Skip to content

Commit

Permalink
test: Add test for vulnerability_minor pattern [TAROT-2791]
Browse files Browse the repository at this point in the history
  • Loading branch information
@afsmeira
afsmeira committed Sep 2, 2024
1 parent 40acad8 commit 1539afd
Show file tree
Hide file tree
Showing 21 changed files with 704 additions and 0 deletions.
4 changes: 4 additions & 0 deletions docs/multiple-tests/pattern-vulnerability-minor/patterns.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
<?xml version="1.0" encoding="UTF-8"?>
<module name="root">
<module name="vulnerability_minor" />
</module>
125 changes: 125 additions & 0 deletions docs/multiple-tests/pattern-vulnerability-minor/results.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,125 @@
<?xml version="1.0" encoding="utf-8"?>
<checkstyle version="1.5">
<file name="golang/go.mod">
<error
source="vulnerability_minor"
line="7"
message="Insecure dependency github.com/hwameistor/[email protected] (CVE-2024-45054: Hwameistor Potential Permission Leakage of Cluster Level ) (update to 0.14.6)"
severity="info"
/>
</file>

<file name="gradle/gradle.lockfile">
<error
source="vulnerability_minor"
line="1"
message="Insecure dependency org.silverpeas.core:silverpeas-core:6.4.2 (CVE-2024-42850: Silverpeas vulnerable to password complexity rule bypass) (no fix available)"
severity="info"
/>
</file>

<file name="java/pom.xml">
<error
source="vulnerability_minor"
line="14"
message="Insecure dependency org.silverpeas.core:silverpeas-core:6.4.2 (CVE-2024-42850: Silverpeas vulnerable to password complexity rule bypass) (no fix available)"
severity="info"
/>
</file>

<file name="javascript/package-lock.json">
<error
source="vulnerability_minor"
line="26"
message="Insecure dependency [email protected] (CVE-2024-42459: elliptic: nodejs/elliptic: EDDSA signature malleability due to missing signature length check) (update to 6.5.7)"
severity="info"
/>
<error
source="vulnerability_minor"
line="26"
message="Insecure dependency [email protected] (CVE-2024-42460: elliptic: nodejs/elliptic: ECDSA signature malleability due to missing checks) (update to 6.5.7)"
severity="info"
/>
<error
source="vulnerability_minor"
line="26"
message="Insecure dependency [email protected] (CVE-2024-42461: elliptic: nodejs/elliptic: ECDSA implementation malleability due to BER-enconded signatures being allowed) (update to 6.5.7)"
severity="info"
/>
</file>

<file name="javascript/yarn.lock">
<error
source="vulnerability_minor"
line="15"
message="Insecure dependency [email protected] (CVE-2024-42459: elliptic: nodejs/elliptic: EDDSA signature malleability due to missing signature length check) (update to 6.5.7)"
severity="info"
/>
<error
source="vulnerability_minor"
line="15"
message="Insecure dependency [email protected] (CVE-2024-42460: elliptic: nodejs/elliptic: ECDSA signature malleability due to missing checks) (update to 6.5.7)"
severity="info"
/>
<error
source="vulnerability_minor"
line="15"
message="Insecure dependency [email protected] (CVE-2024-42461: elliptic: nodejs/elliptic: ECDSA implementation malleability due to BER-enconded signatures being allowed) (update to 6.5.7)"
severity="info"
/>
</file>

<file name="python/Pipfile.lock">
<error
source="vulnerability_minor"
line="19"
message="Insecure dependency [email protected] (CVE-2024-32152: A blocklist bypass vulnerability exists in the LaTeX functionality of ...) (update to 24.6)"
severity="info"
/>
</file>

<file name="python/requirements.txt">
<error
source="vulnerability_minor"
line="2"
message="Insecure dependency [email protected] (CVE-2024-32152: A blocklist bypass vulnerability exists in the LaTeX functionality of ...) (update to 24.6)"
severity="info"
/>
</file>

<file name="ruby/Gemfile.lock">
<error
source="vulnerability_minor"
line="4"
message="Insecure dependency [email protected] (CVE-2023-47634: Race condition in Endorsements) (update to ~> 0.26.9, >= 0.27.5)"
severity="info"
/>
</file>

<file name="rust/Cargo.lock">
<error
source="vulnerability_minor"
line="1"
message="Insecure dependency [email protected] (CVE-2024-43785: gitoxide-core does not neutralize special characters for terminals) (no fix available)"
severity="info"
/>
</file>

<file name="scala/build.sbt.lock">
<error
source="vulnerability_minor"
line="13"
message="Insecure dependency org.silverpeas.core:silverpeas-core:6.4.2 (CVE-2024-42850: Silverpeas vulnerable to password complexity rule bypass) (no fix available)"
severity="info"
/>
</file>

<file name="swift/Package.resolved">
<error
source="vulnerability_minor"
line="4"
message="Insecure dependency github.com/vapor/[email protected] (CVE-2023-31136: PostgresNIO processes unencrypted bytes from man-in-the-middle) (update to 1.14.2)"
severity="info"
/>
</file>
</checkstyle>
Empty file added docs/multiple-tests/pattern-vulnerability-minor/src/c/conan.lock
View file
Empty file.
Empty file added docs/multiple-tests/pattern-vulnerability-minor/src/csharp/packages.lock.json
View file
Empty file.
Empty file added docs/multiple-tests/pattern-vulnerability-minor/src/csharp/sample.deps.json
View file
Empty file.
Empty file added docs/multiple-tests/pattern-vulnerability-minor/src/elixir/mix.lock
View file
Empty file.
7 changes: 7 additions & 0 deletions docs/multiple-tests/pattern-vulnerability-minor/src/golang/go.mod
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
module example

go 1.21.0

toolchain go1.21.4

require github.com/hwameistor/hwameistor v0.14.5
1 change: 1 addition & 0 deletions docs/multiple-tests/pattern-vulnerability-minor/src/gradle/gradle.lockfile
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
org.silverpeas.core:silverpeas-core:6.4.2
20 changes: 20 additions & 0 deletions docs/multiple-tests/pattern-vulnerability-minor/src/java/pom.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>

<groupId>com.example</groupId>
<artifactId>happy</artifactId>
<version>1.0.0</version>

<name>happy</name>
<description>Example</description>

<dependencies>
<dependency>
<groupId>org.silverpeas.core</groupId>
<artifactId>silverpeas-core</artifactId>
<version>6.4.2</version>
</dependency>
</dependencies>
</project>
81 changes: 81 additions & 0 deletions docs/multiple-tests/pattern-vulnerability-minor/src/javascript/package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 8 additions & 0 deletions docs/multiple-tests/pattern-vulnerability-minor/src/javascript/package.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
{
"name": "node-js-sample",
"version": "0.2.0",
"main": "index.js",
"dependencies": {
"elliptic": "6.5.6"
}
}
58 changes: 58 additions & 0 deletions docs/multiple-tests/pattern-vulnerability-minor/src/javascript/yarn.lock
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
# yarn lockfile v1


bn.js@^4.11.9:
version "4.12.0"
resolved "https://registry.npmjs.org/bn.js/-/bn.js-4.12.0.tgz"
integrity sha512-c98Bf3tPniI+scsdk237ku1Dc3ujXQTSgyiPUDEOe7tRkhrqridvh8klBv0HCEso1OLOYcHuCv/cS6DNxKH+ZA==

brorand@^1.1.0:
version "1.1.0"
resolved "https://registry.npmjs.org/brorand/-/brorand-1.1.0.tgz"
integrity sha512-cKV8tMCEpQs4hK/ik71d6LrPOnpkpGBR0wzxqr68g2m/LB2GxVYQroAjMJZRVM1Y4BCjCKc3vAamxSzOY2RP+w==

[email protected]:
version "6.5.6"
resolved "https://registry.npmjs.org/elliptic/-/elliptic-6.5.6.tgz"
integrity sha512-mpzdtpeCLuS3BmE3pO3Cpp5bbjlOPY2Q0PgoF+Od1XZrHLYI28Xe3ossCmYCQt11FQKEYd9+PF8jymTvtWJSHQ==
dependencies:
bn.js "^4.11.9"
brorand "^1.1.0"
hash.js "^1.0.0"
hmac-drbg "^1.0.1"
inherits "^2.0.4"
minimalistic-assert "^1.0.1"
minimalistic-crypto-utils "^1.0.1"

hash.js@^1.0.0, hash.js@^1.0.3:
version "1.1.7"
resolved "https://registry.npmjs.org/hash.js/-/hash.js-1.1.7.tgz"
integrity sha512-taOaskGt4z4SOANNseOviYDvjEJinIkRgmp7LbKP2YTTmVxWBl87s/uzK9r+44BclBSp2X7K1hqeNfz9JbBeXA==
dependencies:
inherits "^2.0.3"
minimalistic-assert "^1.0.1"

hmac-drbg@^1.0.1:
version "1.0.1"
resolved "https://registry.npmjs.org/hmac-drbg/-/hmac-drbg-1.0.1.tgz"
integrity sha512-Tti3gMqLdZfhOQY1Mzf/AanLiqh1WTiJgEj26ZuYQ9fbkLomzGchCws4FyrSd4VkpBfiNhaE1On+lOz894jvXg==
dependencies:
hash.js "^1.0.3"
minimalistic-assert "^1.0.0"
minimalistic-crypto-utils "^1.0.1"

inherits@^2.0.3, inherits@^2.0.4:
version "2.0.4"
resolved "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz"
integrity sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==

minimalistic-assert@^1.0.0, minimalistic-assert@^1.0.1:
version "1.0.1"
resolved "https://registry.npmjs.org/minimalistic-assert/-/minimalistic-assert-1.0.1.tgz"
integrity sha512-UtJcAD4yEaGtjPezWuO9wC4nwUnVH/8/Im3yEHQP4b67cXlD/Qr9hdITCU1xDbSEXg2XKNaP8jsReV7vQd00/A==

minimalistic-crypto-utils@^1.0.1:
version "1.0.1"
resolved "https://registry.npmjs.org/minimalistic-crypto-utils/-/minimalistic-crypto-utils-1.0.1.tgz"
integrity sha512-JIYlbt6g8i5jKfJ3xz7rF0LXmv2TkDxBLUkiBeZ7bAx4GnnNMr8xFpGnOxn6GhTEHx3SjRrZEoU+j04prX1ktg==
Empty file added docs/multiple-tests/pattern-vulnerability-minor/src/php/composer.lock
View file
Empty file.
12 changes: 12 additions & 0 deletions docs/multiple-tests/pattern-vulnerability-minor/src/python/Pipfile
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
[[source]]
url = "https://pypi.org/simple"
verify_ssl = true
name = "pypi"

[packages]
anki = "==v23.12.1"

[dev-packages]

[requires]
python_version = "3.11"
Loading

0 comments on commit 1539afd

Please sign in to comment.