Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor(vuln): don't remove VendorSeverity in JSON report #5761

Merged
merged 2 commits into from
Dec 12, 2023
Merged

refactor(vuln): don't remove VendorSeverity in JSON report #5761

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
7654ab6
refactor(report): don't remove VendorSeverity for JSON report
DmitriyLewen Dec 8, 2023
a46a8df
test: update golden files for module and vm tests
DmitriyLewen Dec 8, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions integration/testdata/almalinux-8.json.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,18 @@
"CweIDs": [
"CWE-125"
],
"VendorSeverity": {
"alma": 2,
"amazon": 2,
"arch-linux": 3,
"cbl-mariner": 3,
"nvd": 3,
"oracle-oval": 2,
"photon": 3,
"redhat": 2,
"rocky": 2,
"ubuntu": 2
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
Expand Down
32 changes: 32 additions & 0 deletions integration/testdata/alpine-310-registry.json.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,14 @@
"CweIDs": [
"CWE-330"
],
"VendorSeverity": {
"amazon": 2,
"nvd": 2,
"oracle-oval": 2,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
Expand Down Expand Up @@ -145,6 +153,14 @@
"CweIDs": [
"CWE-200"
],
"VendorSeverity": {
"amazon": 1,
"nvd": 2,
"oracle-oval": 1,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
Expand Down Expand Up @@ -216,6 +232,14 @@
"CweIDs": [
"CWE-330"
],
"VendorSeverity": {
"amazon": 2,
"nvd": 2,
"oracle-oval": 2,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
Expand Down Expand Up @@ -277,6 +301,14 @@
"CweIDs": [
"CWE-200"
],
"VendorSeverity": {
"amazon": 1,
"nvd": 2,
"oracle-oval": 1,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
Expand Down
32 changes: 32 additions & 0 deletions integration/testdata/alpine-310.json.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,14 @@
"CweIDs": [
"CWE-330"
],
"VendorSeverity": {
"amazon": 2,
"nvd": 2,
"oracle-oval": 2,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
Expand Down Expand Up @@ -139,6 +147,14 @@
"CweIDs": [
"CWE-200"
],
"VendorSeverity": {
"amazon": 1,
"nvd": 2,
"oracle-oval": 1,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
Expand Down Expand Up @@ -210,6 +226,14 @@
"CweIDs": [
"CWE-330"
],
"VendorSeverity": {
"amazon": 2,
"nvd": 2,
"oracle-oval": 2,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
Expand Down Expand Up @@ -271,6 +295,14 @@
"CweIDs": [
"CWE-200"
],
"VendorSeverity": {
"amazon": 1,
"nvd": 2,
"oracle-oval": 1,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
Expand Down
6 changes: 6 additions & 0 deletions integration/testdata/alpine-39-high-critical.json.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,9 @@
"CweIDs": [
"CWE-787"
],
"VendorSeverity": {
"nvd": 4
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
Expand Down Expand Up @@ -116,6 +119,9 @@
"CweIDs": [
"CWE-787"
],
"VendorSeverity": {
"nvd": 4
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
Expand Down
16 changes: 16 additions & 0 deletions integration/testdata/alpine-39-ignore-cveids.json.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,14 @@
"CweIDs": [
"CWE-200"
],
"VendorSeverity": {
"amazon": 1,
"nvd": 2,
"oracle-oval": 1,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
Expand Down Expand Up @@ -149,6 +157,14 @@
"CweIDs": [
"CWE-200"
],
"VendorSeverity": {
"amazon": 1,
"nvd": 2,
"oracle-oval": 1,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
Expand Down
38 changes: 38 additions & 0 deletions integration/testdata/alpine-39.json.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,14 @@
"CweIDs": [
"CWE-330"
],
"VendorSeverity": {
"amazon": 2,
"nvd": 2,
"oracle-oval": 2,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
Expand Down Expand Up @@ -139,6 +147,14 @@
"CweIDs": [
"CWE-200"
],
"VendorSeverity": {
"amazon": 1,
"nvd": 2,
"oracle-oval": 1,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
Expand Down Expand Up @@ -210,6 +226,14 @@
"CweIDs": [
"CWE-330"
],
"VendorSeverity": {
"amazon": 2,
"nvd": 2,
"oracle-oval": 2,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
Expand Down Expand Up @@ -271,6 +295,14 @@
"CweIDs": [
"CWE-200"
],
"VendorSeverity": {
"amazon": 1,
"nvd": 2,
"oracle-oval": 1,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
Expand Down Expand Up @@ -341,6 +373,9 @@
"CweIDs": [
"CWE-787"
],
"VendorSeverity": {
"nvd": 4
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
Expand Down Expand Up @@ -380,6 +415,9 @@
"CweIDs": [
"CWE-787"
],
"VendorSeverity": {
"nvd": 4
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
Expand Down
3 changes: 3 additions & 0 deletions integration/testdata/alpine-distroless.json.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,9 @@
"CweIDs": [
"CWE-427"
],
"VendorSeverity": {
"ubuntu": 2
},
"References": [
"http://www.openwall.com/lists/oss-security/2022/04/12/7",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24765",
Expand Down
9 changes: 9 additions & 0 deletions integration/testdata/amazon-1.json.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,15 @@
"CweIDs": [
"CWE-415"
],
"VendorSeverity": {
"amazon": 2,
"arch-linux": 2,
"nvd": 4,
"oracle-oval": 2,
"photon": 4,
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
Expand Down
18 changes: 18 additions & 0 deletions integration/testdata/amazon-2.json.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,15 @@
"CweIDs": [
"CWE-415"
],
"VendorSeverity": {
"amazon": 2,
"arch-linux": 2,
"nvd": 4,
"oracle-oval": 2,
"photon": 4,
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
Expand Down Expand Up @@ -136,6 +145,15 @@
"CweIDs": [
"CWE-787"
],
"VendorSeverity": {
"amazon": 1,
"arch-linux": 3,
"nvd": 3,
"oracle-oval": 2,
"photon": 3,
"redhat": 1,
"ubuntu": 2
},
"CVSS": {
"nvd": {
"V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
Expand Down
6 changes: 6 additions & 0 deletions integration/testdata/amazonlinux2-gp2-x86-vm.json.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,12 @@
"Title": "bind: memory leak in ECDSA DNSSEC verification code",
"Description": "By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.",
"Severity": "MEDIUM",
"VendorSeverity": {
"arch-linux": 2,
"nvd": 2,
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
Expand Down
6 changes: 6 additions & 0 deletions integration/testdata/busybox-with-lockfile.json.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,9 @@
"CweIDs": [
"CWE-674"
],
"VendorSeverity": {
"nvd": 3
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
Expand Down Expand Up @@ -115,6 +118,9 @@
"CweIDs": [
"CWE-79"
],
"VendorSeverity": {
"nvd": 2
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
Expand Down
16 changes: 16 additions & 0 deletions integration/testdata/centos-6.json.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,14 @@
"CweIDs": [
"CWE-787"
],
"VendorSeverity": {
"amazon": 2,
"arch-linux": 2,
"nvd": 3,
"oracle-oval": 2,
"photon": 3,
"redhat": 2
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
Expand Down Expand Up @@ -139,6 +147,14 @@
"CweIDs": [
"CWE-203"
],
"VendorSeverity": {
"amazon": 2,
"arch-linux": 2,
"nvd": 2,
"oracle-oval": 2,
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
Expand Down
Loading