diff options
Diffstat (limited to 'spec/factories/ci/reports/security/findings.rb')
-rw-r--r-- | spec/factories/ci/reports/security/findings.rb | 49 |
1 files changed, 48 insertions, 1 deletions
diff --git a/spec/factories/ci/reports/security/findings.rb b/spec/factories/ci/reports/security/findings.rb index 8a39fce971f..78c11210f97 100644 --- a/spec/factories/ci/reports/security/findings.rb +++ b/spec/factories/ci/reports/security/findings.rb @@ -6,6 +6,7 @@ FactoryBot.define do confidence { :medium } identifiers { Array.new(1) { association(:ci_reports_security_identifier) } } location factory: :ci_reports_security_locations_sast + evidence factory: :ci_reports_security_evidence metadata_version { 'sast:1.0' } name { 'Cipher with no integrity' } report_type { :sast } @@ -25,7 +26,53 @@ FactoryBot.define do name: "Cipher does not check for integrity first?", url: "https://crypto.stackexchange.com/questions/31428/pbewithmd5anddes-cipher-does-not-check-for-integrity-first" } - ] + ], + evidence: { + summary: 'Credit card detected', + request: { + headers: [{ name: 'Accept', value: '*/*' }], + method: 'GET', + url: 'http://goat:8080/WebGoat/logout', + body: nil + }, + response: { + headers: [{ name: 'Content-Length', value: '0' }], + reason_phrase: 'OK', + status_code: 200, + body: nil + }, + source: { + id: 'assert:Response Body Analysis', + name: 'Response Body Analysis', + url: 'htpp://hostname/documentation' + }, + supporting_messages: [ + { + name: 'Origional', + request: { + headers: [{ name: 'Accept', value: '*/*' }], + method: 'GET', + url: 'http://goat:8080/WebGoat/logout', + body: '' + } + }, + { + name: 'Recorded', + request: { + headers: [{ name: 'Accept', value: '*/*' }], + method: 'GET', + url: 'http://goat:8080/WebGoat/logout', + body: '' + }, + response: { + headers: [{ name: 'Content-Length', value: '0' }], + reason_phrase: 'OK', + status_code: 200, + body: '' + } + } + ] + } }.deep_stringify_keys end scanner factory: :ci_reports_security_scanner |