SUP-1567 Undefined method ip_v4_addresses for NilClass #819
nativeruby.yml
on: pull_request
Native-Ruby-Test
17s
Annotations
3 errors and 5 warnings
Native-Ruby-Test:
spec/tasks/connectors/aws_inspector2/aws_inspector2_spec.rb#L32
Kenna::Toolkit::AwsInspector2#run accumulator properties creates vuln_defs
Failure/Error:
expect(task.vuln_defs)
.to include({
cve_identifiers: "CVE-2022-21426",
name: "CVE-2022-21426 - java-1.7.0-openjdk",
scanner_identifier: "arn:aws:inspector2:us-east-1:612899039241:finding/f7108e88a43e52e5f5168861180f1efd",
scanner_type: "AWS Inspector V2",
description: start_with("Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product"),
solution: "None Provided"
})
expected [{"cve_identifiers" => "CVE-2018-18557", "description" => " LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4....e6624f6", "scanner_type" => "AWS Inspector V2", "solution" => "update tunnel-agent to 0.6.0 or higher"}] to include {:cve_identifiers => "CVE-2022-21426", :name => "CVE-2022-21426 - java-1.7.0-openjdk", :scanner_identifier => "arn:aws:inspector2:us-east-1:612899039241:finding/f7108e88a43e52e5f5168861180f1efd", :scanner_type => "AWS Inspector V2", :description => (start with "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product"), :solution => "None Provided"}
Diff:
@@ -1,7 +1,4048 @@
-:cve_identifiers => "CVE-2022-21426",
-:description => (start with "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product"),
-:name => "CVE-2022-21426 - java-1.7.0-openjdk",
-:scanner_identifier => "arn:aws:inspector2:us-east-1:612899039241:finding/f7108e88a43e52e5f5168861180f1efd",
-:scanner_type => "AWS Inspector V2",
-:solution => "None Provided",
+[{"cve_identifiers"=>"CVE-2018-18557",
+ "description"=>
+ " LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write.",
+ "name"=>"CVE-2018-18557 - libtiff5",
+ "scanner_identifier"=>
+ "arn:aws:inspector2:us-east-1:612899039241:finding/1659b798d45f9a7e924f976734308c0a",
+ "scanner_type"=>"AWS Inspector V2",
+ "solution"=>"None Provided"},
+ {"cve_identifiers"=>"CVE-2019-5188",
+ "description"=>
+ " A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.",
+ "name"=>"CVE-2019-5188 - e2fsprogs",
+ "scanner_identifier"=>
+ "arn:aws:inspector2:us-east-1:612899039241:finding/167f804ff5c65b05d7d7c4cefeb0df8b",
+ "scanner_type"=>"AWS Inspector V2",
+ "solution"=>"None Provided"},
+ {"description"=>
+ "`npm-user-validate` before version `1.0.1` is vulnerable to a Regular Expression Denial of Service (REDos). The regex that validates user emails took exponentially longer to process long input strings beginning with `@` characters.\n\n### Impact\nThe issue affects the `email` function. If you use this function to process arbitrary user input with no character limit the application may be susceptible to Denial of Service.\n\n### Patches\nThe issue is patched in version 1.0.1 by improving the regular expression used and also enforcing a 254 character limit.\n\n### Workarounds\nRestrict the character length to a reasonable degree before passing a value to `.emal()`; Also, consider doing a more rigorous sanitizing/validation beforehand.",
+ "name"=>"GHSA-xgh6-85xh-479p - npm-user-validate",
+ "scanner_identifier"=>
+ "arn:aws:inspector2:us-east-1:612899039241:finding/16ac3520dc6a06da689dc4c9a17c10ac",
+ "scanner_type"=>"AWS Inspector V2",
+ "solution"=>"None Provided"},
+ {"cve_identifiers"=>"CVE-2021-4189",
+ "description"=>
+ " A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The is
|
Native-Ruby-Test:
spec/tasks/connectors/aws_inspector2/aws_inspector2_spec.rb#L71
Kenna::Toolkit::AwsInspector2#run accumulator properties creates vulns on the assets
Failure/Error:
expect(select_asset("i-09fd5b46b5457d22c")[:vulns])
.to include({ created_at: be_a(Time),
last_seen_at: be_a(Time),
scanner_identifier: "arn:aws:inspector2:us-east-1:612899039241:finding/32750bb2f6cae06b828c652864bc1060",
scanner_type: "AWS Inspector V2",
status: "open",
scanner_score: 7,
vuln_def_name: "CVE-2022-36123 - kernel" })
expected [{"created_at" => 2022-08-26 16:15:32.522000074 +0000, "last_seen_at" => 2022-08-26 19:17:20.707999944 +0..., "scanner_type" => "AWS Inspector V2", "status" => "open", "vuln_def_name" => "CVE-2022-36946 - kernel"}] to include {:created_at => (be a kind of Time), :last_seen_at => (be a kind of Time), :scanner_identifier => "arn:aws:inspector2:us-east-1:612899039241:finding/32750bb2f6cae06b828c652864bc1060", :scanner_type => "AWS Inspector V2", :status => "open", :scanner_score => 7, :vuln_def_name => "CVE-2022-36123 - kernel"}
Diff:
@@ -1,8 +1,49 @@
-:created_at => (be a kind of Time),
-:last_seen_at => (be a kind of Time),
-:scanner_identifier => "arn:aws:inspector2:us-east-1:612899039241:finding/32750bb2f6cae06b828c652864bc1060",
-:scanner_score => 7,
-:scanner_type => "AWS Inspector V2",
-:status => "open",
-:vuln_def_name => "CVE-2022-36123 - kernel",
+[{"created_at"=>2022-08-26 16:15:32.522000074 +0000,
+ "last_seen_at"=>2022-08-26 19:17:20.707999944 +0000,
+ "scanner_identifier"=>
+ "arn:aws:inspector2:us-east-1:612899039241:finding/504c66920223cd01ed6f62d83a659ce3",
+ "scanner_score"=>6,
+ "scanner_type"=>"AWS Inspector V2",
+ "status"=>"open",
+ "vuln_def_name"=>"CVE-2022-23825 - kernel"},
+ {"created_at"=>2022-08-26 16:15:32.522000074 +0000,
+ "last_seen_at"=>2022-08-26 19:17:20.707999944 +0000,
+ "scanner_identifier"=>
+ "arn:aws:inspector2:us-east-1:612899039241:finding/78122a919223371e2c60c1080df04cb5",
+ "scanner_score"=>6,
+ "scanner_type"=>"AWS Inspector V2",
+ "status"=>"open",
+ "vuln_def_name"=>"CVE-2022-29901 - kernel"},
+ {"created_at"=>2022-08-26 16:15:32.522000074 +0000,
+ "last_seen_at"=>2022-08-26 19:17:20.707999944 +0000,
+ "scanner_identifier"=>
+ "arn:aws:inspector2:us-east-1:612899039241:finding/8b5ba24c55c397c8463ae22365eac5ce",
+ "scanner_score"=>6,
+ "scanner_type"=>"AWS Inspector V2",
+ "status"=>"open",
+ "vuln_def_name"=>"CVE-2022-26373 - kernel"},
+ {"created_at"=>2022-08-26 16:15:32.522000074 +0000,
+ "last_seen_at"=>2022-08-26 19:17:20.707999944 +0000,
+ "scanner_identifier"=>
+ "arn:aws:inspector2:us-east-1:612899039241:finding/a341a004dc5d6d92e4f998a03a854a7a",
+ "scanner_score"=>6,
+ "scanner_type"=>"AWS Inspector V2",
+ "status"=>"open",
+ "vuln_def_name"=>"CVE-2022-29900 - kernel"},
+ {"created_at"=>2022-08-26 16:15:32.522000074 +0000,
+ "last_seen_at"=>2022-08-26 19:17:20.707999944 +0000,
+ "scanner_identifier"=>
+ "arn:aws:inspector2:us-east-1:612899039241:finding/ab9b406f20a3f316fb1f8724e0cd1d0b",
+ "scanner_score"=>6,
+ "scanner_type"=>"AWS Inspector V2",
+ "status"=>"open",
+ "vuln_def_name"=>"CVE-2022-23816 - kernel"},
+ {"created_at"=>2022-08-26 16:15:32.522000074 +0000,
+ "last_seen_at"=>2022-08-26 19:17:20.707999944 +0000,
+ "scanner_identifier"=>
+ "arn:aws:inspector2:us-east-1:612899039241:finding/dfc14145fe2e60dea3ff36ce060b367f",
+ "scanner_score"=>6,
+ "scanner_type"=>"AWS Inspector V2",
+ "status"=>"open",
+ "vuln_def_name"=>"CVE-2022-36946 - kernel"}]
|
Native-Ruby-Test
Process completed with exit code 1.
|
Native-Ruby-Test
Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: actions/checkout@v3. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.
|
Native-Ruby-Test:
spec/tasks/connectors/digital_footprint/compare_output_spec.rb#L10
compare output bitsight output is the same output
Skipped: Temporarily skipped with xdescribe
|
Native-Ruby-Test:
spec/tasks/connectors/digital_footprint/compare_output_spec.rb#L23
compare output expanse output is the same output
Skipped: Temporarily skipped with xdescribe
|
Native-Ruby-Test:
spec/tasks/connectors/digital_footprint/compare_output_spec.rb#L39
compare output riskiq output is the same output
Skipped: Temporarily skipped with xdescribe
|
Native-Ruby-Test:
spec/tasks/connectors/digital_footprint/compare_output_spec.rb#L52
compare output security scorecard output is the same output
Skipped: Temporarily skipped with xdescribe
|