jenkins/sap-jenkins-library
1
0
Fork 0
mirror of https://github.com/SAP/jenkins-library.git synced 2024-12-16 11:09:33 +02:00
Code Issues Releases Activity
ed7f4831fb
sap-jenkins-library/pkg/protecode/testdata/protecode_result_no_violations.json

1 line
31 KiB
JSON
Raw Normal View History

Protecode as GoLang (#1119) * Protecode as go implementation Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com> Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2020-02-06 17:16:34 +02:00
{"meta": {"code": 200}, "results": {"components": [{"extended-objects": [{"confidence": 0.6100244498777506, "sha1": "1f774a90da1d4d8734c4bda586f8a8c7f23c4952", "name": "busybox", "timestamp": 1513075346, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["tini_mini.tar", "498654318d0999ce36c7b90901ed8bd8cb63d86837cb101ea1ec9bb092f44e59/layer.tar", "bin/busybox"], "type": "native"}], "objects": ["busybox"], "version": "1.27.2-r7", "lib": "busybox", "distro_version": "1.27.2-r7", "distro": "alpine", "latest_version": null, "vuln-count": {"total": 12, "exact": 0, "historical": 12}, "vulns": [{"vuln": {"cve": "CVE-2017-15873", "summary": "The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation.", "cvss": 4.3, "published": "2017-10-24T20:29:00", "modified": "2017-10-31T21:49:10", "published-epoch": "1508876940", "modified-epoch": "1509486550", "cwe": "CWE-190", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-10-29T23:04:34", "cvss_created-epoch": "1509318274", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cvss3_score": "5.5"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2017-15874", "summary": "archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an Integer Underflow that leads to a read access violation.", "cvss": 4.3, "published": "2017-10-24T20:29:00", "modified": "2017-10-31T21:48:48", "published-epoch": "1508876940", "modified-epoch": "1509486528", "cwe": "CWE-191", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "MEDIUM", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "NONE", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-10-29T23:10:36", "cvss_created-epoch": "1509318636", "cvss2_vector": "AV:N/AC:M/Au:N:/C:N/I:N/A:P", "cvss3_vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cvss3_score": "5.5"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2017-16544", "summary": "In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.", "cvss": 6.5, "published": "2017-11-20T15:29:00", "modified": "2017-12-08T15:42:37", "published-epoch": "1511191740", "modified-epoch": "1512747757", "cwe": "CWE-94", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "SINGLE_INSTANCE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2017-12-06T13:55:21", "cvss_created-epoch": "1512568521", "cvss2_vector": "AV:N/AC:L/Au:S:/C:P/I:P/A:P", "cvss3_vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3_score": "8.8"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2011-2716", "summary": "The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in the (1) HOST_NAME, (2) DOMAIN_NAME, (3) NIS_DOMAIN, and (4) TFTP_SERVER_NAME host name options.", "cvss": 6.8, "published": "2012-07-03
Reference in New Issue Copy Permalink