From a38bd981dd8a7fa1116016eed0503a81cff39eea Mon Sep 17 00:00:00 2001 From: "Grayson, Matthew" Date: Mon, 18 Mar 2024 09:54:14 -0500 Subject: [PATCH 1/2] Exclude test snapshots from trailing-whitespace; apply fixes from end-of-file-fixer, prettier, and trailing-whitespace. --- .dockerignore | 2 +- .gitignore | 1 - .pre-commit-config.yaml | 1 + Dockerfile.docs | 2 +- LICENSE | 2 +- backend/.dockerignore | 2 +- backend/.npmrc | 2 +- backend/.snyk | 4 +- backend/Dockerfile.pe | 6 +- backend/Dockerfile.worker | 2 +- backend/src/api/users.ts | 4 +- backend/src/tasks/cve.ts | 2 +- backend/src/tasks/helpers/technologies.json | 176 ++-- backend/src/tasks/sample_data/adjectives.json | 218 ++--- backend/src/tasks/sample_data/cpes.json | 16 +- backend/src/tasks/sample_data/cves.json | 880 +++++++++--------- backend/src/tasks/sample_data/nouns.json | 476 +++++----- backend/src/tasks/sample_data/services.json | 27 +- backend/src/tasks/wappalyzer.ts | 10 +- backend/worker/common_tlds.dict | 2 +- backend/worker/webscraper/.gitignore | 2 +- docs/.dockerignore | 2 +- docs/.gitignore | 2 +- docs/.prettierignore | 2 +- docs/.prettierrc | 2 +- docs/package.json | 70 +- docs/src/components/highlights.js | 2 +- docs/src/components/search-form.js | 24 +- docs/src/components/seo.js | 20 +- docs/src/styles/index.scss | 6 +- docs/src/templates/architecture-diagram.html | 30 +- frontend/.dockerignore | 2 +- frontend/Dockerfile | 2 +- frontend/prod.env | 2 +- frontend/public/robots.txt | 2 +- frontend/scripts/package.json | 4 +- frontend/src/assets/icon-dot-gov.svg | 2 +- frontend/src/assets/icon-https.svg | 2 +- .../components/AuthForm/styles.module.scss | 4 +- frontend/src/components/Header.tsx | 14 +- frontend/src/pages/Scans/arrow-both.svg | 2 +- frontend/src/styles.scss | 35 +- frontend/stage.env | 2 +- infrastructure/Makefile | 4 +- infrastructure/api_gateway_alarms.tf | 1 - infrastructure/cloudtrail.tf | 2 +- infrastructure/cloudwatch.tf | 2 +- infrastructure/database.tf | 1 - infrastructure/elastic.tf | 2 - infrastructure/kms.tf | 2 +- infrastructure/log_alarms.tf | 2 +- infrastructure/log_filters.tf | 2 +- infrastructure/pe.tf | 2 +- infrastructure/pe_worker.tf | 2 +- infrastructure/stage.config | 2 +- infrastructure/users.tf | 2 +- infrastructure/vars.tf | 2 +- minio-data/crossfeed-local-exports/README.md | 2 +- 58 files changed, 1057 insertions(+), 1043 deletions(-) diff --git a/.dockerignore b/.dockerignore index e6b4c38c..9391f68f 100644 --- a/.dockerignore +++ b/.dockerignore @@ -11,4 +11,4 @@ nvd-dump minio-data **/node_modules **/.cache -./docs/node_modules \ No newline at end of file +./docs/node_modules diff --git a/.gitignore b/.gitignore index 69c09e98..34f77592 100644 --- a/.gitignore +++ b/.gitignore @@ -50,4 +50,3 @@ minio-data infrastructure/lambdas/security_headers.zip *.hcl .iac-data - diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 30e9e9f9..9deec472 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -26,6 +26,7 @@ repos: - --autofix - id: requirements-txt-fixer - id: trailing-whitespace + exclude: .*.snap # Text file hooks - repo: https://github.com/igorshubovych/markdownlint-cli diff --git a/Dockerfile.docs b/Dockerfile.docs index bed607ab..c60abd25 100644 --- a/Dockerfile.docs +++ b/Dockerfile.docs @@ -21,4 +21,4 @@ COPY ./docs . # Configure port used by Gatsby ENV INTERNAL_STATUS_PORT=44475 -CMD npm run codegen; npm run develop -- -H 0.0.0.0 --port 4000 \ No newline at end of file +CMD npm run codegen; npm run develop -- -H 0.0.0.0 --port 4000 diff --git a/LICENSE b/LICENSE index 67ee7c91..fe60c236 100644 --- a/LICENSE +++ b/LICENSE @@ -113,4 +113,4 @@ party to this document and has no duty or obligation with respect to this CC0 or use of the Work. For more information, please see - \ No newline at end of file + diff --git a/backend/.dockerignore b/backend/.dockerignore index 510052ca..fa207aab 100644 --- a/backend/.dockerignore +++ b/backend/.dockerignore @@ -4,4 +4,4 @@ node_modules dist Dockerfile* nvd-dump -coverage \ No newline at end of file +coverage diff --git a/backend/.npmrc b/backend/.npmrc index 4fd02195..b6f27f13 100644 --- a/backend/.npmrc +++ b/backend/.npmrc @@ -1 +1 @@ -engine-strict=true \ No newline at end of file +engine-strict=true diff --git a/backend/.snyk b/backend/.snyk index 540e11d0..59c21139 100644 --- a/backend/.snyk +++ b/backend/.snyk @@ -4,9 +4,9 @@ version: v1.22.1 # ignores vulnerabilities until expiry date; change duration by modifying expiry date -ignore: +ignore: # ignore scrapy 2.x.x for 6 months. - SNYK-PYTHON-SCRAPY-40690: + SNYK-PYTHON-SCRAPY-40690: - '*': reason: No fix available up to version 2.11.0 expires: 2024-06-01T00:00:00.000Z diff --git a/backend/Dockerfile.pe b/backend/Dockerfile.pe index eb0fa4b1..eef90641 100644 --- a/backend/Dockerfile.pe +++ b/backend/Dockerfile.pe @@ -33,9 +33,9 @@ RUN git clone -b AL-staging-SQS https://github.com/cisagov/pe-reports.git && \ RUN python -m spacy download en_core_web_lg -# Create database.ini -RUN echo "[database]" > database.ini \ - && echo "user=$(cat db_user.txt)" >> database.ini \ +# Create database.ini +RUN echo "[database]" > database.ini \ + && echo "user=$(cat db_user.txt)" >> database.ini \ && echo "password=$(cat db_password.txt)" >> database.ini COPY worker worker diff --git a/backend/Dockerfile.worker b/backend/Dockerfile.worker index e33a19ad..ea688f90 100644 --- a/backend/Dockerfile.worker +++ b/backend/Dockerfile.worker @@ -26,7 +26,7 @@ WORKDIR /app RUN apk add --no-cache curl unzip musl-dev -RUN curl -4LO http://github.com/Findomain/Findomain/releases/latest/download/findomain-linux.zip +RUN curl -4LO http://github.com/Findomain/Findomain/releases/latest/download/findomain-linux.zip RUN unzip findomain-linux.zip && chmod +x findomain && cp findomain /usr/bin/findomain RUN go mod init crossfeed-worker diff --git a/backend/src/api/users.ts b/backend/src/api/users.ts index 836b42a5..15ea784c 100644 --- a/backend/src/api/users.ts +++ b/backend/src/api/users.ts @@ -306,7 +306,7 @@ Crossfeed access instructions: 5. You will be prompted to enable MFA. Scan the QR code with an authenticator app on your phone, such as Microsoft Authenticator. Enter the MFA code you see after scanning. 6. After configuring your account, you will be redirected to Crossfeed. -For more information on using Crossfeed, view the Crossfeed user guide at https://docs.crossfeed.cyber.dhs.gov/user-guide/quickstart/. +For more information on using Crossfeed, view the Crossfeed user guide at https://docs.crossfeed.cyber.dhs.gov/user-guide/quickstart/. If you encounter any difficulties, please feel free to reply to this email (or send an email to ${ process.env.CROSSFEED_SUPPORT_EMAIL_REPLYTO @@ -825,7 +825,7 @@ export const inviteV2 = wrapHandler(async (event) => { `Hello, Your Crossfeed registration is under review. You will receive an email when your registration is approved. - + Thank you!` ); }; diff --git a/backend/src/tasks/cve.ts b/backend/src/tasks/cve.ts index 148fabc7..bf1b2bf2 100644 --- a/backend/src/tasks/cve.ts +++ b/backend/src/tasks/cve.ts @@ -20,7 +20,7 @@ import { CISACatalogOfKnownExploitedVulnerabilities } from 'src/models/generated * The CVE scan creates vulnerabilities based on existing * data (such as product version numbers / CPEs, webpages) * that have already been collected from other scans. - * + * * To manually test the CVE tools from your command line, run: nvdsync -cve_feed cve-1.1.json.gz nvd-dump diff --git a/backend/src/tasks/helpers/technologies.json b/backend/src/tasks/helpers/technologies.json index 9c555950..dc78671a 100644 --- a/backend/src/tasks/helpers/technologies.json +++ b/backend/src/tasks/helpers/technologies.json @@ -1,93 +1,93 @@ { - "Sitefinity": { - "cats": [ - 1 - ], - "icon": "Sitefinity.svg", - "cpe": "cpe:/a:progress:sitefinity", - "implies": "Microsoft ASP.NET", - "js": { - "Telerik.Sitefinity": "" - }, - "meta": { - "generator": "^Sitefinity (\\S+)\\;version:\\1" - }, - "website": "https://www.progress.com/sitefinity-cms", - "examples": [ - { - "name": "with version and suffix", - "html": "Oracle WebLogic Server Administration Console", - "

WebLogic Server Version: (.*?)

\\;version:\\1" - ], - "icon": "Oracle.png", - "website": "http://www.oracle.com/technetwork/middleware/ias/overview/index.html", - "examples": [ - { - "name": "with version", - "html": "

WebLogic Server Version: 10.3.6.0

", - "version": "10.3.6.0" - } - ] + "cpe": "cpe:/a:atlassian:crowd", + "examples": [ + { + "html": "", + "name": "with version", + "version": "3.7.0" + } + ], + "html": [ + "", + "Oracle PeopleSoft Sign-in" + ], + "website": "https://www.oracle.com/applications/peoplesoft/" + }, + "Oracle WebLogic Server": { + "cats": [ + 22 + ], + "cpe": "cpe:/a:oracle:weblogic_server", + "examples": [ + { + "html": "

WebLogic Server Version: 10.3.6.0

", + "name": "with version", + "version": "10.3.6.0" + } + ], + "html": [ + "Oracle WebLogic Server Administration Console", + "

WebLogic Server Version: (.*?)

\\;version:\\1" + ], + "icon": "Oracle.png", + "website": "http://www.oracle.com/technetwork/middleware/ias/overview/index.html" + }, + "Sitefinity": { + "cats": [ + 1 + ], + "cpe": "cpe:/a:progress:sitefinity", + "examples": [ + { + "html": "", - "", - "version": "3.7.0" - } - ] + "meta": { + "generator": "^Sitefinity (\\S+)\\;version:\\1" }, - "Oracle PeopleSoft": { - "cats": [ - 61 - ], - "cookies": { - "PS_TOKEN": "" - }, - "cpe": "cpe:/a:oracle:peoplesoft_enterprise", - "html": [ - "Oracle PeopleSoft Sign-in" - ], - "website": "https://www.oracle.com/applications/peoplesoft/" - } -} \ No newline at end of file + "website": "https://www.progress.com/sitefinity-cms" + } +} diff --git a/backend/src/tasks/sample_data/adjectives.json b/backend/src/tasks/sample_data/adjectives.json index 2e5c3142..5f838b6b 100644 --- a/backend/src/tasks/sample_data/adjectives.json +++ b/backend/src/tasks/sample_data/adjectives.json @@ -1,110 +1,110 @@ [ - "admiring", - "adoring", - "affectionate", - "agitated", - "amazing", - "angry", - "awesome", - "beautiful", - "blissful", - "bold", - "boring", - "brave", - "busy", - "charming", - "clever", - "cool", - "compassionate", - "competent", - "condescending", - "confident", - "cranky", - "crazy", - "dazzling", - "determined", - "distracted", - "dreamy", - "eager", - "ecstatic", - "elastic", - "elated", - "elegant", - "eloquent", - "epic", - "exciting", - "fervent", - "festive", - "flamboyant", - "focused", - "friendly", - "frosty", - "funny", - "gallant", - "gifted", - "goofy", - "gracious", - "great", - "happy", - "hardcore", - "heuristic", - "hopeful", - "hungry", - "infallible", - "inspiring", - "interesting", - "intelligent", - "jolly", - "jovial", - "keen", - "kind", - "laughing", - "loving", - "lucid", - "magical", - "mystifying", - "modest", - "musing", - "naughty", - "nervous", - "nice", - "nifty", - "nostalgic", - "objective", - "optimistic", - "peaceful", - "pedantic", - "pensive", - "practical", - "priceless", - "quirky", - "quizzical", - "recursing", - "relaxed", - "reverent", - "romantic", - "sad", - "serene", - "sharp", - "silly", - "sleepy", - "stoic", - "strange", - "stupefied", - "suspicious", - "sweet", - "tender", - "thirsty", - "trusting", - "unruffled", - "upbeat", - "vibrant", - "vigilant", - "vigorous", - "wizardly", - "wonderful", - "xenodochial", - "youthful", - "zealous", - "zen" -] \ No newline at end of file + "admiring", + "adoring", + "affectionate", + "agitated", + "amazing", + "angry", + "awesome", + "beautiful", + "blissful", + "bold", + "boring", + "brave", + "busy", + "charming", + "clever", + "cool", + "compassionate", + "competent", + "condescending", + "confident", + "cranky", + "crazy", + "dazzling", + "determined", + "distracted", + "dreamy", + "eager", + "ecstatic", + "elastic", + "elated", + "elegant", + "eloquent", + "epic", + "exciting", + "fervent", + "festive", + "flamboyant", + "focused", + "friendly", + "frosty", + "funny", + "gallant", + "gifted", + "goofy", + "gracious", + "great", + "happy", + "hardcore", + "heuristic", + "hopeful", + "hungry", + "infallible", + "inspiring", + "interesting", + "intelligent", + "jolly", + "jovial", + "keen", + "kind", + "laughing", + "loving", + "lucid", + "magical", + "mystifying", + "modest", + "musing", + "naughty", + "nervous", + "nice", + "nifty", + "nostalgic", + "objective", + "optimistic", + "peaceful", + "pedantic", + "pensive", + "practical", + "priceless", + "quirky", + "quizzical", + "recursing", + "relaxed", + "reverent", + "romantic", + "sad", + "serene", + "sharp", + "silly", + "sleepy", + "stoic", + "strange", + "stupefied", + "suspicious", + "sweet", + "tender", + "thirsty", + "trusting", + "unruffled", + "upbeat", + "vibrant", + "vigilant", + "vigorous", + "wizardly", + "wonderful", + "xenodochial", + "youthful", + "zealous", + "zen" +] diff --git a/backend/src/tasks/sample_data/cpes.json b/backend/src/tasks/sample_data/cpes.json index 81e55271..f637f387 100644 --- a/backend/src/tasks/sample_data/cpes.json +++ b/backend/src/tasks/sample_data/cpes.json @@ -1,9 +1,9 @@ [ - "cpe:/a:microsoft:exchange_server:4.0:sp1", - "cpe:/a:apache:httpd:0.0.1", - "cpe:/a:drupal:drupal:3", - "cpe:/a:igor_sysoev:nginx:1.2.0", - "cpe:/a:openbsd:openssh:7.4", - "cpe:/a:microsoft:internet_information_server:2.0", - "cpe:/a:apache:http_server:1.0" -] \ No newline at end of file + "cpe:/a:microsoft:exchange_server:4.0:sp1", + "cpe:/a:apache:httpd:0.0.1", + "cpe:/a:drupal:drupal:3", + "cpe:/a:igor_sysoev:nginx:1.2.0", + "cpe:/a:openbsd:openssh:7.4", + "cpe:/a:microsoft:internet_information_server:2.0", + "cpe:/a:apache:http_server:1.0" +] diff --git a/backend/src/tasks/sample_data/cves.json b/backend/src/tasks/sample_data/cves.json index 7141a99a..e01122c8 100644 --- a/backend/src/tasks/sample_data/cves.json +++ b/backend/src/tasks/sample_data/cves.json @@ -1,38 +1,34 @@ [ { - "cve_uid": "", "cve_name": "CVE-2017-15906", - "published_date": "2017-10-26T08:29:00.220Z", - "last_modified_date": "2024-02-14T22:42:27.316Z", - "vuln_status": "Modified", - "description": "The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.", - "cvss_v2_source": "nvd@nist.gov", - "cvss_v2_type": "Primary", - "cvss_v2_version": "2.0", - "cvss_v2_vector_string": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "cve_uid": "", "cvss_v2_base_score": 5, "cvss_v2_base_severity": "MEDIUM", "cvss_v2_exploitability_score": 10, "cvss_v2_impact_score": 2.9, - "cvss_v3_source": "nvd@nist.gov", - "cvss_v3_type": "Primary", - "cvss_v3_version": "3.1", - "cvss_v3_vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "cvss_v2_source": "nvd@nist.gov", + "cvss_v2_type": "Primary", + "cvss_v2_vector_string": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "cvss_v2_version": "2.0", "cvss_v3_base_score": 5.3, "cvss_v3_base_severity": "MEDIUM", "cvss_v3_exploitability_score": 3.9, "cvss_v3_impact_score": 1.4, - "cvss_v4_source": null, - "cvss_v4_type": null, - "cvss_v4_version": null, - "cvss_v4_vector_string": null, + "cvss_v3_source": "nvd@nist.gov", + "cvss_v3_type": "Primary", + "cvss_v3_vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "cvss_v3_version": "3.1", "cvss_v4_base_score": null, "cvss_v4_base_severity": null, "cvss_v4_exploitability_score": null, "cvss_v4_impact_score": null, - "weaknesses": [ - "CWE-732" - ], + "cvss_v4_source": null, + "cvss_v4_type": null, + "cvss_v4_vector_string": null, + "cvss_v4_version": null, + "description": "The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.", + "last_modified_date": "2024-02-14T22:42:27.316Z", + "published_date": "2017-10-26T08:29:00.220Z", "reference_urls": [ "http://www.securityfocus.com/bid/101552", "https://access.redhat.com/errata/RHSA-2018:0980", @@ -48,176 +44,176 @@ "company": [ { "cpe_product_name": "oncommand_unified_manager_core_package", - "version_number": "-", - "vender": "netapp" + "vender": "netapp", + "version_number": "-" }, { "cpe_product_name": "storage_replication_adapter_for_clustered_data_ontap", - "version_number": "*", - "vender": "netapp" + "vender": "netapp", + "version_number": "*" }, { "cpe_product_name": "solidfire", - "version_number": "-", - "vender": "netapp" + "vender": "netapp", + "version_number": "-" }, { "cpe_product_name": "enterprise_linux_server_aus", - "version_number": "7.6", - "vender": "redhat" + "vender": "redhat", + "version_number": "7.6" }, { "cpe_product_name": "enterprise_linux_server_aus", - "version_number": "7.7", - "vender": "redhat" + "vender": "redhat", + "version_number": "7.7" }, { "cpe_product_name": "enterprise_linux_desktop", - "version_number": "7.0", - "vender": "redhat" + "vender": "redhat", + "version_number": "7.0" }, { "cpe_product_name": "virtual_storage_console", - "version_number": "9.6", - "vender": "netapp" + "vender": "netapp", + "version_number": "9.6" }, { "cpe_product_name": "data_ontap_edge", - "version_number": "-", - "vender": "netapp" + "vender": "netapp", + "version_number": "-" }, { "cpe_product_name": "enterprise_linux_eus", - "version_number": "7.7", - "vender": "redhat" + "vender": "redhat", + "version_number": "7.7" }, { "cpe_product_name": "enterprise_linux_server_tus", - "version_number": "7.6", - "vender": "redhat" + "vender": "redhat", + "version_number": "7.6" }, { "cpe_product_name": "openssh", - "version_number": "*", - "vender": "openssh" + "vender": "openssh", + "version_number": "*" }, { "cpe_product_name": "cn1610", - "version_number": "-", - "vender": "netapp" + "vender": "netapp", + "version_number": "-" }, { "cpe_product_name": "steelstore_cloud_integrated_storage", - "version_number": "-", - "vender": "netapp" + "vender": "netapp", + "version_number": "-" }, { "cpe_product_name": "enterprise_linux_eus", - "version_number": "7.6", - "vender": "redhat" + "vender": "redhat", + "version_number": "7.6" }, { "cpe_product_name": "enterprise_linux_server_tus", - "version_number": "7.7", - "vender": "redhat" + "vender": "redhat", + "version_number": "7.7" }, { "cpe_product_name": "hci_management_node", - "version_number": "-", - "vender": "netapp" + "vender": "netapp", + "version_number": "-" }, { "cpe_product_name": "enterprise_linux_server", - "version_number": "7.0", - "vender": "redhat" + "vender": "redhat", + "version_number": "7.0" }, { "cpe_product_name": "cloud_backup", - "version_number": "-", - "vender": "netapp" + "vender": "netapp", + "version_number": "-" }, { "cpe_product_name": "enterprise_linux_workstation", - "version_number": "7.0", - "vender": "redhat" + "vender": "redhat", + "version_number": "7.0" }, { "cpe_product_name": "storage_replication_adapter_for_clustered_data_ontap", - "version_number": "9.6", - "vender": "netapp" + "vender": "netapp", + "version_number": "9.6" }, { "cpe_product_name": "virtual_storage_console", - "version_number": "*", - "vender": "netapp" + "vender": "netapp", + "version_number": "*" }, { "cpe_product_name": "sun_zfs_storage_appliance_kit", - "version_number": "8.8.6", - "vender": "oracle" + "vender": "oracle", + "version_number": "8.8.6" }, { "cpe_product_name": "clustered_data_ontap", - "version_number": "-", - "vender": "netapp" + "vender": "netapp", + "version_number": "-" }, { "cpe_product_name": "cn1610_firmware", - "version_number": "-", - "vender": "netapp" + "vender": "netapp", + "version_number": "-" }, { "cpe_product_name": "vasa_provider_for_clustered_data_ontap", - "version_number": "*", - "vender": "netapp" + "vender": "netapp", + "version_number": "*" }, { "cpe_product_name": "debian_linux", - "version_number": "8.0", - "vender": "debian" + "vender": "debian", + "version_number": "8.0" }, { "cpe_product_name": "active_iq_unified_manager", - "version_number": "-", - "vender": "netapp" + "vender": "netapp", + "version_number": "-" } ] - } + }, + "vuln_status": "Modified", + "weaknesses": [ + "CWE-732" + ] }, { - "cve_uid": "", "cve_name": "CVE-2018-15473", - "published_date": "2018-08-18T00:29:00.223Z", - "last_modified_date": "2024-02-14T22:50:19.257Z", - "vuln_status": "Analyzed", - "description": "OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.", - "cvss_v2_source": "nvd@nist.gov", - "cvss_v2_type": "Primary", - "cvss_v2_version": "2.0", - "cvss_v2_vector_string": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "cve_uid": "", "cvss_v2_base_score": 5, "cvss_v2_base_severity": "MEDIUM", "cvss_v2_exploitability_score": 10, "cvss_v2_impact_score": 2.9, - "cvss_v3_source": "nvd@nist.gov", - "cvss_v3_type": "Primary", - "cvss_v3_version": "3.1", - "cvss_v3_vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "cvss_v2_source": "nvd@nist.gov", + "cvss_v2_type": "Primary", + "cvss_v2_vector_string": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "cvss_v2_version": "2.0", "cvss_v3_base_score": 5.3, "cvss_v3_base_severity": "MEDIUM", "cvss_v3_exploitability_score": 3.9, "cvss_v3_impact_score": 1.4, - "cvss_v4_source": null, - "cvss_v4_type": null, - "cvss_v4_version": null, - "cvss_v4_vector_string": null, + "cvss_v3_source": "nvd@nist.gov", + "cvss_v3_type": "Primary", + "cvss_v3_vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "cvss_v3_version": "3.1", "cvss_v4_base_score": null, "cvss_v4_base_severity": null, "cvss_v4_exploitability_score": null, "cvss_v4_impact_score": null, - "weaknesses": [ - "CWE-362" - ], + "cvss_v4_source": null, + "cvss_v4_type": null, + "cvss_v4_vector_string": null, + "cvss_v4_version": null, + "description": "OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.", + "last_modified_date": "2024-02-14T22:50:19.257Z", + "published_date": "2018-08-18T00:29:00.223Z", "reference_urls": [ "http://www.openwall.com/lists/oss-security/2018/08/15/5", "http://www.securityfocus.com/bid/105140", @@ -238,274 +234,274 @@ "https://www.exploit-db.com/exploits/45939/", "https://www.oracle.com/security-alerts/cpujan2020.html" ], - "vender_product": { + "vender_product": { "company": [ { "cpe_product_name": "ubuntu_linux", - "version_number": "14.04", - "vender": "canonical" + "vender": "canonical", + "version_number": "14.04" }, { "cpe_product_name": "ontap_select_deploy", - "version_number": "-", - "vender": "netapp" + "vender": "netapp", + "version_number": "-" }, { "cpe_product_name": "vasa_provider", - "version_number": "*", - "vender": "netapp" + "vender": "netapp", + "version_number": "*" }, { "cpe_product_name": "enterprise_linux_desktop", - "version_number": "7.0", - "vender": "redhat" + "vender": "redhat", + "version_number": "7.0" }, { "cpe_product_name": "enterprise_linux_server", - "version_number": "6.0", - "vender": "redhat" + "vender": "redhat", + "version_number": "6.0" }, { "cpe_product_name": "enterprise_linux_desktop", - "version_number": "6.0", - "vender": "redhat" + "vender": "redhat", + "version_number": "6.0" }, { "cpe_product_name": "data_ontap_edge", - "version_number": "-", - "vender": "netapp" + "vender": "netapp", + "version_number": "-" }, { "cpe_product_name": "service_processor", - "version_number": "-", - "vender": "netapp" + "vender": "netapp", + "version_number": "-" }, { "cpe_product_name": "scalance_x204rna", - "version_number": "-", - "vender": "siemens" + "vender": "siemens", + "version_number": "-" }, { "cpe_product_name": "ubuntu_linux", - "version_number": "18.04", - "vender": "canonical" + "vender": "canonical", + "version_number": "18.04" }, { "cpe_product_name": "data_ontap", - "version_number": "-", - "vender": "netapp" + "vender": "netapp", + "version_number": "-" }, { "cpe_product_name": "ubuntu_linux", - "version_number": "16.04", - "vender": "canonical" + "vender": "canonical", + "version_number": "16.04" }, { "cpe_product_name": "openssh", - "version_number": "*", - "vender": "openssh" + "vender": "openssh", + "version_number": "*" }, { "cpe_product_name": "cn1610", - "version_number": "-", - "vender": "netapp" + "vender": "netapp", + "version_number": "-" }, { "cpe_product_name": "steelstore_cloud_integrated_storage", - "version_number": "-", - "vender": "netapp" + "vender": "netapp", + "version_number": "-" }, { "cpe_product_name": "enterprise_linux_workstation", - "version_number": "6.0", - "vender": "redhat" + "vender": "redhat", + "version_number": "6.0" }, { "cpe_product_name": "oncommand_unified_manager", - "version_number": "*", - "vender": "netapp" + "vender": "netapp", + "version_number": "*" }, { "cpe_product_name": "aff_baseboard_management_controller", - "version_number": "-", - "vender": "netapp" + "vender": "netapp", + "version_number": "-" }, { "cpe_product_name": "storage_replication_adapter", - "version_number": "*", - "vender": "netapp" + "vender": "netapp", + "version_number": "*" }, { "cpe_product_name": "enterprise_linux_server", - "version_number": "7.0", - "vender": "redhat" + "vender": "redhat", + "version_number": "7.0" }, { "cpe_product_name": "cloud_backup", - "version_number": "-", - "vender": "netapp" + "vender": "netapp", + "version_number": "-" }, { "cpe_product_name": "enterprise_linux_workstation", - "version_number": "7.0", - "vender": "redhat" + "vender": "redhat", + "version_number": "7.0" }, { "cpe_product_name": "virtual_storage_console", - "version_number": "*", - "vender": "netapp" + "vender": "netapp", + "version_number": "*" }, { "cpe_product_name": "scalance_x204rna_firmware", - "version_number": "*", - "vender": "siemens" + "vender": "siemens", + "version_number": "*" }, { "cpe_product_name": "sun_zfs_storage_appliance_kit", - "version_number": "8.8.6", - "vender": "oracle" + "vender": "oracle", + "version_number": "8.8.6" }, { "cpe_product_name": "debian_linux", - "version_number": "9.0", - "vender": "debian" + "vender": "debian", + "version_number": "9.0" }, { "cpe_product_name": "clustered_data_ontap", - "version_number": "-", - "vender": "netapp" + "vender": "netapp", + "version_number": "-" }, { "cpe_product_name": "cn1610_firmware", - "version_number": "-", - "vender": "netapp" + "vender": "netapp", + "version_number": "-" }, { "cpe_product_name": "fas_baseboard_management_controller", - "version_number": "-", - "vender": "netapp" + "vender": "netapp", + "version_number": "-" }, { "cpe_product_name": "debian_linux", - "version_number": "8.0", - "vender": "debian" + "vender": "debian", + "version_number": "8.0" } ] - } + }, + "vuln_status": "Analyzed", + "weaknesses": [ + "CWE-362" + ] }, { - "cve_uid": "", "cve_name": "CVE-2018-15919", - "published_date": "2018-08-28T13:29:00.207Z", - "last_modified_date": "2024-02-14T22:50:28.245Z", - "vuln_status": "Analyzed", - "description": "Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or \"oracle\") as a vulnerability.'", - "cvss_v2_source": "nvd@nist.gov", - "cvss_v2_type": "Primary", - "cvss_v2_version": "2.0", - "cvss_v2_vector_string": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "cve_uid": "", "cvss_v2_base_score": 5, "cvss_v2_base_severity": "MEDIUM", "cvss_v2_exploitability_score": 10, "cvss_v2_impact_score": 2.9, - "cvss_v3_source": "nvd@nist.gov", - "cvss_v3_type": "Primary", - "cvss_v3_version": "3.0", - "cvss_v3_vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "cvss_v2_source": "nvd@nist.gov", + "cvss_v2_type": "Primary", + "cvss_v2_vector_string": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "cvss_v2_version": "2.0", "cvss_v3_base_score": 5.3, "cvss_v3_base_severity": "MEDIUM", "cvss_v3_exploitability_score": 3.9, "cvss_v3_impact_score": 1.4, - "cvss_v4_source": null, - "cvss_v4_type": null, - "cvss_v4_version": null, - "cvss_v4_vector_string": null, + "cvss_v3_source": "nvd@nist.gov", + "cvss_v3_type": "Primary", + "cvss_v3_vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "cvss_v3_version": "3.0", "cvss_v4_base_score": null, "cvss_v4_base_severity": null, "cvss_v4_exploitability_score": null, "cvss_v4_impact_score": null, - "weaknesses": [ - "CWE-200" - ], + "cvss_v4_source": null, + "cvss_v4_type": null, + "cvss_v4_vector_string": null, + "cvss_v4_version": null, + "description": "Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or \"oracle\") as a vulnerability.'", + "last_modified_date": "2024-02-14T22:50:28.245Z", + "published_date": "2018-08-28T13:29:00.207Z", "reference_urls": [ "http://seclists.org/oss-sec/2018/q3/180", "http://www.securityfocus.com/bid/105163", "https://security.netapp.com/advisory/ntap-20181221-0001/" ], - "vender_product": { + "vender_product": { "company": [ { "cpe_product_name": "ontap_select_deploy", - "version_number": "-", - "vender": "netapp" + "vender": "netapp", + "version_number": "-" }, { "cpe_product_name": "data_ontap_edge", - "version_number": "-", - "vender": "netapp" + "vender": "netapp", + "version_number": "-" }, { "cpe_product_name": "openssh", - "version_number": "*", - "vender": "openssh" + "vender": "openssh", + "version_number": "*" }, { "cpe_product_name": "cn1610", - "version_number": "-", - "vender": "netapp" + "vender": "netapp", + "version_number": "-" }, { "cpe_product_name": "cloud_backup", - "version_number": "-", - "vender": "netapp" + "vender": "netapp", + "version_number": "-" }, { "cpe_product_name": "cn1610_firmware", - "version_number": "-", - "vender": "netapp" + "vender": "netapp", + "version_number": "-" }, { "cpe_product_name": "steelstore", - "version_number": "-", - "vender": "netapp" + "vender": "netapp", + "version_number": "-" } ] - } + }, + "vuln_status": "Analyzed", + "weaknesses": [ + "CWE-200" + ] }, { - "cve_uid": "", "cve_name": "CVE-2018-20685", - "published_date": "2019-01-11T03:29:00.377Z", - "last_modified_date": "2024-02-14T22:51:58.019Z", - "vuln_status": "Analyzed", - "description": "In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.", - "cvss_v2_source": "nvd@nist.gov", - "cvss_v2_type": "Primary", - "cvss_v2_version": "2.0", - "cvss_v2_vector_string": "AV:N/AC:H/Au:N/C:N/I:P/A:N", + "cve_uid": "", "cvss_v2_base_score": 2.6, "cvss_v2_base_severity": "LOW", "cvss_v2_exploitability_score": 4.9, "cvss_v2_impact_score": 2.9, - "cvss_v3_source": "nvd@nist.gov", - "cvss_v3_type": "Primary", - "cvss_v3_version": "3.1", - "cvss_v3_vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", + "cvss_v2_source": "nvd@nist.gov", + "cvss_v2_type": "Primary", + "cvss_v2_vector_string": "AV:N/AC:H/Au:N/C:N/I:P/A:N", + "cvss_v2_version": "2.0", "cvss_v3_base_score": 5.3, "cvss_v3_base_severity": "MEDIUM", "cvss_v3_exploitability_score": 1.6, "cvss_v3_impact_score": 3.6, - "cvss_v4_source": null, - "cvss_v4_type": null, - "cvss_v4_version": null, - "cvss_v4_vector_string": null, + "cvss_v3_source": "nvd@nist.gov", + "cvss_v3_type": "Primary", + "cvss_v3_vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", + "cvss_v3_version": "3.1", "cvss_v4_base_score": null, "cvss_v4_base_severity": null, "cvss_v4_exploitability_score": null, "cvss_v4_impact_score": null, - "weaknesses": [ - "CWE-863" - ], + "cvss_v4_source": null, + "cvss_v4_type": null, + "cvss_v4_vector_string": null, + "cvss_v4_version": null, + "description": "In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.", + "last_modified_date": "2024-02-14T22:51:58.019Z", + "published_date": "2019-01-11T03:29:00.377Z", "reference_urls": [ "http://www.securityfocus.com/bid/106531", "https://access.redhat.com/errata/RHSA-2019:3702", @@ -522,255 +518,255 @@ "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" ], - "vender_product": { + "vender_product": { "company": [ { "cpe_product_name": "ubuntu_linux", - "version_number": "14.04", - "vender": "canonical" + "vender": "canonical", + "version_number": "14.04" }, { "cpe_product_name": "m10-4s", - "version_number": "-", - "vender": "fujitsu" + "vender": "fujitsu", + "version_number": "-" }, { "cpe_product_name": "ontap_select_deploy", - "version_number": "-", - "vender": "netapp" + "vender": "netapp", + "version_number": "-" }, { "cpe_product_name": "scalance_x204rna_eec", - "version_number": "-", - "vender": "siemens" + "vender": "siemens", + "version_number": "-" }, { "cpe_product_name": "m12-1_firmware", - "version_number": "*", - "vender": "fujitsu" + "vender": "fujitsu", + "version_number": "*" }, { "cpe_product_name": "m10-4", - "version_number": "-", - "vender": "fujitsu" + "vender": "fujitsu", + "version_number": "-" }, { "cpe_product_name": "m12-2s", - "version_number": "-", - "vender": "fujitsu" + "vender": "fujitsu", + "version_number": "-" }, { "cpe_product_name": "enterprise_linux_eus", - "version_number": "8.6", - "vender": "redhat" + "vender": "redhat", + "version_number": "8.6" }, { "cpe_product_name": "element_software", - "version_number": "-", - "vender": "netapp" + "vender": "netapp", + "version_number": "-" }, { "cpe_product_name": "m12-2s_firmware", - "version_number": "*", - "vender": "fujitsu" + "vender": "fujitsu", + "version_number": "*" }, { "cpe_product_name": "enterprise_linux", - "version_number": "7.0", - "vender": "redhat" + "vender": "redhat", + "version_number": "7.0" }, { "cpe_product_name": "enterprise_linux_server_aus", - "version_number": "8.2", - "vender": "redhat" + "vender": "redhat", + "version_number": "8.2" }, { "cpe_product_name": "m12-2", - "version_number": "-", - "vender": "fujitsu" + "vender": "fujitsu", + "version_number": "-" }, { "cpe_product_name": "solaris", - "version_number": "10", - "vender": "oracle" + "vender": "oracle", + "version_number": "10" }, { "cpe_product_name": "enterprise_linux_eus", - "version_number": "8.1", - "vender": "redhat" + "vender": "redhat", + "version_number": "8.1" }, { "cpe_product_name": "scalance_x204rna", - "version_number": "-", - "vender": "siemens" + "vender": "siemens", + "version_number": "-" }, { "cpe_product_name": "ubuntu_linux", - "version_number": "18.04", - "vender": "canonical" + "vender": "canonical", + "version_number": "18.04" }, { "cpe_product_name": "ubuntu_linux", - "version_number": "16.04", - "vender": "canonical" + "vender": "canonical", + "version_number": "16.04" }, { "cpe_product_name": "openssh", - "version_number": "*", - "vender": "openssh" + "vender": "openssh", + "version_number": "*" }, { "cpe_product_name": "storage_automation_store", - "version_number": "-", - "vender": "netapp" + "vender": "netapp", + "version_number": "-" }, { "cpe_product_name": "m10-1_firmware", - "version_number": "*", - "vender": "fujitsu" + "vender": "fujitsu", + "version_number": "*" }, { "cpe_product_name": "m12-2_firmware", - "version_number": "*", - "vender": "fujitsu" + "vender": "fujitsu", + "version_number": "*" }, { "cpe_product_name": "enterprise_linux", - "version_number": "8.0", - "vender": "redhat" + "vender": "redhat", + "version_number": "8.0" }, { "cpe_product_name": "steelstore_cloud_integrated_storage", - "version_number": "-", - "vender": "netapp" + "vender": "netapp", + "version_number": "-" }, { "cpe_product_name": "enterprise_linux_eus", - "version_number": "8.2", - "vender": "redhat" + "vender": "redhat", + "version_number": "8.2" }, { "cpe_product_name": "enterprise_linux_server_tus", - "version_number": "8.2", - "vender": "redhat" + "vender": "redhat", + "version_number": "8.2" }, { "cpe_product_name": "enterprise_linux_server_tus", - "version_number": "8.4", - "vender": "redhat" + "vender": "redhat", + "version_number": "8.4" }, { "cpe_product_name": "winscp", - "version_number": "*", - "vender": "winscp" + "vender": "winscp", + "version_number": "*" }, { "cpe_product_name": "m10-4s_firmware", - "version_number": "*", - "vender": "fujitsu" + "vender": "fujitsu", + "version_number": "*" }, { "cpe_product_name": "cloud_backup", - "version_number": "-", - "vender": "netapp" + "vender": "netapp", + "version_number": "-" }, { "cpe_product_name": "scalance_x204rna_firmware", - "version_number": "*", - "vender": "siemens" + "vender": "siemens", + "version_number": "*" }, { "cpe_product_name": "m10-4_firmware", - "version_number": "*", - "vender": "fujitsu" + "vender": "fujitsu", + "version_number": "*" }, { "cpe_product_name": "debian_linux", - "version_number": "9.0", - "vender": "debian" + "vender": "debian", + "version_number": "9.0" }, { "cpe_product_name": "scalance_x204rna_eec_firmware", - "version_number": "*", - "vender": "siemens" + "vender": "siemens", + "version_number": "*" }, { "cpe_product_name": "enterprise_linux_eus", - "version_number": "8.4", - "vender": "redhat" + "vender": "redhat", + "version_number": "8.4" }, { "cpe_product_name": "enterprise_linux_server_tus", - "version_number": "8.6", - "vender": "redhat" + "vender": "redhat", + "version_number": "8.6" }, { "cpe_product_name": "enterprise_linux_server_aus", - "version_number": "8.4", - "vender": "redhat" + "vender": "redhat", + "version_number": "8.4" }, { "cpe_product_name": "ubuntu_linux", - "version_number": "18.10", - "vender": "canonical" + "vender": "canonical", + "version_number": "18.10" }, { "cpe_product_name": "debian_linux", - "version_number": "8.0", - "vender": "debian" + "vender": "debian", + "version_number": "8.0" }, { "cpe_product_name": "enterprise_linux_server_aus", - "version_number": "8.6", - "vender": "redhat" + "vender": "redhat", + "version_number": "8.6" }, { "cpe_product_name": "m10-1", - "version_number": "-", - "vender": "fujitsu" + "vender": "fujitsu", + "version_number": "-" }, { "cpe_product_name": "m12-1", - "version_number": "-", - "vender": "fujitsu" + "vender": "fujitsu", + "version_number": "-" } ] - } + }, + "vuln_status": "Analyzed", + "weaknesses": [ + "CWE-863" + ] }, { - "cve_uid": "", "cve_name": "CVE-2019-6109", - "published_date": "2019-02-01T00:29:00.710Z", - "last_modified_date": "2024-02-14T23:02:10.030Z", - "vuln_status": "Modified", - "description": "An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.", - "cvss_v2_source": "nvd@nist.gov", - "cvss_v2_type": "Primary", - "cvss_v2_version": "2.0", - "cvss_v2_vector_string": "AV:N/AC:H/Au:N/C:P/I:P/A:N", + "cve_uid": "", "cvss_v2_base_score": 4, "cvss_v2_base_severity": "MEDIUM", "cvss_v2_exploitability_score": 4.9, "cvss_v2_impact_score": 4.9, - "cvss_v3_source": "nvd@nist.gov", - "cvss_v3_type": "Primary", - "cvss_v3_version": "3.1", - "cvss_v3_vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "cvss_v2_source": "nvd@nist.gov", + "cvss_v2_type": "Primary", + "cvss_v2_vector_string": "AV:N/AC:H/Au:N/C:P/I:P/A:N", + "cvss_v2_version": "2.0", "cvss_v3_base_score": 6.8, "cvss_v3_base_severity": "MEDIUM", "cvss_v3_exploitability_score": 1.6, "cvss_v3_impact_score": 5.2, - "cvss_v4_source": null, - "cvss_v4_type": null, - "cvss_v4_version": null, - "cvss_v4_vector_string": null, + "cvss_v3_source": "nvd@nist.gov", + "cvss_v3_type": "Primary", + "cvss_v3_vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "cvss_v3_version": "3.1", "cvss_v4_base_score": null, "cvss_v4_base_severity": null, "cvss_v4_exploitability_score": null, "cvss_v4_impact_score": null, - "weaknesses": [ - "CWE-116" - ], + "cvss_v4_source": null, + "cvss_v4_type": null, + "cvss_v4_vector_string": null, + "cvss_v4_version": null, + "description": "An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.", + "last_modified_date": "2024-02-14T23:02:10.030Z", + "published_date": "2019-02-01T00:29:00.710Z", "reference_urls": [ "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html", "https://access.redhat.com/errata/RHSA-2019:3702", @@ -786,240 +782,240 @@ "https://www.debian.org/security/2019/dsa-4387", "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" ], - "vender_product": { + "vender_product": { "company": [ { "cpe_product_name": "ubuntu_linux", - "version_number": "14.04", - "vender": "canonical" + "vender": "canonical", + "version_number": "14.04" }, { "cpe_product_name": "m10-4s", - "version_number": "-", - "vender": "fujitsu" + "vender": "fujitsu", + "version_number": "-" }, { "cpe_product_name": "ontap_select_deploy", - "version_number": "-", - "vender": "netapp" + "vender": "netapp", + "version_number": "-" }, { "cpe_product_name": "scalance_x204rna_eec", - "version_number": "-", - "vender": "siemens" + "vender": "siemens", + "version_number": "-" }, { "cpe_product_name": "m12-1_firmware", - "version_number": "*", - "vender": "fujitsu" + "vender": "fujitsu", + "version_number": "*" }, { "cpe_product_name": "m10-4", - "version_number": "-", - "vender": "fujitsu" + "vender": "fujitsu", + "version_number": "-" }, { "cpe_product_name": "m12-2s", - "version_number": "-", - "vender": "fujitsu" + "vender": "fujitsu", + "version_number": "-" }, { "cpe_product_name": "enterprise_linux_eus", - "version_number": "8.6", - "vender": "redhat" + "vender": "redhat", + "version_number": "8.6" }, { "cpe_product_name": "element_software", - "version_number": "-", - "vender": "netapp" + "vender": "netapp", + "version_number": "-" }, { "cpe_product_name": "m12-2s_firmware", - "version_number": "*", - "vender": "fujitsu" + "vender": "fujitsu", + "version_number": "*" }, { "cpe_product_name": "enterprise_linux_server_aus", - "version_number": "8.2", - "vender": "redhat" + "vender": "redhat", + "version_number": "8.2" }, { "cpe_product_name": "m12-2", - "version_number": "-", - "vender": "fujitsu" + "vender": "fujitsu", + "version_number": "-" }, { "cpe_product_name": "fedora", - "version_number": "30", - "vender": "fedoraproject" + "vender": "fedoraproject", + "version_number": "30" }, { "cpe_product_name": "enterprise_linux_eus", - "version_number": "8.1", - "vender": "redhat" + "vender": "redhat", + "version_number": "8.1" }, { "cpe_product_name": "scalance_x204rna", - "version_number": "-", - "vender": "siemens" + "vender": "siemens", + "version_number": "-" }, { "cpe_product_name": "ubuntu_linux", - "version_number": "18.04", - "vender": "canonical" + "vender": "canonical", + "version_number": "18.04" }, { "cpe_product_name": "ubuntu_linux", - "version_number": "16.04", - "vender": "canonical" + "vender": "canonical", + "version_number": "16.04" }, { "cpe_product_name": "openssh", - "version_number": "*", - "vender": "openssh" + "vender": "openssh", + "version_number": "*" }, { "cpe_product_name": "storage_automation_store", - "version_number": "-", - "vender": "netapp" + "vender": "netapp", + "version_number": "-" }, { "cpe_product_name": "m10-1_firmware", - "version_number": "*", - "vender": "fujitsu" + "vender": "fujitsu", + "version_number": "*" }, { "cpe_product_name": "m12-2_firmware", - "version_number": "*", - "vender": "fujitsu" + "vender": "fujitsu", + "version_number": "*" }, { "cpe_product_name": "enterprise_linux", - "version_number": "8.0", - "vender": "redhat" + "vender": "redhat", + "version_number": "8.0" }, { "cpe_product_name": "enterprise_linux_eus", - "version_number": "8.2", - "vender": "redhat" + "vender": "redhat", + "version_number": "8.2" }, { "cpe_product_name": "enterprise_linux_server_tus", - "version_number": "8.2", - "vender": "redhat" + "vender": "redhat", + "version_number": "8.2" }, { "cpe_product_name": "enterprise_linux_server_tus", - "version_number": "8.4", - "vender": "redhat" + "vender": "redhat", + "version_number": "8.4" }, { "cpe_product_name": "winscp", - "version_number": "*", - "vender": "winscp" + "vender": "winscp", + "version_number": "*" }, { "cpe_product_name": "m10-4s_firmware", - "version_number": "*", - "vender": "fujitsu" + "vender": "fujitsu", + "version_number": "*" }, { "cpe_product_name": "scalance_x204rna_firmware", - "version_number": "*", - "vender": "siemens" + "vender": "siemens", + "version_number": "*" }, { "cpe_product_name": "m10-4_firmware", - "version_number": "*", - "vender": "fujitsu" + "vender": "fujitsu", + "version_number": "*" }, { "cpe_product_name": "debian_linux", - "version_number": "9.0", - "vender": "debian" + "vender": "debian", + "version_number": "9.0" }, { "cpe_product_name": "scalance_x204rna_eec_firmware", - "version_number": "*", - "vender": "siemens" + "vender": "siemens", + "version_number": "*" }, { "cpe_product_name": "enterprise_linux_eus", - "version_number": "8.4", - "vender": "redhat" + "vender": "redhat", + "version_number": "8.4" }, { "cpe_product_name": "enterprise_linux_server_tus", - "version_number": "8.6", - "vender": "redhat" + "vender": "redhat", + "version_number": "8.6" }, { "cpe_product_name": "enterprise_linux_server_aus", - "version_number": "8.4", - "vender": "redhat" + "vender": "redhat", + "version_number": "8.4" }, { "cpe_product_name": "ubuntu_linux", - "version_number": "18.10", - "vender": "canonical" + "vender": "canonical", + "version_number": "18.10" }, { "cpe_product_name": "debian_linux", - "version_number": "8.0", - "vender": "debian" + "vender": "debian", + "version_number": "8.0" }, { "cpe_product_name": "enterprise_linux_server_aus", - "version_number": "8.6", - "vender": "redhat" + "vender": "redhat", + "version_number": "8.6" }, { "cpe_product_name": "m10-1", - "version_number": "-", - "vender": "fujitsu" + "vender": "fujitsu", + "version_number": "-" }, { "cpe_product_name": "m12-1", - "version_number": "-", - "vender": "fujitsu" + "vender": "fujitsu", + "version_number": "-" } ] - } + }, + "vuln_status": "Modified", + "weaknesses": [ + "CWE-116" + ] }, { - "cve_uid": "", "cve_name": "CVE-2019-6110", - "published_date": "2019-02-01T00:29:00.807Z", - "last_modified_date": "2024-02-14T23:02:10.051Z", - "vuln_status": "Analyzed", - "description": "In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.", - "cvss_v2_source": "nvd@nist.gov", - "cvss_v2_type": "Primary", - "cvss_v2_version": "2.0", - "cvss_v2_vector_string": "AV:N/AC:H/Au:N/C:P/I:P/A:N", + "cve_uid": "", "cvss_v2_base_score": 4, "cvss_v2_base_severity": "MEDIUM", "cvss_v2_exploitability_score": 4.9, "cvss_v2_impact_score": 4.9, - "cvss_v3_source": "nvd@nist.gov", - "cvss_v3_type": "Primary", - "cvss_v3_version": "3.1", - "cvss_v3_vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "cvss_v2_source": "nvd@nist.gov", + "cvss_v2_type": "Primary", + "cvss_v2_vector_string": "AV:N/AC:H/Au:N/C:P/I:P/A:N", + "cvss_v2_version": "2.0", "cvss_v3_base_score": 6.8, "cvss_v3_base_severity": "MEDIUM", "cvss_v3_exploitability_score": 1.6, "cvss_v3_impact_score": 5.2, - "cvss_v4_source": null, - "cvss_v4_type": null, - "cvss_v4_version": null, - "cvss_v4_vector_string": null, + "cvss_v3_source": "nvd@nist.gov", + "cvss_v3_type": "Primary", + "cvss_v3_vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "cvss_v3_version": "3.1", "cvss_v4_base_score": null, "cvss_v4_base_severity": null, "cvss_v4_exploitability_score": null, "cvss_v4_impact_score": null, - "weaknesses": [ - "CWE-838" - ], + "cvss_v4_source": null, + "cvss_v4_type": null, + "cvss_v4_vector_string": null, + "cvss_v4_version": null, + "description": "In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.", + "last_modified_date": "2024-02-14T23:02:10.051Z", + "published_date": "2019-02-01T00:29:00.807Z", "reference_urls": [ "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", "https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c", @@ -1029,54 +1025,58 @@ "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt", "https://www.exploit-db.com/exploits/46193/" ], - "vender_product": { + "vender_product": { "company": [ { "cpe_product_name": "ontap_select_deploy", - "version_number": "-", - "vender": "netapp" + "vender": "netapp", + "version_number": "-" }, { "cpe_product_name": "scalance_x204rna_eec", - "version_number": "-", - "vender": "siemens" + "vender": "siemens", + "version_number": "-" }, { "cpe_product_name": "element_software", - "version_number": "-", - "vender": "netapp" + "vender": "netapp", + "version_number": "-" }, { "cpe_product_name": "scalance_x204rna", - "version_number": "-", - "vender": "siemens" + "vender": "siemens", + "version_number": "-" }, { "cpe_product_name": "openssh", - "version_number": "*", - "vender": "openssh" + "vender": "openssh", + "version_number": "*" }, { "cpe_product_name": "storage_automation_store", - "version_number": "-", - "vender": "netapp" + "vender": "netapp", + "version_number": "-" }, { "cpe_product_name": "winscp", - "version_number": "*", - "vender": "winscp" + "vender": "winscp", + "version_number": "*" }, { "cpe_product_name": "scalance_x204rna_firmware", - "version_number": "*", - "vender": "siemens" + "vender": "siemens", + "version_number": "*" }, { "cpe_product_name": "scalance_x204rna_eec_firmware", - "version_number": "*", - "vender": "siemens" + "vender": "siemens", + "version_number": "*" } ] - } + }, + "vuln_status": "Analyzed", + "weaknesses": [ + "CWE-838" + ] } -] \ No newline at end of file +] diff --git a/backend/src/tasks/sample_data/nouns.json b/backend/src/tasks/sample_data/nouns.json index cfc2d0ff..86fb857a 100644 --- a/backend/src/tasks/sample_data/nouns.json +++ b/backend/src/tasks/sample_data/nouns.json @@ -1,239 +1,239 @@ [ - "albattani", - "allen", - "almeida", - "antonelli", - "agnesi", - "archimedes", - "ardinghelli", - "aryabhata", - "austin", - "babbage", - "banach", - "banzai", - "bardeen", - "bartik", - "bassi", - "beaver", - "bell", - "benz", - "bhabha", - "bhaskara", - "black", - "blackburn", - "blackwell", - "bohr", - "booth", - "borg", - "bose", - "bouman", - "boyd", - "brahmagupta", - "brattain", - "brown", - "buck", - "burnell", - "cannon", - "carson", - "cartwright", - "carver", - "cerf", - "chandrasekhar", - "chaplygin", - "chatelet", - "chatterjee", - "chebyshev", - "cohen", - "chaum", - "clarke", - "colden", - "cori", - "cray", - "curran", - "curie", - "darwin", - "davinci", - "dewdney", - "dhawan", - "diffie", - "dijkstra", - "dirac", - "driscoll", - "dubinsky", - "easley", - "edison", - "einstein", - "elbakyan", - "elgamal", - "elion", - "ellis", - "engelbart", - "euclid", - "euler", - "faraday", - "feistel", - "fermat", - "fermi", - "feynman", - "franklin", - "gagarin", - "galileo", - "galois", - "ganguly", - "gates", - "gauss", - "germain", - "goldberg", - "goldstine", - "goldwasser", - "golick", - "goodall", - "gould", - "greider", - "grothendieck", - "haibt", - "hamilton", - "haslett", - "hawking", - "hellman", - "heisenberg", - "hermann", - "herschel", - "hertz", - "heyrovsky", - "hodgkin", - "hofstadter", - "hoover", - "hopper", - "hugle", - "hypatia", - "ishizaka", - "jackson", - "jang", - "jemison", - "jennings", - "jepsen", - "johnson", - "joliot", - "jones", - "kalam", - "kapitsa", - "kare", - "keldysh", - "keller", - "kepler", - "khayyam", - "khorana", - "kilby", - "kirch", - "knuth", - "kowalevski", - "lalande", - "lamarr", - "lamport", - "leakey", - "leavitt", - "lederberg", - "lehmann", - "lewin", - "lichterman", - "liskov", - "lovelace", - "lumiere", - "mahavira", - "margulis", - "matsumoto", - "maxwell", - "mayer", - "mccarthy", - "mcclintock", - "mclaren", - "mclean", - "mcnulty", - "mendel", - "mendeleev", - "meitner", - "meninsky", - "merkle", - "mestorf", - "mirzakhani", - "moore", - "morse", - "murdock", - "moser", - "napier", - "nash", - "neumann", - "newton", - "nightingale", - "nobel", - "noether", - "northcutt", - "noyce", - "panini", - "pare", - "pascal", - "pasteur", - "payne", - "perlman", - "pike", - "poincare", - "poitras", - "proskuriakova", - "ptolemy", - "raman", - "ramanujan", - "ride", - "montalcini", - "ritchie", - "rhodes", - "robinson", - "roentgen", - "rosalind", - "rubin", - "saha", - "sammet", - "sanderson", - "satoshi", - "shamir", - "shannon", - "shaw", - "shirley", - "shockley", - "shtern", - "sinoussi", - "snyder", - "solomon", - "spence", - "stonebraker", - "sutherland", - "swanson", - "swartz", - "swirles", - "taussig", - "tereshkova", - "tesla", - "tharp", - "thompson", - "torvalds", - "tu", - "turing", - "varahamihira", - "vaughan", - "visvesvaraya", - "volhard", - "villani", - "wescoff", - "wilbur", - "wiles", - "williams", - "williamson", - "wilson", - "wing", - "wozniak", - "wright", - "wu", - "yalow", - "yonath", - "zhukovsky" -] \ No newline at end of file + "albattani", + "allen", + "almeida", + "antonelli", + "agnesi", + "archimedes", + "ardinghelli", + "aryabhata", + "austin", + "babbage", + "banach", + "banzai", + "bardeen", + "bartik", + "bassi", + "beaver", + "bell", + "benz", + "bhabha", + "bhaskara", + "black", + "blackburn", + "blackwell", + "bohr", + "booth", + "borg", + "bose", + "bouman", + "boyd", + "brahmagupta", + "brattain", + "brown", + "buck", + "burnell", + "cannon", + "carson", + "cartwright", + "carver", + "cerf", + "chandrasekhar", + "chaplygin", + "chatelet", + "chatterjee", + "chebyshev", + "cohen", + "chaum", + "clarke", + "colden", + "cori", + "cray", + "curran", + "curie", + "darwin", + "davinci", + "dewdney", + "dhawan", + "diffie", + "dijkstra", + "dirac", + "driscoll", + "dubinsky", + "easley", + "edison", + "einstein", + "elbakyan", + "elgamal", + "elion", + "ellis", + "engelbart", + "euclid", + "euler", + "faraday", + "feistel", + "fermat", + "fermi", + "feynman", + "franklin", + "gagarin", + "galileo", + "galois", + "ganguly", + "gates", + "gauss", + "germain", + "goldberg", + "goldstine", + "goldwasser", + "golick", + "goodall", + "gould", + "greider", + "grothendieck", + "haibt", + "hamilton", + "haslett", + "hawking", + "hellman", + "heisenberg", + "hermann", + "herschel", + "hertz", + "heyrovsky", + "hodgkin", + "hofstadter", + "hoover", + "hopper", + "hugle", + "hypatia", + "ishizaka", + "jackson", + "jang", + "jemison", + "jennings", + "jepsen", + "johnson", + "joliot", + "jones", + "kalam", + "kapitsa", + "kare", + "keldysh", + "keller", + "kepler", + "khayyam", + "khorana", + "kilby", + "kirch", + "knuth", + "kowalevski", + "lalande", + "lamarr", + "lamport", + "leakey", + "leavitt", + "lederberg", + "lehmann", + "lewin", + "lichterman", + "liskov", + "lovelace", + "lumiere", + "mahavira", + "margulis", + "matsumoto", + "maxwell", + "mayer", + "mccarthy", + "mcclintock", + "mclaren", + "mclean", + "mcnulty", + "mendel", + "mendeleev", + "meitner", + "meninsky", + "merkle", + "mestorf", + "mirzakhani", + "moore", + "morse", + "murdock", + "moser", + "napier", + "nash", + "neumann", + "newton", + "nightingale", + "nobel", + "noether", + "northcutt", + "noyce", + "panini", + "pare", + "pascal", + "pasteur", + "payne", + "perlman", + "pike", + "poincare", + "poitras", + "proskuriakova", + "ptolemy", + "raman", + "ramanujan", + "ride", + "montalcini", + "ritchie", + "rhodes", + "robinson", + "roentgen", + "rosalind", + "rubin", + "saha", + "sammet", + "sanderson", + "satoshi", + "shamir", + "shannon", + "shaw", + "shirley", + "shockley", + "shtern", + "sinoussi", + "snyder", + "solomon", + "spence", + "stonebraker", + "sutherland", + "swanson", + "swartz", + "swirles", + "taussig", + "tereshkova", + "tesla", + "tharp", + "thompson", + "torvalds", + "tu", + "turing", + "varahamihira", + "vaughan", + "visvesvaraya", + "volhard", + "villani", + "wescoff", + "wilbur", + "wiles", + "williams", + "williamson", + "wilson", + "wing", + "wozniak", + "wright", + "wu", + "yalow", + "yonath", + "zhukovsky" +] diff --git a/backend/src/tasks/sample_data/services.json b/backend/src/tasks/sample_data/services.json index b7fd4d49..8b48535d 100644 --- a/backend/src/tasks/sample_data/services.json +++ b/backend/src/tasks/sample_data/services.json @@ -1,7 +1,22 @@ [ - {"port": 80, "service": "http" }, - {"port": 443, "service": "https" }, - {"port": 22, "service": "ssh" }, - {"port": 25, "service": "ftp" }, - {"port": 3389, "service": "rdp" } -] \ No newline at end of file + { + "port": 80, + "service": "http" + }, + { + "port": 443, + "service": "https" + }, + { + "port": 22, + "service": "ssh" + }, + { + "port": 25, + "service": "ftp" + }, + { + "port": 3389, + "service": "rdp" + } +] diff --git a/backend/src/tasks/wappalyzer.ts b/backend/src/tasks/wappalyzer.ts index 91d0c273..ce3ce901 100644 --- a/backend/src/tasks/wappalyzer.ts +++ b/backend/src/tasks/wappalyzer.ts @@ -43,7 +43,7 @@ const wappalyze = async (domain: LiveDomain): Promise => { if (error.response) { // a response was received but we failed after the response console.error(`${domain.url} returned error. - Code: ${error.code}. + Code: ${error.code}. Response: ${error.response}`); } else if (error.code === 'ECONNABORTED') { // request timed out @@ -53,15 +53,15 @@ const wappalyze = async (domain: LiveDomain): Promise => { } else { // other errors console.error( - `${domain.url} - Axios unexpected error. - Code (if any): ${error.code}. + `${domain.url} - Axios unexpected error. + Code (if any): ${error.code}. Error: ${JSON.stringify(error, null, 4)}` ); } } else { console.error( - `${domain.url} - Unknown unexpected error. - Type: ${e.typeof}. + `${domain.url} - Unknown unexpected error. + Type: ${e.typeof}. Error: ${JSON.stringify(e, null, 4)}` ); } diff --git a/backend/worker/common_tlds.dict b/backend/worker/common_tlds.dict index 5be4cec8..d27bba9a 100644 --- a/backend/worker/common_tlds.dict +++ b/backend/worker/common_tlds.dict @@ -366,4 +366,4 @@ film fyi buzz cam -tl \ No newline at end of file +tl diff --git a/backend/worker/webscraper/.gitignore b/backend/worker/webscraper/.gitignore index 38934c50..0181eefd 100644 --- a/backend/worker/webscraper/.gitignore +++ b/backend/worker/webscraper/.gitignore @@ -1,3 +1,3 @@ s3-data out.jl -domains.txt \ No newline at end of file +domains.txt diff --git a/docs/.dockerignore b/docs/.dockerignore index b25d4052..98ee5cca 100644 --- a/docs/.dockerignore +++ b/docs/.dockerignore @@ -3,4 +3,4 @@ node_modules ./docs/node_modules ./docs/.cache **/node_modules -**/.cache \ No newline at end of file +**/.cache diff --git a/docs/.gitignore b/docs/.gitignore index 570da134..2dea2a17 100644 --- a/docs/.gitignore +++ b/docs/.gitignore @@ -1,3 +1,3 @@ src/generated public -.cache \ No newline at end of file +.cache diff --git a/docs/.prettierignore b/docs/.prettierignore index 88cbdbf5..2f34c7ee 100644 --- a/docs/.prettierignore +++ b/docs/.prettierignore @@ -2,4 +2,4 @@ package.json package-lock.json public -generated \ No newline at end of file +generated diff --git a/docs/.prettierrc b/docs/.prettierrc index 92beac47..36136355 100644 --- a/docs/.prettierrc +++ b/docs/.prettierrc @@ -4,4 +4,4 @@ "singleQuote": true, "tabWidth": 2, "trailingComma": "es5" -} \ No newline at end of file +} diff --git a/docs/package.json b/docs/package.json index 9612f028..956afbd2 100644 --- a/docs/package.json +++ b/docs/package.json @@ -1,29 +1,25 @@ { - "name": "crossfeed-docs", - "description": "Crossfeed Documentation", - "version": "1.0.0", - "engines": { - "node": ">=18.0.0" - }, - "engineStrict": true, - "scripts": { - "clean": "rimraf .cache public _site", - "build": "gatsby build", - "reset": "npx rimraf .git", - "develop": "gatsby develop", - "format": "prettier --write \"**/*.{js,jsx,json,md}\"", - "lint": "prettier --check \"**/*.{js,jsx,json,md}\"", - "start": "npm run develop", - "serve": "gatsby serve", - "codegen": "swagger-jsdoc -d ./src/swaggerDef.js -o ./src/generated/swagger.json", - "postinstall": "npm run codegen" + "dependencies": { + "@reach/router": "^1.3.4", + "clipboardy": "^3.0.0", + "resolve-url-loader": "^5.0.0", + "swagger-jsdoc": "^5.0.1" }, + "description": "Crossfeed Documentation", "devDependencies": { + "@babel/eslint-parser": "^7.22.5", "@fortawesome/fontawesome-svg-core": "^1.2.32", "@fortawesome/free-solid-svg-icons": "^5.15.1", "@fortawesome/react-fontawesome": "^0.2.0", + "@typescript-eslint/eslint-plugin": "^5.59.0", + "@typescript-eslint/parser": "^5.59.0", "classnames": "^2.2.6", "eslint-config-react-app": "^7.0.1", + "eslint-plugin-flowtype": "^8.0.3", + "eslint-plugin-import": "^2.27.5", + "eslint-plugin-jsx-a11y": "^6.7.1", + "eslint-plugin-react": "^7.32.2", + "eslint-plugin-react-hooks": "^4.6.0", "gatsby": "^5.9.0", "gatsby-cli": "^5.9.0", "gatsby-plugin-manifest": "^5.9.0", @@ -46,22 +42,13 @@ "rimraf": "^3.0.2", "sass": "^1.61.0", "swagger-ui-react": "^4.19.0", - "uswds": "^2.13.3", - "@typescript-eslint/eslint-plugin": "^5.59.0", - "@typescript-eslint/parser": "^5.59.0", - "@babel/eslint-parser": "^7.22.5", - "eslint-plugin-flowtype": "^8.0.3", - "eslint-plugin-import": "^2.27.5", - "eslint-plugin-jsx-a11y": "^6.7.1", - "eslint-plugin-react": "^7.32.2", - "eslint-plugin-react-hooks": "^4.6.0" + "uswds": "^2.13.3" }, - "dependencies": { - "@reach/router": "^1.3.4", - "clipboardy": "^3.0.0", - "resolve-url-loader": "^5.0.0", - "swagger-jsdoc": "^5.0.1" + "engineStrict": true, + "engines": { + "node": ">=18.0.0" }, + "name": "crossfeed-docs", "overrides": { "@typescript-eslint/eslint-plugin": "$@typescript-eslint/eslint-plugin", "@typescript-eslint/parser": "$@typescript-eslint/parser", @@ -69,7 +56,7 @@ "clipboardy": { "execa": "5.1.1" }, - "css-minimizer-webpack-plugin":"^5.0.0", + "css-minimizer-webpack-plugin": "^5.0.0", "engine.io": "6.4.2", "gatsby": { "cache-manager": "^5.2.1" @@ -80,5 +67,18 @@ "simple-get": "^4.0.1", "socket.io": "4.6.1", "yaml": "^2.2.2" - } -} \ No newline at end of file + }, + "scripts": { + "build": "gatsby build", + "clean": "rimraf .cache public _site", + "codegen": "swagger-jsdoc -d ./src/swaggerDef.js -o ./src/generated/swagger.json", + "develop": "gatsby develop", + "format": "prettier --write \"**/*.{js,jsx,json,md}\"", + "lint": "prettier --check \"**/*.{js,jsx,json,md}\"", + "postinstall": "npm run codegen", + "reset": "npx rimraf .git", + "serve": "gatsby serve", + "start": "npm run develop" + }, + "version": "1.0.0" +} diff --git a/docs/src/components/highlights.js b/docs/src/components/highlights.js index 7145cd9c..79345cab 100644 --- a/docs/src/components/highlights.js +++ b/docs/src/components/highlights.js @@ -9,7 +9,7 @@ import { } from '@fortawesome/free-solid-svg-icons'; /* - Use this section to highlight key elements of your site. Some sites will only have two while others may have six to eight. + Use this section to highlight key elements of your site. Some sites will only have two while others may have six to eight. */ const Highlights = () => ( diff --git a/docs/src/components/search-form.js b/docs/src/components/search-form.js index 9d6619a3..29a68ee5 100644 --- a/docs/src/components/search-form.js +++ b/docs/src/components/search-form.js @@ -3,22 +3,20 @@ import { useStaticQuery, graphql } from 'gatsby'; import { navigate } from '@reach/router'; const SearchForm = ({ navigation, secondaryLinks }) => { - const { site } = useStaticQuery( - graphql` - query { - site { - pathPrefix - siteMetadata { - searchgov { - affiliate - endpoint - inline - } + const { site } = useStaticQuery(graphql` + query { + site { + pathPrefix + siteMetadata { + searchgov { + affiliate + endpoint + inline } } } - ` - ); + } + `); const { affiliate, endpoint, inline } = site.siteMetadata.searchgov; const handleSubmit = (e) => { diff --git a/docs/src/components/seo.js b/docs/src/components/seo.js index ea1290f9..7ccabe8e 100644 --- a/docs/src/components/seo.js +++ b/docs/src/components/seo.js @@ -11,19 +11,17 @@ import { Helmet } from 'react-helmet'; import { useStaticQuery, graphql } from 'gatsby'; function SEO({ description, lang, meta, title }) { - const { site } = useStaticQuery( - graphql` - query { - site { - siteMetadata { - title - description - author - } + const { site } = useStaticQuery(graphql` + query { + site { + siteMetadata { + title + description + author } } - ` - ); + } + `); const metaDescription = description || site.siteMetadata.description; diff --git a/docs/src/styles/index.scss b/docs/src/styles/index.scss index 5e377072..d7fe9bc2 100644 --- a/docs/src/styles/index.scss +++ b/docs/src/styles/index.scss @@ -60,7 +60,7 @@ $theme-hero-image: '../images/crossfeed-search-result.png'; // Icons on front page .icon-circle-container { position: relative; - + svg { position: absolute; left: 50%; @@ -94,7 +94,7 @@ code.language-text { // API Reference .swagger-ui { - // Hide title + // Hide title div.info { display: none; } @@ -113,4 +113,4 @@ code.language-text { // font-size: initial; } } -} \ No newline at end of file +} diff --git a/docs/src/templates/architecture-diagram.html b/docs/src/templates/architecture-diagram.html index b933d2a6..b9c5e02c 100644 --- a/docs/src/templates/architecture-diagram.html +++ b/docs/src/templates/architecture-diagram.html @@ -1,11 +1,21 @@ - - + + - -crossfeed pe new diagram - - -
- - - \ No newline at end of file + + crossfeed pe new diagram + + + +
+ + + diff --git a/frontend/.dockerignore b/frontend/.dockerignore index b512c09d..3c3629e6 100644 --- a/frontend/.dockerignore +++ b/frontend/.dockerignore @@ -1 +1 @@ -node_modules \ No newline at end of file +node_modules diff --git a/frontend/Dockerfile b/frontend/Dockerfile index e6355ece..431d2fae 100644 --- a/frontend/Dockerfile +++ b/frontend/Dockerfile @@ -13,4 +13,4 @@ RUN npm ci --legacy-peer-deps COPY . . -CMD [ "npm", "run", "start" ] \ No newline at end of file +CMD [ "npm", "run", "start" ] diff --git a/frontend/prod.env b/frontend/prod.env index 46f8c593..4db0aeff 100644 --- a/frontend/prod.env +++ b/frontend/prod.env @@ -5,4 +5,4 @@ REACT_APP_USER_POOL_ID=us-east-1_MZgKoBmkN REACT_APP_USER_POOL_CLIENT_ID=6qseah01b4vse02srrpra2u350 REACT_APP_TERMS_VERSION=1 REACT_APP_COOKIE_DOMAIN=crossfeed.cyber.dhs.gov -REACT_APP_TOTP_ISSUER=CISA Crossfeed \ No newline at end of file +REACT_APP_TOTP_ISSUER=CISA Crossfeed diff --git a/frontend/public/robots.txt b/frontend/public/robots.txt index f89c874a..01b0f9a1 100644 --- a/frontend/public/robots.txt +++ b/frontend/public/robots.txt @@ -1,2 +1,2 @@ # https://www.robotstxt.org/robotstxt.html -User-agent: * \ No newline at end of file +User-agent: * diff --git a/frontend/scripts/package.json b/frontend/scripts/package.json index 96ae6e57..3dbc1ca5 100644 --- a/frontend/scripts/package.json +++ b/frontend/scripts/package.json @@ -1,3 +1,3 @@ { - "type": "module" -} \ No newline at end of file + "type": "module" +} diff --git a/frontend/src/assets/icon-dot-gov.svg b/frontend/src/assets/icon-dot-gov.svg index 3bf04789..a5b65349 100644 --- a/frontend/src/assets/icon-dot-gov.svg +++ b/frontend/src/assets/icon-dot-gov.svg @@ -1 +1 @@ -icon-dot-gov \ No newline at end of file +icon-dot-gov diff --git a/frontend/src/assets/icon-https.svg b/frontend/src/assets/icon-https.svg index 19ad04fc..f96f88b1 100644 --- a/frontend/src/assets/icon-https.svg +++ b/frontend/src/assets/icon-https.svg @@ -1 +1 @@ -icon-https \ No newline at end of file +icon-https diff --git a/frontend/src/components/AuthForm/styles.module.scss b/frontend/src/components/AuthForm/styles.module.scss index d6bde1a5..b3af104a 100644 --- a/frontend/src/components/AuthForm/styles.module.scss +++ b/frontend/src/components/AuthForm/styles.module.scss @@ -41,7 +41,7 @@ -webkit-appearance: none; margin: 0; } - + input[type='number'] { appearance: textfield; } @@ -56,4 +56,4 @@ max-width: 36rem; } } -} \ No newline at end of file +} diff --git a/frontend/src/components/Header.tsx b/frontend/src/components/Header.tsx index e6b751dd..79b12bdd 100644 --- a/frontend/src/components/Header.tsx +++ b/frontend/src/components/Header.tsx @@ -247,16 +247,16 @@ const HeaderNoCtx: React.FC = (props) => { exact: false }, - /* + /* Hiding Feeds page until finished - { title: 'Feeds', - path: '/feeds', - users: ALL_USERS, - exact: false + { title: 'Feeds', + path: '/feeds', + users: ALL_USERS, + exact: false },*/ - /* - Hiding Reports page until finished + /* + Hiding Reports page until finished { title: 'Reports', path: '/reports', diff --git a/frontend/src/pages/Scans/arrow-both.svg b/frontend/src/pages/Scans/arrow-both.svg index ffde1f19..17787ac5 100644 --- a/frontend/src/pages/Scans/arrow-both.svg +++ b/frontend/src/pages/Scans/arrow-both.svg @@ -1 +1 @@ -arrow-both \ No newline at end of file +arrow-both diff --git a/frontend/src/styles.scss b/frontend/src/styles.scss index 138e94cd..dc7934ea 100644 --- a/frontend/src/styles.scss +++ b/frontend/src/styles.scss @@ -93,7 +93,6 @@ form[data-amplify-authenticator-setup-totp] { div[data-amplify-copy] { display: none; } - } .alert_box { margin-top: 25px; @@ -106,20 +105,19 @@ form[data-amplify-authenticator-setup-totp] { font-size: 20px; } .notification_header { - position: relative; + position: relative; padding-left: 10px; padding-top: 10px; padding-bottom: 20px; - transition: top .2s; + transition: top 0.2s; background-color: white; - } -.temp_notification{ - position: relative; +.temp_notification { + position: relative; padding-left: 10px; padding-top: 10px; padding-bottom: 20px; - transition: top .2s; + transition: top 0.2s; background-color: white; } @@ -133,7 +131,7 @@ form[data-amplify-authenticator-setup-totp] { margin-right: 100px; } .warning_header { - margin:auto; + margin: auto; width: 50%; text-align: center; padding-top: 10px; @@ -142,16 +140,15 @@ form[data-amplify-authenticator-setup-totp] { font-size: 20px; } -.warning_notification { - position: relative; +.warning_notification { + position: relative; padding-left: 10px; //padding-top: 10px; padding-bottom: 20px; - transition: top .2s; - + transition: top 0.2s; } -.warning_logo{ - margin:auto; +.warning_logo { + margin: auto; width: 50%; text-align: center; } @@ -165,7 +162,7 @@ form[data-amplify-authenticator-setup-totp] { .banner_header { padding-left: 185px; padding-top: 10px; - transition: top .2s; + transition: top 0.2s; background-color: white; font-weight: bold; } @@ -180,10 +177,10 @@ form[data-amplify-authenticator-setup-totp] { transition: 0.3s; } .banner_login { - position: relative; + position: relative; padding-left: 10px; - // padding-top: 10px; - // padding-bottom: 20px; - transition: top .2s; + // padding-top: 10px; + // padding-bottom: 20px; + transition: top 0.2s; background-color: white; } diff --git a/frontend/stage.env b/frontend/stage.env index 0a944cee..bc6d8ec3 100644 --- a/frontend/stage.env +++ b/frontend/stage.env @@ -5,4 +5,4 @@ REACT_APP_USER_POOL_ID=us-east-1_uxiY8DOum REACT_APP_USER_POOL_CLIENT_ID=1qf4cii9v0t9hn1hnr54f2ao0j REACT_APP_TERMS_VERSION=1 REACT_APP_COOKIE_DOMAIN=staging-cd.crossfeed.cyber.dhs.gov -REACT_APP_TOTP_ISSUER=Staging Crossfeed \ No newline at end of file +REACT_APP_TOTP_ISSUER=Staging Crossfeed diff --git a/infrastructure/Makefile b/infrastructure/Makefile index d68aed05..2f3e3fd8 100644 --- a/infrastructure/Makefile +++ b/infrastructure/Makefile @@ -5,6 +5,6 @@ init: plan: terraform plan -var-file=stage.tfvars -out plan apply: - terraform apply plan + terraform apply plan format: - terraform validate && terraform fmt -recursive \ No newline at end of file + terraform validate && terraform fmt -recursive diff --git a/infrastructure/api_gateway_alarms.tf b/infrastructure/api_gateway_alarms.tf index 133cf557..2c04484e 100644 --- a/infrastructure/api_gateway_alarms.tf +++ b/infrastructure/api_gateway_alarms.tf @@ -18,4 +18,3 @@ resource "aws_cloudwatch_metric_alarm" "api_error_rate" { Severity = var.severity_medium } } - diff --git a/infrastructure/cloudtrail.tf b/infrastructure/cloudtrail.tf index 5336d6d4..798e51c8 100644 --- a/infrastructure/cloudtrail.tf +++ b/infrastructure/cloudtrail.tf @@ -138,4 +138,4 @@ resource "aws_iam_role_policy" "cloudtrail_cloudwatch_policy" { Resource = "arn:aws:logs:*" }] }) -} \ No newline at end of file +} diff --git a/infrastructure/cloudwatch.tf b/infrastructure/cloudwatch.tf index dd8fdb2d..c6677e3e 100644 --- a/infrastructure/cloudwatch.tf +++ b/infrastructure/cloudwatch.tf @@ -87,4 +87,4 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "cloudwatch_bucket sse_algorithm = "AES256" } } -} \ No newline at end of file +} diff --git a/infrastructure/database.tf b/infrastructure/database.tf index ebda69f9..00c6a83f 100644 --- a/infrastructure/database.tf +++ b/infrastructure/database.tf @@ -373,4 +373,3 @@ resource "aws_s3_bucket_logging" "pe_db_backups_bucket" { target_bucket = aws_s3_bucket.logging_bucket.id target_prefix = "pe_db_backups_bucket/" } - diff --git a/infrastructure/elastic.tf b/infrastructure/elastic.tf index 4f51938a..6e380347 100644 --- a/infrastructure/elastic.tf +++ b/infrastructure/elastic.tf @@ -27,5 +27,3 @@ resource "aws_instance" "elk_stack" { ignore_changes = [ami] } } - - diff --git a/infrastructure/kms.tf b/infrastructure/kms.tf index 94050651..55b687d2 100644 --- a/infrastructure/kms.tf +++ b/infrastructure/kms.tf @@ -182,4 +182,4 @@ resource "aws_kms_key" "key" { resource "aws_kms_alias" "key" { target_key_id = aws_kms_key.key.id name = "alias/${var.stage}-key" -} \ No newline at end of file +} diff --git a/infrastructure/log_alarms.tf b/infrastructure/log_alarms.tf index da37d1f4..3ff8b4e3 100644 --- a/infrastructure/log_alarms.tf +++ b/infrastructure/log_alarms.tf @@ -318,4 +318,4 @@ resource "aws_cloudwatch_metric_alarm" "db_deletion" { Stage = var.stage Severity = var.severity_critical } -} \ No newline at end of file +} diff --git a/infrastructure/log_filters.tf b/infrastructure/log_filters.tf index 7c84e961..56f1d681 100644 --- a/infrastructure/log_filters.tf +++ b/infrastructure/log_filters.tf @@ -200,4 +200,4 @@ resource "aws_cloudwatch_log_metric_filter" "db_deletion" { default_value = 0 value = 1 } -} \ No newline at end of file +} diff --git a/infrastructure/pe.tf b/infrastructure/pe.tf index 14150e91..8256102e 100644 --- a/infrastructure/pe.tf +++ b/infrastructure/pe.tf @@ -330,4 +330,4 @@ resource "aws_cloudwatch_event_target" "scheduled_pe_top_cves_task" { ] } EOF -} \ No newline at end of file +} diff --git a/infrastructure/pe_worker.tf b/infrastructure/pe_worker.tf index 8215cdca..5cd32061 100644 --- a/infrastructure/pe_worker.tf +++ b/infrastructure/pe_worker.tf @@ -832,4 +832,4 @@ resource "aws_cloudwatch_log_group" "pe_worker" { Stage = var.stage Owner = "Crossfeed managed resource" } -} \ No newline at end of file +} diff --git a/infrastructure/stage.config b/infrastructure/stage.config index b7dd7c22..0dfa2422 100644 --- a/infrastructure/stage.config +++ b/infrastructure/stage.config @@ -5,4 +5,4 @@ key="STAGE/frontend-stage.tfstate" bucket="cisa-cd-crossfeed-terraform-state" region="us-east-1" -profile="default" \ No newline at end of file +profile="default" diff --git a/infrastructure/users.tf b/infrastructure/users.tf index 1cd98117..29825f4f 100644 --- a/infrastructure/users.tf +++ b/infrastructure/users.tf @@ -65,4 +65,4 @@ resource "aws_ssm_parameter" "user_pool_client_id" { tags = { Project = var.project } -} \ No newline at end of file +} diff --git a/infrastructure/vars.tf b/infrastructure/vars.tf index f47c3e7c..15e19040 100644 --- a/infrastructure/vars.tf +++ b/infrastructure/vars.tf @@ -673,4 +673,4 @@ variable "pe_cybersixgill_ecs_service_name" { description = "pe_cybersixgill_ecs_service_name" type = string default = "pe-staging-cybersixgill" -} \ No newline at end of file +} diff --git a/minio-data/crossfeed-local-exports/README.md b/minio-data/crossfeed-local-exports/README.md index 4c023824..e6e75ebe 100644 --- a/minio-data/crossfeed-local-exports/README.md +++ b/minio-data/crossfeed-local-exports/README.md @@ -1 +1 @@ -Keep this file here, so that the crossfeed-local-exports bucket is created by default with minio. \ No newline at end of file +Keep this file here, so that the crossfeed-local-exports bucket is created by default with minio. From 80a670048b5847edbdfb9faf558b92de7cfa6966 Mon Sep 17 00:00:00 2001 From: "Grayson, Matthew" Date: Mon, 18 Mar 2024 12:53:14 -0500 Subject: [PATCH 2/2] Exclude dev.env.example from detect-private-key hook. --- .pre-commit-config.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 9deec472..77e29404 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -16,6 +16,7 @@ repos: args: - --allow-missing-credentials - id: detect-private-key + exclude: dev.env.example - id: end-of-file-fixer exclude: files/(issue|motd) - id: mixed-line-ending