Kenna::Toolkit::AwsInspector2#run accumulator properties creates vuln_defs Failure/Error: expect(task.vuln_defs) .to include({ cve_identifiers: "CVE-2022-21426", name: "CVE-2022-21426 - java-1.7.0-openjdk", scanner_identifier: "arn:aws:inspector2:us-east-1:612899039241:finding/f7108e88a43e52e5f5168861180f1efd", scanner_type: "AWS Inspector V2", description: start_with("Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product"), solution: "None Provided" }) expected [{"cve_identifiers" => "CVE-2018-18557", "description" => " LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4....e6624f6", "scanner_type" => "AWS Inspector V2", "solution" => "update tunnel-agent to 0.6.0 or higher"}] to include {:cve_identifiers => "CVE-2022-21426", :name => "CVE-2022-21426 - java-1.7.0-openjdk", :scanner_identifier => "arn:aws:inspector2:us-east-1:612899039241:finding/f7108e88a43e52e5f5168861180f1efd", :scanner_type => "AWS Inspector V2", :description => (start with "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product"), :solution => "None Provided"} Diff: @@ -1,7 +1,4048 @@ -:cve_identifiers => "CVE-2022-21426", -:description => (start with "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product"), -:name => "CVE-2022-21426 - java-1.7.0-openjdk", -:scanner_identifier => "arn:aws:inspector2:us-east-1:612899039241:finding/f7108e88a43e52e5f5168861180f1efd", -:scanner_type => "AWS Inspector V2", -:solution => "None Provided", +[{"cve_identifiers"=>"CVE-2018-18557", + "description"=> + " LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write.", + "name"=>"CVE-2018-18557 - libtiff5", + "scanner_identifier"=> + "arn:aws:inspector2:us-east-1:612899039241:finding/1659b798d45f9a7e924f976734308c0a", + "scanner_type"=>"AWS Inspector V2", + "solution"=>"None Provided"}, + {"cve_identifiers"=>"CVE-2019-5188", + "description"=> + " A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", + "name"=>"CVE-2019-5188 - e2fsprogs", + "scanner_identifier"=> + "arn:aws:inspector2:us-east-1:612899039241:finding/167f804ff5c65b05d7d7c4cefeb0df8b", + "scanner_type"=>"AWS Inspector V2", + "solution"=>"None Provided"}, + {"description"=> + "`npm-user-validate` before version `1.0.1` is vulnerable to a Regular Expression Denial of Service (REDos). The regex that validates user emails took exponentially longer to process long input strings beginning with `@` characters.\n\n### Impact\nThe issue affects the `email` function. If you use this function to process arbitrary user input with no character limit the application may be susceptible to Denial of Service.\n\n### Patches\nThe issue is patched in version 1.0.1 by improving the regular expression used and also enforcing a 254 character limit.\n\n### Workarounds\nRestrict the character length to a reasonable degree before passing a value to `.emal()`; Also, consider doing a more rigorous sanitizing/validation beforehand.", + "name"=>"GHSA-xgh6-85xh-479p - npm-user-validate", + "scanner_identifier"=> + "arn:aws:inspector2:us-east-1:612899039241:finding/16ac3520dc6a06da689dc4c9a17c10ac", + "scanner_type"=>"AWS Inspector V2", + "solution"=>"None Provided"}, + {"cve_identifiers"=>"CVE-2021-4189", + "description"=> + " A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The is

Kenna::Toolkit::AwsInspector2#run accumulator properties creates vulns on the assets Failure/Error: expect(select_asset("i-09fd5b46b5457d22c")[:vulns]) .to include({ created_at: be_a(Time), last_seen_at: be_a(Time), scanner_identifier: "arn:aws:inspector2:us-east-1:612899039241:finding/32750bb2f6cae06b828c652864bc1060", scanner_type: "AWS Inspector V2", status: "open", scanner_score: 7, vuln_def_name: "CVE-2022-36123 - kernel" }) expected [{"created_at" => 2022-08-26 16:15:32.522000074 +0000, "last_seen_at" => 2022-08-26 19:17:20.707999944 +0..., "scanner_type" => "AWS Inspector V2", "status" => "open", "vuln_def_name" => "CVE-2022-36946 - kernel"}] to include {:created_at => (be a kind of Time), :last_seen_at => (be a kind of Time), :scanner_identifier => "arn:aws:inspector2:us-east-1:612899039241:finding/32750bb2f6cae06b828c652864bc1060", :scanner_type => "AWS Inspector V2", :status => "open", :scanner_score => 7, :vuln_def_name => "CVE-2022-36123 - kernel"} Diff: @@ -1,8 +1,49 @@ -:created_at => (be a kind of Time), -:last_seen_at => (be a kind of Time), -:scanner_identifier => "arn:aws:inspector2:us-east-1:612899039241:finding/32750bb2f6cae06b828c652864bc1060", -:scanner_score => 7, -:scanner_type => "AWS Inspector V2", -:status => "open", -:vuln_def_name => "CVE-2022-36123 - kernel", +[{"created_at"=>2022-08-26 16:15:32.522000074 +0000, + "last_seen_at"=>2022-08-26 19:17:20.707999944 +0000, + "scanner_identifier"=> + "arn:aws:inspector2:us-east-1:612899039241:finding/504c66920223cd01ed6f62d83a659ce3", + "scanner_score"=>6, + "scanner_type"=>"AWS Inspector V2", + "status"=>"open", + "vuln_def_name"=>"CVE-2022-23825 - kernel"}, + {"created_at"=>2022-08-26 16:15:32.522000074 +0000, + "last_seen_at"=>2022-08-26 19:17:20.707999944 +0000, + "scanner_identifier"=> + "arn:aws:inspector2:us-east-1:612899039241:finding/78122a919223371e2c60c1080df04cb5", + "scanner_score"=>6, + "scanner_type"=>"AWS Inspector V2", + "status"=>"open", + "vuln_def_name"=>"CVE-2022-29901 - kernel"}, + {"created_at"=>2022-08-26 16:15:32.522000074 +0000, + "last_seen_at"=>2022-08-26 19:17:20.707999944 +0000, + "scanner_identifier"=> + "arn:aws:inspector2:us-east-1:612899039241:finding/8b5ba24c55c397c8463ae22365eac5ce", + "scanner_score"=>6, + "scanner_type"=>"AWS Inspector V2", + "status"=>"open", + "vuln_def_name"=>"CVE-2022-26373 - kernel"}, + {"created_at"=>2022-08-26 16:15:32.522000074 +0000, + "last_seen_at"=>2022-08-26 19:17:20.707999944 +0000, + "scanner_identifier"=> + "arn:aws:inspector2:us-east-1:612899039241:finding/a341a004dc5d6d92e4f998a03a854a7a", + "scanner_score"=>6, + "scanner_type"=>"AWS Inspector V2", + "status"=>"open", + "vuln_def_name"=>"CVE-2022-29900 - kernel"}, + {"created_at"=>2022-08-26 16:15:32.522000074 +0000, + "last_seen_at"=>2022-08-26 19:17:20.707999944 +0000, + "scanner_identifier"=> + "arn:aws:inspector2:us-east-1:612899039241:finding/ab9b406f20a3f316fb1f8724e0cd1d0b", + "scanner_score"=>6, + "scanner_type"=>"AWS Inspector V2", + "status"=>"open", + "vuln_def_name"=>"CVE-2022-23816 - kernel"}, + {"created_at"=>2022-08-26 16:15:32.522000074 +0000, + "last_seen_at"=>2022-08-26 19:17:20.707999944 +0000, + "scanner_identifier"=> + "arn:aws:inspector2:us-east-1:612899039241:finding/dfc14145fe2e60dea3ff36ce060b367f", + "scanner_score"=>6, + "scanner_type"=>"AWS Inspector V2", + "status"=>"open", + "vuln_def_name"=>"CVE-2022-36946 - kernel"}]

Process completed with exit code 1.

Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: actions/checkout@v3. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.

compare output bitsight output is the same output Skipped: Temporarily skipped with xdescribe

compare output expanse output is the same output Skipped: Temporarily skipped with xdescribe

compare output riskiq output is the same output Skipped: Temporarily skipped with xdescribe