diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-04-20 10:00:54 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-04-20 10:00:54 +0000 |
commit | 3cccd102ba543e02725d247893729e5c73b38295 (patch) | |
tree | f36a04ec38517f5deaaacb5acc7d949688d1e187 /spec/fixtures | |
parent | 205943281328046ef7b4528031b90fbda70c75ac (diff) | |
download | gitlab-ce-3cccd102ba543e02725d247893729e5c73b38295.tar.gz |
Add latest changes from gitlab-org/gitlab@14-10-stable-eev14.10.0-rc42
Diffstat (limited to 'spec/fixtures')
25 files changed, 432 insertions, 49 deletions
diff --git a/spec/fixtures/api/schemas/entities/member_user.json b/spec/fixtures/api/schemas/entities/member_user.json index d42c686bb65..0750e81e115 100644 --- a/spec/fixtures/api/schemas/entities/member_user.json +++ b/spec/fixtures/api/schemas/entities/member_user.json @@ -1,15 +1,28 @@ { "type": "object", - "required": ["id", "name", "username", "avatar_url", "web_url", "blocked", "two_factor_enabled", "show_status"], + "required": [ + "id", + "name", + "username", + "created_at", + "last_activity_on", + "avatar_url", + "web_url", + "blocked", + "two_factor_enabled", + "show_status" + ], "properties": { "id": { "type": "integer" }, "name": { "type": "string" }, "username": { "type": "string" }, + "created_at": { "type": ["string"] }, "avatar_url": { "type": ["string", "null"] }, "web_url": { "type": "string" }, "blocked": { "type": "boolean" }, "two_factor_enabled": { "type": "boolean" }, "availability": { "type": ["string", "null"] }, + "last_activity_on": { "type": ["string", "null"] }, "status": { "type": "object", "required": ["emoji"], diff --git a/spec/fixtures/api/schemas/group_link/group_group_link.json b/spec/fixtures/api/schemas/group_link/group_group_link.json index bfca5c885e3..689679cbc0f 100644 --- a/spec/fixtures/api/schemas/group_link/group_group_link.json +++ b/spec/fixtures/api/schemas/group_link/group_group_link.json @@ -4,12 +4,19 @@ { "$ref": "group_link.json" }, { "required": [ - "can_update", - "can_remove" + "source" ], "properties": { - "can_update": { "type": "boolean" }, - "can_remove": { "type": "boolean" } + "source": { + "type": "object", + "required": ["id", "full_name", "web_url"], + "properties": { + "id": { "type": "integer" }, + "full_name": { "type": "string" }, + "web_url": { "type": "string" } + }, + "additionalProperties": false + } } } ] diff --git a/spec/fixtures/api/schemas/group_link/group_link.json b/spec/fixtures/api/schemas/group_link/group_link.json index 300790728a8..3c2195df11e 100644 --- a/spec/fixtures/api/schemas/group_link/group_link.json +++ b/spec/fixtures/api/schemas/group_link/group_link.json @@ -5,7 +5,10 @@ "created_at", "expires_at", "access_level", - "valid_roles" + "valid_roles", + "can_update", + "can_remove", + "is_direct_member" ], "properties": { "id": { "type": "integer" }, @@ -33,6 +36,9 @@ "web_url": { "type": "string" } }, "additionalProperties": false - } + }, + "can_update": { "type": "boolean" }, + "can_remove": { "type": "boolean" }, + "is_direct_member": { "type": "boolean" } } } diff --git a/spec/fixtures/api/schemas/group_link/project_group_link.json b/spec/fixtures/api/schemas/group_link/project_group_link.json index bfca5c885e3..615c808e5aa 100644 --- a/spec/fixtures/api/schemas/group_link/project_group_link.json +++ b/spec/fixtures/api/schemas/group_link/project_group_link.json @@ -4,12 +4,18 @@ { "$ref": "group_link.json" }, { "required": [ - "can_update", - "can_remove" + "source" ], "properties": { - "can_update": { "type": "boolean" }, - "can_remove": { "type": "boolean" } + "source": { + "type": "object", + "required": ["id", "full_name"], + "properties": { + "id": { "type": "integer" }, + "full_name": { "type": "string" } + }, + "additionalProperties": false + } } } ] diff --git a/spec/fixtures/api/schemas/public_api/v4/agent.json b/spec/fixtures/api/schemas/public_api/v4/agent.json new file mode 100644 index 00000000000..4821d5e0b04 --- /dev/null +++ b/spec/fixtures/api/schemas/public_api/v4/agent.json @@ -0,0 +1,18 @@ +{ + "type": "object", + "required": [ + "id", + "name", + "config_project", + "created_at", + "created_by_user_id" + ], + "properties": { + "id": { "type": "integer" }, + "name": { "type": "string" }, + "config_project": { "$ref": "project_identity.json" }, + "created_at": { "type": "string", "format": "date-time" }, + "created_by_user_id": { "type": "integer" } + }, + "additionalProperties": false +} diff --git a/spec/fixtures/api/schemas/public_api/v4/agents.json b/spec/fixtures/api/schemas/public_api/v4/agents.json new file mode 100644 index 00000000000..5fe3d7f9481 --- /dev/null +++ b/spec/fixtures/api/schemas/public_api/v4/agents.json @@ -0,0 +1,4 @@ +{ + "type": "array", + "items": { "$ref": "agent.json" } +} diff --git a/spec/fixtures/api/schemas/public_api/v4/issue.json b/spec/fixtures/api/schemas/public_api/v4/issue.json index 3173a8ebfb5..90b368b5226 100644 --- a/spec/fixtures/api/schemas/public_api/v4/issue.json +++ b/spec/fixtures/api/schemas/public_api/v4/issue.json @@ -86,6 +86,7 @@ "due_date": { "type": ["string", "null"] }, "confidential": { "type": "boolean" }, "web_url": { "type": "uri" }, + "severity": { "type": "string", "enum": ["UNKNOWN", "LOW", "MEDIUM", "HIGH", "CRITICAL"] }, "time_stats": { "time_estimate": { "type": "integer" }, "total_time_spent": { "type": "integer" }, diff --git a/spec/fixtures/api/schemas/public_api/v4/issue_links.json b/spec/fixtures/api/schemas/public_api/v4/issue_links.json deleted file mode 100644 index d254615dd58..00000000000 --- a/spec/fixtures/api/schemas/public_api/v4/issue_links.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "type": "array", - "items": { - "type": "object", - "properties" : { - "$ref": "./issue_link.json" - } - } -} diff --git a/spec/fixtures/api/schemas/public_api/v4/project_identity.json b/spec/fixtures/api/schemas/public_api/v4/project_identity.json new file mode 100644 index 00000000000..6471dd560c5 --- /dev/null +++ b/spec/fixtures/api/schemas/public_api/v4/project_identity.json @@ -0,0 +1,22 @@ +{ + "type": "object", + "required": [ + "id", + "description", + "name", + "name_with_namespace", + "path", + "path_with_namespace", + "created_at" + ], + "properties": { + "id": { "type": "integer" }, + "description": { "type": ["string", "null"] }, + "name": { "type": "string" }, + "name_with_namespace": { "type": "string" }, + "path": { "type": "string" }, + "path_with_namespace": { "type": "string" }, + "created_at": { "type": "string", "format": "date-time" } + }, + "additionalProperties": false +} diff --git a/spec/fixtures/api/schemas/public_api/v4/related_issues.json b/spec/fixtures/api/schemas/public_api/v4/related_issues.json new file mode 100644 index 00000000000..83095ab44c1 --- /dev/null +++ b/spec/fixtures/api/schemas/public_api/v4/related_issues.json @@ -0,0 +1,26 @@ +{ + "type": "array", + "items": { + "type": "object", + "allOf": [ + { "$ref": "../../../../../../spec/fixtures/api/schemas/public_api/v4/issue.json" }, + { + "required" : [ + "link_type", + "issue_link_id", + "link_created_at", + "link_updated_at" + ], + "properties" : { + "link_type": { + "type": "string", + "enum": ["relates_to", "blocks", "is_blocked_by"] + }, + "issue_link_id": { "type": "integer" }, + "link_created_at": { "type": "string" }, + "link_updated_at": { "type": "string" } + } + } + ] + } +} diff --git a/spec/fixtures/api/schemas/public_api/v4/release/release_for_guest.json b/spec/fixtures/api/schemas/public_api/v4/release/release_for_guest.json index 465e1193a64..0f9a5ccfa7d 100644 --- a/spec/fixtures/api/schemas/public_api/v4/release/release_for_guest.json +++ b/spec/fixtures/api/schemas/public_api/v4/release/release_for_guest.json @@ -5,6 +5,7 @@ "name": { "type": "string" }, "description": { "type": "string" }, "description_html": { "type": "string" }, + "tag_name": { "type": "string"}, "created_at": { "type": "string", "format": "date-time" }, "released_at": { "type": "string", "format": "date-time" }, "upcoming_release": { "type": "boolean" }, diff --git a/spec/fixtures/api/schemas/public_api/v4/resource_access_token.json b/spec/fixtures/api/schemas/public_api/v4/resource_access_token.json new file mode 100644 index 00000000000..3636c970e83 --- /dev/null +++ b/spec/fixtures/api/schemas/public_api/v4/resource_access_token.json @@ -0,0 +1,31 @@ +{ + "type": "object", + "required": [ + "id", + "name", + "user_id", + "active", + "created_at", + "expires_at", + "revoked", + "access_level", + "scopes", + "last_used_at" + ], + "properties": { + "id": { "type": "integer" }, + "name": { "type": "string" }, + "user_id": { "type": "integer" }, + "active": { "type": "boolean" }, + "created_at": { "type": "string", "format": "date-time" }, + "expires_at": { "type": ["string", "null"], "format": "date" }, + "revoked": { "type": "boolean" }, + "access_level": { "type": "integer" }, + "scopes": { + "type": "array", + "items": { "type": "string" } + }, + "last_used_at": { "type": ["string", "null"], "format": "date-time" } + }, + "additionalProperties": false +} diff --git a/spec/fixtures/api/schemas/public_api/v4/resource_access_tokens.json b/spec/fixtures/api/schemas/public_api/v4/resource_access_tokens.json new file mode 100644 index 00000000000..1bf013b8bca --- /dev/null +++ b/spec/fixtures/api/schemas/public_api/v4/resource_access_tokens.json @@ -0,0 +1,4 @@ +{ + "type": "array", + "items": { "$ref": "resource_access_token.json" } +} diff --git a/spec/fixtures/api/schemas/public_api/v4/user/admin.json b/spec/fixtures/api/schemas/public_api/v4/user/admin.json index f733914fbf8..8d06e16848f 100644 --- a/spec/fixtures/api/schemas/public_api/v4/user/admin.json +++ b/spec/fixtures/api/schemas/public_api/v4/user/admin.json @@ -26,7 +26,8 @@ "can_create_group", "can_create_project", "two_factor_enabled", - "external" + "external", + "namespace_id" ], "properties": { "$ref": "full.json" diff --git a/spec/fixtures/avatars/avatar1.png b/spec/fixtures/avatars/avatar1.png Binary files differnew file mode 100644 index 00000000000..7e8afb39f17 --- /dev/null +++ b/spec/fixtures/avatars/avatar1.png diff --git a/spec/fixtures/avatars/avatar2.png b/spec/fixtures/avatars/avatar2.png Binary files differnew file mode 100644 index 00000000000..462678b1871 --- /dev/null +++ b/spec/fixtures/avatars/avatar2.png diff --git a/spec/fixtures/avatars/avatar3.png b/spec/fixtures/avatars/avatar3.png Binary files differnew file mode 100644 index 00000000000..e065f681817 --- /dev/null +++ b/spec/fixtures/avatars/avatar3.png diff --git a/spec/fixtures/avatars/avatar4.png b/spec/fixtures/avatars/avatar4.png Binary files differnew file mode 100644 index 00000000000..647ee193cbd --- /dev/null +++ b/spec/fixtures/avatars/avatar4.png diff --git a/spec/fixtures/avatars/avatar5.png b/spec/fixtures/avatars/avatar5.png Binary files differnew file mode 100644 index 00000000000..27e973dc5e3 --- /dev/null +++ b/spec/fixtures/avatars/avatar5.png diff --git a/spec/fixtures/emails/service_desk_reply_to_and_from.eml b/spec/fixtures/emails/service_desk_reply_to_and_from.eml deleted file mode 100644 index 2545e0d30f8..00000000000 --- a/spec/fixtures/emails/service_desk_reply_to_and_from.eml +++ /dev/null @@ -1,28 +0,0 @@ -Delivered-To: incoming+email-test-project_id-issue-@appmail.adventuretime.ooo -Return-Path: <jake@adventuretime.ooo> -Received: from iceking.adventuretime.ooo ([unix socket]) by iceking (Cyrus v2.2.13-Debian-2.2.13-19+squeeze3) with LMTPA; Thu, 13 Jun 2013 17:03:50 -0400 -Received: from mail-ie0-x234.google.com (mail-ie0-x234.google.com [IPv6:2607:f8b0:4001:c03::234]) by iceking.adventuretime.ooo (8.14.3/8.14.3/Debian-9.4) with ESMTP id r5DL3nFJ016967 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT) for <incoming+gitlabhq/gitlabhq@appmail.adventuretime.ooo>; Thu, 13 Jun 2013 17:03:50 -0400 -Received: by mail-ie0-f180.google.com with SMTP id f4so21977375iea.25 for <incoming+email-test-project_id-issue-@appmail.adventuretime.ooo>; Thu, 13 Jun 2013 14:03:48 -0700 -Received: by 10.0.0.1 with HTTP; Thu, 13 Jun 2013 14:03:48 -0700 -Date: Thu, 13 Jun 2013 17:03:48 -0400 -Reply-To: Marceline <marceline@adventuretime.ooo> -From: Finn the Human <finn@adventuretime.ooo> -Sender: Jake the Dog <jake@adventuretime.ooo> -To: support@adventuretime.ooo -Delivered-To: support@adventuretime.ooo -Message-ID: <CADkmRc+rNGAGGbV2iE5p918UVy4UyJqVcXRO2=otppgzduJSg@mail.gmail.com> -Subject: The message subject! @all -Mime-Version: 1.0 -Content-Type: text/plain; - charset=ISO-8859-1 -Content-Transfer-Encoding: 7bit -X-Sieve: CMU Sieve 2.2 -X-Received: by 10.0.0.1 with SMTP id n7mr11234144ipb.85.1371157428600; Thu, - 13 Jun 2013 14:03:48 -0700 (PDT) -X-Scanned-By: MIMEDefang 2.69 on IPv6:2001:470:1d:165::1 - -Service desk stuff! - -``` -a = b -``` diff --git a/spec/fixtures/markdown/markdown_golden_master_examples.yml b/spec/fixtures/markdown/markdown_golden_master_examples.yml index 8556811974d..bdd7c13c1a3 100644 --- a/spec/fixtures/markdown/markdown_golden_master_examples.yml +++ b/spec/fixtures/markdown/markdown_golden_master_examples.yml @@ -377,6 +377,34 @@ </ol> </details> +- name: diagram_kroki_nomnoml + markdown: |- + ```nomnoml + #stroke: #a86128 + [<frame>Decorator pattern| + [<abstract>Component||+ operation()] + [Client] depends --> [Component] + [Decorator|- next: Component] + [Decorator] decorates -- [ConcreteComponent] + [Component] <:- [Decorator] + [Component] <:- [ConcreteComponent] + ] + ``` + html: |- + <a class="no-attachment-icon" href="http://localhost:8000/nomnoml/svg/eNp1jbsOwjAMRfd-haUuIJQBBlRFVZb2L1CGkBqpgtpR6oEhH0_CW6hsts-9xwD1LJHPqKF2zX67ayqAQ3uKbkLTo-fohCMEJ4KRUoYFu2MuOS-m4ykwIUlKG-CAOT0yrdb2EewuY2YWBgxIwwxKmXx8dZ6h95ekgPAqGv4miuk-YnEVFfmIgr-Fzw6tVt-CZb7osdUNUAReJA==" target="_blank" rel="noopener noreferrer" data-diagram="nomnoml" data-diagram-src="data:text/plain;base64,ICAjc3Ryb2tlOiAjYTg2MTI4CiAgWzxmcmFtZT5EZWNvcmF0b3IgcGF0dGVybnwKICAgIFs8YWJzdHJhY3Q+Q29tcG9uZW50fHwrIG9wZXJhdGlvbigpXQogICAgW0NsaWVudF0gZGVwZW5kcyAtLT4gW0NvbXBvbmVudF0KICAgIFtEZWNvcmF0b3J8LSBuZXh0OiBDb21wb25lbnRdCiAgICBbRGVjb3JhdG9yXSBkZWNvcmF0ZXMgLS0gW0NvbmNyZXRlQ29tcG9uZW50XQogICAgW0NvbXBvbmVudF0gPDotIFtEZWNvcmF0b3JdCiAgICBbQ29tcG9uZW50XSA8Oi0gW0NvbmNyZXRlQ29tcG9uZW50XQogIF0K"><img src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" class="js-render-kroki lazy" data-src="http://localhost:8000/nomnoml/svg/eNp1jbsOwjAMRfd-haUuIJQBBlRFVZb2L1CGkBqpgtpR6oEhH0_CW6hsts-9xwD1LJHPqKF2zX67ayqAQ3uKbkLTo-fohCMEJ4KRUoYFu2MuOS-m4ykwIUlKG-CAOT0yrdb2EewuY2YWBgxIwwxKmXx8dZ6h95ekgPAqGv4miuk-YnEVFfmIgr-Fzw6tVt-CZb7osdUNUAReJA=="></a> + +- name: diagram_plantuml + markdown: |- + ```plantuml + Alice -> Bob: Authentication Request + Bob --> Alice: Authentication Response + + Alice -> Bob: Another authentication Request + Alice <-- Bob: Another authentication Response + ``` + html: |- + <a class="no-attachment-icon" href="http://localhost:8080/png/U9nJK73CoKnELT2rKt3AJx9IS2mjoKZDAybCJYp9pCzJ24ejB4qjBk5I0Cagw09LWPLZKLTSa9zNdCe5L8bcO5u-K6MHGY8kWo7ARNHr2QY7MW00AeWxTG00" target="_blank" rel="noopener noreferrer" data-diagram="plantuml" data-diagram-src="data:text/plain;base64,ICBBbGljZSAtPiBCb2I6IEF1dGhlbnRpY2F0aW9uIFJlcXVlc3QKICBCb2IgLS0+IEFsaWNlOiBBdXRoZW50aWNhdGlvbiBSZXNwb25zZQoKICBBbGljZSAtPiBCb2I6IEFub3RoZXIgYXV0aGVudGljYXRpb24gUmVxdWVzdAogIEFsaWNlIDwtLSBCb2I6IEFub3RoZXIgYXV0aGVudGljYXRpb24gUmVzcG9uc2UK"><img src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" class="lazy" data-src="http://localhost:8080/png/U9nJK73CoKnELT2rKt3AJx9IS2mjoKZDAybCJYp9pCzJ24ejB4qjBk5I0Cagw09LWPLZKLTSa9zNdCe5L8bcO5u-K6MHGY8kWo7ARNHr2QY7MW00AeWxTG00"></a> + - name: div markdown: |- <div>plain text</div> diff --git a/spec/fixtures/security_reports/master/gl-sast-report-bandit.json b/spec/fixtures/security_reports/master/gl-sast-report-bandit.json new file mode 100644 index 00000000000..a80833354ed --- /dev/null +++ b/spec/fixtures/security_reports/master/gl-sast-report-bandit.json @@ -0,0 +1,43 @@ +{ + "version": "14.0.4", + "vulnerabilities": [ + { + "id": "985a5666dcae22adef5ac12f8a8a2dacf9b9b481ae5d87cd0ac1712b0fd64864", + "category": "sast", + "message": "Deserialization of Untrusted Data", + "description": "Avoid using `load()`. `PyYAML.load` can create arbitrary Python\nobjects. A malicious actor could exploit this to run arbitrary\ncode. Use `safe_load()` instead.\n", + "cve": "", + "severity": "Critical", + "scanner": { + "id": "bandit", + "name": "Bandit" + }, + "location": { + "file": "app/app.py", + "start_line": 39 + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B506", + "value": "B506" + } + ] + } + ], + "scan": { + "scanner": { + "id": "bandit", + "name": "Bandit", + "url": "https://github.com/PyCQA/bandit", + "vendor": { + "name": "GitLab" + }, + "version": "1.7.1" + }, + "type": "sast", + "start_time": "2022-03-11T00:21:49", + "end_time": "2022-03-11T00:21:50", + "status": "success" + } +} diff --git a/spec/fixtures/security_reports/master/gl-sast-report-gosec.json b/spec/fixtures/security_reports/master/gl-sast-report-gosec.json new file mode 100644 index 00000000000..42986ea1045 --- /dev/null +++ b/spec/fixtures/security_reports/master/gl-sast-report-gosec.json @@ -0,0 +1,68 @@ +{ + "version": "14.0.4", + "vulnerabilities": [ + { + "id": "2e5656ff30e2e7cc93c36b4845c8a689ddc47fdbccf45d834c67442fbaa89be0", + "category": "sast", + "name": "Key Exchange without Entity Authentication", + "message": "Use of ssh InsecureIgnoreHostKey should be audited", + "description": "The software performs a key exchange with an actor without verifying the identity of that actor.", + "cve": "og.go:8:7: func foo() {\n8: \t_ = ssh.InsecureIgnoreHostKey()\n9: }\n:CWE-322", + "severity": "Medium", + "confidence": "High", + "raw_source_code_extract": "7: func foo() {\n8: \t_ = ssh.InsecureIgnoreHostKey()\n9: }\n", + "scanner": { + "id": "gosec", + "name": "Gosec" + }, + "location": { + "file": "og.go", + "start_line": 8 + }, + "identifiers": [ + { + "type": "gosec_rule_id", + "name": "Gosec Rule ID G106", + "value": "G106" + }, + { + "type": "CWE", + "name": "CWE-322", + "value": "322", + "url": "https://cwe.mitre.org/data/definitions/322.html" + } + ], + "tracking": { + "type": "source", + "items": [ + { + "file": "og.go", + "line_start": 8, + "line_end": 8, + "signatures": [ + { + "algorithm": "scope_offset", + "value": "og.go|foo[0]:1" + } + ] + } + ] + } + } + ], + "scan": { + "scanner": { + "id": "gosec", + "name": "Gosec", + "url": "https://github.com/securego/gosec", + "vendor": { + "name": "GitLab" + }, + "version": "2.10.0" + }, + "type": "sast", + "start_time": "2022-03-15T20:33:12", + "end_time": "2022-03-15T20:33:17", + "status": "success" + } +} diff --git a/spec/fixtures/security_reports/master/gl-sast-report-semgrep-for-bandit.json b/spec/fixtures/security_reports/master/gl-sast-report-semgrep-for-bandit.json new file mode 100644 index 00000000000..2a60a75366e --- /dev/null +++ b/spec/fixtures/security_reports/master/gl-sast-report-semgrep-for-bandit.json @@ -0,0 +1,71 @@ +{ + "version": "14.0.4", + "vulnerabilities": [ + { + "id": "985a5666dcae22adef5ac12f8a8a2dacf9b9b481ae5d87cd0ac1712b0fd64864", + "category": "sast", + "message": "Deserialization of Untrusted Data", + "description": "Avoid using `load()`. `PyYAML.load` can create arbitrary Python\nobjects. A malicious actor could exploit this to run arbitrary\ncode. Use `safe_load()` instead.\n", + "cve": "", + "severity": "Critical", + "scanner": { + "id": "semgrep", + "name": "Semgrep" + }, + "location": { + "file": "app/app.py", + "start_line": 39 + }, + "identifiers": [ + { + "type": "semgrep_id", + "name": "bandit.B506", + "value": "bandit.B506", + "url": "https://semgrep.dev/r/gitlab.bandit.B506" + }, + { + "type": "cwe", + "name": "CWE-502", + "value": "502", + "url": "https://cwe.mitre.org/data/definitions/502.html" + }, + { + "type": "bandit_test_id", + "name": "Bandit Test ID B506", + "value": "B506" + } + ], + "tracking": { + "type": "source", + "items": [ + { + "file": "app/app.py", + "line_start": 39, + "line_end": 39, + "signatures": [ + { + "algorithm": "scope_offset", + "value": "app/app.py|yaml_hammer[0]:13" + } + ] + } + ] + } + } + ], + "scan": { + "scanner": { + "id": "semgrep", + "name": "Semgrep", + "url": "https://github.com/returntocorp/semgrep", + "vendor": { + "name": "GitLab" + }, + "version": "0.82.0" + }, + "type": "sast", + "start_time": "2022-03-11T18:48:16", + "end_time": "2022-03-11T18:48:22", + "status": "success" + } +} diff --git a/spec/fixtures/security_reports/master/gl-sast-report-semgrep-for-gosec.json b/spec/fixtures/security_reports/master/gl-sast-report-semgrep-for-gosec.json new file mode 100644 index 00000000000..3d8c65d5823 --- /dev/null +++ b/spec/fixtures/security_reports/master/gl-sast-report-semgrep-for-gosec.json @@ -0,0 +1,70 @@ +{ + "version": "14.0.4", + "vulnerabilities": [ + { + "id": "79f6537b7ec83c7717f5bd1a4f12645916caafefe2e4359148d889855505aa67", + "category": "sast", + "message": "Key Exchange without Entity Authentication", + "description": "Audit the use of ssh.InsecureIgnoreHostKey\n", + "cve": "", + "severity": "Medium", + "scanner": { + "id": "semgrep", + "name": "Semgrep" + }, + "location": { + "file": "og.go", + "start_line": 8 + }, + "identifiers": [ + { + "type": "semgrep_id", + "name": "gosec.G106-1", + "value": "gosec.G106-1" + }, + { + "type": "cwe", + "name": "CWE-322", + "value": "322", + "url": "https://cwe.mitre.org/data/definitions/322.html" + }, + { + "type": "gosec_rule_id", + "name": "Gosec Rule ID G106", + "value": "G106" + } + ], + "tracking": { + "type": "source", + "items": [ + { + "file": "og.go", + "line_start": 8, + "line_end": 8, + "signatures": [ + { + "algorithm": "scope_offset", + "value": "og.go|foo[0]:1" + } + ] + } + ] + } + } + ], + "scan": { + "scanner": { + "id": "semgrep", + "name": "Semgrep", + "url": "https://github.com/returntocorp/semgrep", + "vendor": { + "name": "GitLab" + }, + "version": "0.82.0" + }, + "type": "sast", + "start_time": "2022-03-15T20:36:58", + "end_time": "2022-03-15T20:37:05", + "status": "success" + } +} |