diff options
Diffstat (limited to 'spec/fixtures/security_reports/master/gl-sast-report-semgrep-for-bandit.json')
-rw-r--r-- | spec/fixtures/security_reports/master/gl-sast-report-semgrep-for-bandit.json | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/spec/fixtures/security_reports/master/gl-sast-report-semgrep-for-bandit.json b/spec/fixtures/security_reports/master/gl-sast-report-semgrep-for-bandit.json new file mode 100644 index 00000000000..2a60a75366e --- /dev/null +++ b/spec/fixtures/security_reports/master/gl-sast-report-semgrep-for-bandit.json @@ -0,0 +1,71 @@ +{ + "version": "14.0.4", + "vulnerabilities": [ + { + "id": "985a5666dcae22adef5ac12f8a8a2dacf9b9b481ae5d87cd0ac1712b0fd64864", + "category": "sast", + "message": "Deserialization of Untrusted Data", + "description": "Avoid using `load()`. `PyYAML.load` can create arbitrary Python\nobjects. A malicious actor could exploit this to run arbitrary\ncode. Use `safe_load()` instead.\n", + "cve": "", + "severity": "Critical", + "scanner": { + "id": "semgrep", + "name": "Semgrep" + }, + "location": { + "file": "app/app.py", + "start_line": 39 + }, + "identifiers": [ + { + "type": "semgrep_id", + "name": "bandit.B506", + "value": "bandit.B506", + "url": "https://semgrep.dev/r/gitlab.bandit.B506" + }, + { + "type": "cwe", + "name": "CWE-502", + "value": "502", + "url": "https://cwe.mitre.org/data/definitions/502.html" + }, + { + "type": "bandit_test_id", + "name": "Bandit Test ID B506", + "value": "B506" + } + ], + "tracking": { + "type": "source", + "items": [ + { + "file": "app/app.py", + "line_start": 39, + "line_end": 39, + "signatures": [ + { + "algorithm": "scope_offset", + "value": "app/app.py|yaml_hammer[0]:13" + } + ] + } + ] + } + } + ], + "scan": { + "scanner": { + "id": "semgrep", + "name": "Semgrep", + "url": "https://github.com/returntocorp/semgrep", + "vendor": { + "name": "GitLab" + }, + "version": "0.82.0" + }, + "type": "sast", + "start_time": "2022-03-11T18:48:16", + "end_time": "2022-03-11T18:48:22", + "status": "success" + } +} |