Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • bwill/container-scanning
  • group-thiagocsf/demo/container-scanning
  • gitlab-org/security-products/analyzers/container-scanning
  • danluhring/container-scanning
  • WebDevAdminAlpha/container-scanning
  • wagoodman/container-scanning
  • sashi-group/container-scanning
  • egeneralov/container-scanning
  • ankur-sethi-cbp/container-scanning
  • bauerdominic/container-scanning
  • kzantow/container-scanning
  • gitlab-da/playground/container-scanning
  • sashi_kumar/container-scanning
  • armbiant/container-scanning
  • candrews/container-scanning
  • sunilchopra_jv/container-scanning
  • joesapartment67/container-scanning
  • adamcohen/container-scanning-mirror
  • 5678bgu/container-scanning
  • maciejmch1/container-scanning
  • JustBreathing/container-scanning
  • rangerx.1985/container-scanning
  • drgardner42/container-scanning
  • marconacken/container-scanning
  • hagaputra/container-scanning
  • gitlab-org/secure/tests/thiagocsf-secure-tests/container-scanning
  • gitlab-org/cloud-native/distroless/container-scanning
  • group-thiagocsf/test-container-scanning-latest
  • nz12311/container-scanning
  • armbiant/k-8-s-container-scanning
  • gitlab-community/security-products/analyzers/container-scanning
  • marius.lazarescu.3pg/container-scanning
  • Nasdaq-junjones/container-scanning
  • omarfyi/container-scanning
34 results
Show changes
Commits on Source (2)
Showing
with 186 additions and 20 deletions
......@@ -12,3 +12,4 @@ gem "rspec", "~> 3.0"
gem "rspec_junit_formatter"
gem "rspec-parameterized", require: false
gem "climate_control", "~> 1.0"
gem 'rspec-json_expectations'
PATH
remote: .
specs:
gcs (5.4.2)
gcs (5.4.3)
console (~> 1.8)
term-ansicolor (~> 1.7)
terminal-table (~> 3.0)
......@@ -70,6 +70,7 @@ GEM
rspec-expectations (3.11.1)
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.11.0)
rspec-json_expectations (2.2.0)
rspec-mocks (3.11.1)
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.11.0)
......@@ -140,6 +141,7 @@ DEPENDENCIES
json_schemer (~> 0.2.18)
rake (~> 12.0)
rspec (~> 3.0)
rspec-json_expectations
rspec-parameterized
rspec_junit_formatter
single_cov (~> 1.6)
......
# frozen_string_literal: true
module Gcs
VERSION = "5.4.2"
VERSION = "5.4.3"
end
......@@ -91,8 +91,13 @@ module Gcs
default_identifier_url(identifier)
end
def valid_scheme?(maybe_uri)
valid_schemes = %w[http https ftp]
maybe_uri&.match?(/\A#{URI::DEFAULT_PARSER.make_regexp(valid_schemes)}\z/)
end
def valid_uri?(maybe_uri)
maybe_uri&.match?(/\A#{URI::DEFAULT_PARSER.make_regexp}\z/)
maybe_uri&.match?(/\A#{URI::DEFAULT_PARSER.make_regexp}\z/) && valid_scheme?(maybe_uri)
end
def id_values
......
......@@ -474,7 +474,7 @@
"vendor": {
"name": "GitLab"
},
"version": "5.4.2"
"version": "5.4.3"
},
"type": "container_scanning",
"start_time": "2021-09-15T08:36:08",
......
......@@ -2867,7 +2867,7 @@
"vendor": {
"name": "GitLab"
},
"version": "5.4.2"
"version": "5.4.3"
},
"type": "container_scanning",
"start_time": "2021-09-15T08:36:08",
......
......@@ -5909,7 +5909,7 @@
"vendor": {
"name": "GitLab"
},
"version": "5.4.2"
"version": "5.4.3"
},
"type": "container_scanning",
"start_time": "2021-09-15T08:36:08",
......
{
"vulnerabilities": [
{
"id": "0b14144db6fa9e46ae58f5a31d8b5802c8406786",
"severity": "Medium",
"location": {
"dependency": {
"package": {
"name": "tar"
},
"version": "1.29-r1"
},
"operating_system": "alpine 3.7.1",
"image": "registry.gitlab.com/caneldem/trivy-test/caneldem-master-patch-27986:e2c168dd9f04b7ffe2d7c69209cb5fcee565dc21",
"default_branch_image": "registry.example.com/group/project:latest"
},
"identifiers": [
{
"type": "cve",
"name": "CVE-2018-20482",
"value": "CVE-2018-20482",
"url": "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42ccd1e2377945fd0414eca1a49294bff454"
}
],
"links": [
{
"url": "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42ccd1e2377945fd0414eca1a49294bff454"
},
{
"url": "https://lists.gnu.org/archive/html/bug-tar/2018-12/msg00023.html"
},
{
"url": "ftp://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html"
}
],
"category": "container_scanning",
"message": "tar: Infinite read loop in sparse_dump_region function in sparse.c",
"description": "GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).",
"cve": "CVE-2018-20482",
"confidence": "Unknown",
"solution": "Upgrade tar to 1.31-r0",
"scanner": {
"id": "trivy",
"name": "trivy"
}
}
],
"remediations": [
],
"scan": {
"scanner": {
"id": "trivy",
"name": "Trivy",
"url": "https://github.com/aquasecurity/trivy/",
"vendor": {
"name": "GitLab"
},
"version": "0.19.2"
},
"analyzer": {
"id": "gcs",
"name": "GitLab Container Scanning",
"vendor": {
"name": "GitLab"
},
"version": "5.4.3"
},
"type": "container_scanning",
"start_time": "2021-09-15T08:36:08",
"end_time": "2021-09-15T08:36:25",
"status": "success"
},
"version": "14.1.2"
}
\ No newline at end of file
......@@ -6441,7 +6441,7 @@
"vendor": {
"name": "GitLab"
},
"version": "5.4.2"
"version": "5.4.3"
},
"type": "container_scanning",
"start_time": "2021-09-15T08:36:08",
......
......@@ -6517,7 +6517,7 @@
"vendor": {
"name": "GitLab"
},
"version": "5.4.2"
"version": "5.4.3"
},
"type": "container_scanning",
"start_time": "2021-09-15T08:36:08",
......
......@@ -8576,7 +8576,7 @@
]
},
{
"id": "9aff81289f43bc57f4880fd82513ef1a44fa1228",
"id": "52c72f2435ccc402d0911f135ca2de6805569b3d",
"category": "container_scanning",
"message": "python: Python 3 eval of http resources during test suite runs",
"description": "In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.",
......@@ -8608,9 +8608,6 @@
}
],
"links": [
{
"url": "Patches:"
},
{
"url": "https://bugs.python.org/issue41944"
},
......@@ -9356,7 +9353,7 @@
]
},
{
"id": "2af782fc493fcecb5c1cf24b42452ac97bca756f",
"id": "686416b95c596b82d5dc96851f1659f47f5fc65e",
"category": "container_scanning",
"message": "python: Python 3 eval of http resources during test suite runs",
"description": "In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.",
......@@ -9388,9 +9385,6 @@
}
],
"links": [
{
"url": "Patches:"
},
{
"url": "https://bugs.python.org/issue41944"
},
......@@ -12444,7 +12438,7 @@
"vendor": {
"name": "GitLab"
},
"version": "5.4.2"
"version": "5.4.3"
},
"type": "container_scanning",
"start_time": "2021-09-15T08:36:08",
......
......@@ -5081,7 +5081,7 @@
"vendor": {
"name": "GitLab"
},
"version": "5.4.2"
"version": "5.4.3"
},
"type": "container_scanning",
"start_time": "2021-09-15T08:36:08",
......
......@@ -119,7 +119,7 @@
"vendor": {
"name": "GitLab"
},
"version": "5.4.2"
"version": "5.4.3"
},
"type": "container_scanning",
"start_time": "2021-09-15T08:36:08",
......
{
"vulnerabilities": [
{
"id": "CVE-2018-20482",
"category": "container_scanning",
"message": "tar: Infinite read loop in sparse_dump_region function in sparse.c",
"description": "GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).",
"cve": "CVE-2018-20482",
"severity": "Medium",
"confidence": "Unknown",
"solution": "Upgrade tar to 1.31-r0",
"scanner": {
"id": "trivy",
"name": "trivy"
},
"location": {
"dependency": {
"package": {
"name": "tar"
},
"version": "1.29-r1"
},
"operating_system": "Unknown",
"image": "registry.gitlab.com/caneldem/trivy-test/caneldem-master-patch-27986:e2c168dd9f04b7ffe2d7c69209cb5fcee565dc21 (alpine 3.7.1)"
},
"identifiers": [
{
"type": "cve",
"name": "CVE-2018-20482",
"value": "CVE-2018-20482",
"url": ""
}
],
"links": [{
"url": "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42ccd1e2377945fd0414eca1a49294bff454"
},{
"url": "https://lists.gnu.org/archive/html/bug-tar/2018-12/msg00023.html"
},{
"url": "ftp://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html"
},{
"url": "afp://www.securityfocus.com/bid/106354"
},{
"url": "git://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20482"
},{
"url": "(none)"
},{
"url": "invalid"
},{
"url": "smb://security.gentoo.org/glsa/201903-05"
},{
"url": "patches:"
},{
"url": ""
}
]
}
],
"remediations": [],
"scan": {
"scanner": {
"id": "trivy",
"name": "Trivy",
"url": "https://github.com/aquasecurity/trivy/",
"vendor": {
"name": "GitLab"
},
"version": "0.19.2"
},
"analyzer": {
"id": "gcs",
"name": "GitLab Container Scanning",
"vendor": {
"name": "GitLab"
}
},
"type": "container_scanning",
"start_time": "",
"end_time": "",
"status": "success"
}
}
# frozen_string_literal: true
require 'rspec/json_expectations'
RSpec.describe Gcs::Converter do
let(:reports) do
{
trivy_alpine: 'trivy-alpine.json',
trivy_alpine_with_invalid_urls: 'trivy-alpine-with-invalid-urls.json',
trivy_centos: 'trivy-centos.json',
trivy_debian: 'trivy-debian.json',
trivy_dependencies: 'trivy-dependencies.json',
......@@ -40,7 +42,7 @@ RSpec.describe Gcs::Converter do
end
it 'matches expected output' do
expect(gitlab_format).to eq(expected)
expect(gitlab_format).to include_json(expected)
end
end
......@@ -71,6 +73,12 @@ RSpec.describe Gcs::Converter do
it_behaves_like 'valid conversion'
end
context 'when vulnerability contains invalid URLs' do
let(:scanner_report) { :trivy_alpine_with_invalid_urls }
it_behaves_like 'valid conversion'
end
context 'when language specific scan is enabled' do
before do
allow(Gcs::Environment).to receive(:language_specific_scan_disabled?).and_return(false)
......