-
Notifications
You must be signed in to change notification settings - Fork 1.6k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
* advance harbor to show also CWE #8632 * add unittest * flake8 * 🐛 fix unittest * trim harbor-results-file * fix * fix
- Loading branch information
1 parent
1d199e1
commit d19a88a
Showing
3 changed files
with
142 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
125 changes: 125 additions & 0 deletions
125
unittests/scans/harbor_vulnerability/harbor-trivy-vuln.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,125 @@ | ||
{ | ||
"application/vnd.security.vulnerability.report; version=1.1": { | ||
"generated_at": "2023-09-08T00:19:11.258693685Z", | ||
"scanner": { | ||
"name": "Trivy", | ||
"vendor": "Aqua Security", | ||
"version": "v0.44.0" | ||
}, | ||
"severity": "Critical", | ||
"vulnerabilities": [ | ||
{ | ||
"id": "CVE-2022-1304", | ||
"package": "e2fsprogs", | ||
"version": "1.46.2-2", | ||
"fix_version": "", | ||
"severity": "High", | ||
"description": "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", | ||
"links": [ | ||
"https://avd.aquasec.com/nvd/cve-2022-1304" | ||
], | ||
"artifact_digests": [ | ||
"sha256:711103cfce07dc03d61f51e819fad7d6fbbad20fc99caa039cc8da77e7a1c51b" | ||
], | ||
"preferred_cvss": { | ||
"score_v3": 7.8, | ||
"score_v2": null, | ||
"vector_v3": "", | ||
"vector_v2": "" | ||
}, | ||
"cwe_ids": [ | ||
"CWE-125", | ||
"CWE-787" | ||
], | ||
"vendor_attributes": { | ||
"CVSS": { | ||
"nvd": { | ||
"V2Score": 6.8, | ||
"V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", | ||
"V3Score": 7.8, | ||
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" | ||
}, | ||
"redhat": { | ||
"V3Score": 5.8, | ||
"V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H" | ||
} | ||
} | ||
} | ||
}, | ||
{ | ||
"id": "CVE-2019-1010023", | ||
"package": "libc6", | ||
"version": "2.31-13+deb11u3", | ||
"fix_version": "", | ||
"severity": "Low", | ||
"description": "** DISPUTED ** GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.\"", | ||
"links": [ | ||
"https://avd.aquasec.com/nvd/cve-2019-1010023" | ||
], | ||
"artifact_digests": [ | ||
"sha256:711103cfce07dc03d61f51e819fad7d6fbbad20fc99caa039cc8da77e7a1c51b" | ||
], | ||
"preferred_cvss": { | ||
"score_v3": 8.8, | ||
"score_v2": null, | ||
"vector_v3": "", | ||
"vector_v2": "" | ||
}, | ||
"cwe_ids": [ | ||
"" | ||
], | ||
"vendor_attributes": { | ||
"CVSS": { | ||
"nvd": { | ||
"V2Score": 6.8, | ||
"V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", | ||
"V3Score": 8.8, | ||
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" | ||
}, | ||
"redhat": { | ||
"V3Score": 7.8, | ||
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" | ||
} | ||
} | ||
} | ||
}, | ||
{ | ||
"id": "CVE-2019-1010024", | ||
"package": "libc6", | ||
"version": "2.31-13+deb11u3", | ||
"fix_version": "", | ||
"severity": "Low", | ||
"description": "** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.\"", | ||
"links": [ | ||
"https://avd.aquasec.com/nvd/cve-2019-1010024" | ||
], | ||
"artifact_digests": [ | ||
"sha256:711103cfce07dc03d61f51e819fad7d6fbbad20fc99caa039cc8da77e7a1c51b" | ||
], | ||
"preferred_cvss": { | ||
"score_v3": 5.3, | ||
"score_v2": null, | ||
"vector_v3": "", | ||
"vector_v2": "" | ||
}, | ||
"cwe_ids": [ | ||
"CWE-200" | ||
], | ||
"vendor_attributes": { | ||
"CVSS": { | ||
"nvd": { | ||
"V2Score": 5, | ||
"V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", | ||
"V3Score": 5.3, | ||
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" | ||
}, | ||
"redhat": { | ||
"V3Score": 5.3, | ||
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" | ||
} | ||
} | ||
} | ||
} | ||
] | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters