproved": [ - "CVE-2017-15650" - ], - "vulnerabilities": [ - { - "featurename": "musl", - "featureversion": "1.1.14-r15", - "vulnerability": "CVE-2017-15650", - "namespace": "alpine:v3.4", - "description": "", - "link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15650", - "severity": "Medium", - "fixedby": "1.1.14-r16" - } - ] + "image": "registry.gitlab.com/bikebilly/auto-devops-10-6/feature-branch:e7315ba964febb11bac8f5cd6ec433db8a3a1583", + "unapproved": ["CVE-2017-15650"], + "vulnerabilities": [ + { + "featurename": "musl", + "featureversion": "1.1.14-r15", + "vulnerability": "CVE-2017-15650", + "namespace": "alpine:v3.4", + "description": "", + "link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15650", + "severity": "Medium", + "fixedby": "1.1.14-r16" + } + ] } diff --git a/spec/fixtures/security-reports/master/gl-container-scanning-report.json b/spec/fixtures/security-reports/master/gl-container-scanning-report.json index c087352a122..68c6099836b 100644 --- a/spec/fixtures/security-reports/master/gl-container-scanning-report.json +++ b/spec/fixtures/security-reports/master/gl-container-scanning-report.json @@ -1,92 +1,92 @@ { - "image": "registry.gitlab.com/groulot/container-scanning-test/master:5f21de6956aee99ddb68ae49498662d9872f50ff", - "unapproved": [ - "CVE-2017-18018", - "CVE-2016-2781", - "CVE-2017-12424", - "CVE-2007-5686", - "CVE-2013-4235" - ], - "vulnerabilities": [ - { - "featurename": "glibc", - "featureversion": "2.24-11+deb9u3", - "vulnerability": "CVE-2017-18269", - "namespace": "debian:9", - "description": "SSE2-optimized memmove implementation problem.", - "link": "https://security-tracker.debian.org/tracker/CVE-2017-18269", - "severity": "Defcon1", - "fixedby": "2.24-11+deb9u4" - }, - { - "featurename": "glibc", - "featureversion": "2.24-11+deb9u3", - "vulnerability": "CVE-2017-16997", - "namespace": "debian:9", - "description": "elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the \"./\" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.", - "link": "https://security-tracker.debian.org/tracker/CVE-2017-16997", - "severity": "Critical", - "fixedby": "" - }, - { - "featurename": "glibc", - "featureversion": "2.24-11+deb9u3", - "vulnerability": "CVE-2018-1000001", - "namespace": "debian:9", - "description": "In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.", - "link": "https://security-tracker.debian.org/tracker/CVE-2018-1000001", - "severity": "High", - "fixedby": "" - }, - { - "featurename": "glibc", - "featureversion": "2.24-11+deb9u3", - "vulnerability": "CVE-2016-10228", - "namespace": "debian:9", - "description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", - "link": "https://security-tracker.debian.org/tracker/CVE-2016-10228", - "severity": "Medium", - "fixedby": "" - }, - { - "featurename": "elfutils", - "featureversion": "0.168-1", - "vulnerability": "CVE-2018-18520", - "namespace": "debian:9", - "description": "An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.", - "link": "https://security-tracker.debian.org/tracker/CVE-2018-18520", - "severity": "Low", - "fixedby": "" - }, - { - "featurename": "glibc", - "featureversion": "2.24-11+deb9u3", - "vulnerability": "CVE-2010-4052", - "namespace": "debian:9", - "description": "Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.", - "link": "https://security-tracker.debian.org/tracker/CVE-2010-4052", - "severity": "Negligible", - "fixedby": "" - }, - { - "featurename": "nettle", - "featureversion": "3.3-1", - "vulnerability": "CVE-2018-16869", - "namespace": "debian:9", - "description": "A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.", - "link": "https://security-tracker.debian.org/tracker/CVE-2018-16869", - "severity": "Unknown", - "fixedby": "" - }, - { - "featurename": "perl", - "featureversion": "5.24.1-3+deb9u4", - "vulnerability": "CVE-2018-18311", - "namespace": "debian:9", - "description": "Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.", - "link": "https://security-tracker.debian.org/tracker/CVE-2018-18311", - "severity": "Unknown", - "fixedby": "5.24.1-3+deb9u5" - } - ] -}
\ No newline at end of file + "image": "registry.gitlab.com/groulot/container-scanning-test/master:5f21de6956aee99ddb68ae49498662d9872f50ff", + "unapproved": [ + "CVE-2017-18018", + "CVE-2016-2781", + "CVE-2017-12424", + "CVE-2007-5686", + "CVE-2013-4235" + ], + "vulnerabilities": [ + { + "featurename": "glibc", + "featureversion": "2.24-11+deb9u3", + "vulnerability": "CVE-2017-18269", + "namespace": "debian:9", + "description": "SSE2-optimized memmove implementation problem.", + "link": "https://security-tracker.debian.org/tracker/CVE-2017-18269", + "severity": "Defcon1", + "fixedby": "2.24-11+deb9u4" + }, + { + "featurename": "glibc", + "featureversion": "2.24-11+deb9u3", + "vulnerability": "CVE-2017-16997", + "namespace": "debian:9", + "description": "elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the \"./\" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.", + "link": "https://security-tracker.debian.org/tracker/CVE-2017-16997", + "severity": "Critical", + "fixedby": "" + }, + { + "featurename": "glibc", + "featureversion": "2.24-11+deb9u3", + "vulnerability": "CVE-2018-1000001", + "namespace": "debian:9", + "description": "In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.", + "link": "https://security-tracker.debian.org/tracker/CVE-2018-1000001", + "severity": "High", + "fixedby": "" + }, + { + "featurename": "glibc", + "featureversion": "2.24-11+deb9u3", + "vulnerability": "CVE-2016-10228", + "namespace": "debian:9", + "description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", + "link": "https://security-tracker.debian.org/tracker/CVE-2016-10228", + "severity": "Medium", + "fixedby": "" + }, + { + "featurename": "elfutils", + "featureversion": "0.168-1", + "vulnerability": "CVE-2018-18520", + "namespace": "debian:9", + "description": "An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.", + "link": "https://security-tracker.debian.org/tracker/CVE-2018-18520", + "severity": "Low", + "fixedby": "" + }, + { + "featurename": "glibc", + "featureversion": "2.24-11+deb9u3", + "vulnerability": "CVE-2010-4052", + "namespace": "debian:9", + "description": "Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.", + "link": "https://security-tracker.debian.org/tracker/CVE-2010-4052", + "severity": "Negligible", + "fixedby": "" + }, + { + "featurename": "nettle", + "featureversion": "3.3-1", + "vulnerability": "CVE-2018-16869", + "namespace": "debian:9", + "description": "A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.", + "link": "https://security-tracker.debian.org/tracker/CVE-2018-16869", + "severity": "Unknown", + "fixedby": "" + }, + { + "featurename": "perl", + "featureversion": "5.24.1-3+deb9u4", + "vulnerability": "CVE-2018-18311", + "namespace": "debian:9", + "description": "Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.", + "link": "https://security-tracker.debian.org/tracker/CVE-2018-18311", + "severity": "Unknown", + "fixedby": "5.24.1-3+deb9u5" + } + ] +} |