-
Notifications
You must be signed in to change notification settings - Fork 75
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
20aad05
commit 1417b2d
Showing
16 changed files
with
110,984 additions
and
0 deletions.
There are no files selected for viewing
300 changes: 300 additions & 0 deletions
300
prospector/pipeline/reports/CVE-2019-16572_5806f368-d4f2-44cb-84ba-c5513bb9c3de.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,300 @@ | ||
<!doctype html> | ||
<html lang="en" style="height: 100%"> | ||
|
||
<head> | ||
<!-- Required meta tags --> | ||
<meta charset="utf-8"> | ||
<meta name="viewport" content="width=device-width, initial-scale=1"> | ||
|
||
<!-- Bootstrap CSS --> | ||
<link href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css" rel="stylesheet" | ||
integrity="sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC" crossorigin="anonymous"> | ||
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/[email protected]/font/bootstrap-icons.css"> | ||
<script src="https://use.fontawesome.com/releases/v5.15.3/js/all.js" type="application/javascript"></script> | ||
|
||
<style> | ||
a:hover { | ||
color: inherit; | ||
} | ||
|
||
h5.card-title { | ||
margin-top: 1em; | ||
} | ||
|
||
ul.statistics-list { | ||
margin-left: 0; | ||
padding-left: 0; | ||
list-style-position: outside; | ||
list-style-type: none; | ||
} | ||
|
||
ul.statistics-list li { | ||
margin-left: 1em; | ||
padding-left: 0; | ||
} | ||
|
||
.popuptext { | ||
visibility: hidden; | ||
} | ||
|
||
.show { | ||
visibility: visible; | ||
} | ||
</style> | ||
|
||
<title>Prospector Report</title> | ||
</head> | ||
|
||
<body style="height: 100%"> | ||
|
||
<div class="container-fluid h-100"> | ||
<div class="row h-100"> | ||
<div class="col-3 h-100 overflow-scroll bg-light bg-gradient border border-secondary"> | ||
|
||
|
||
|
||
<div class="advisory-record" style="margin-top: 3ex"> | ||
<h3>Advisory Record</h3> | ||
<a href="https://nvd.nist.gov/vuln/detail/CVE-2019-16572" target="_blank"><b id="cve_id">CVE-2019-16572</b></a><br /> | ||
<p class="text-justify">Jenkins Weibo Plugin 1.0.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.</p> | ||
|
||
|
||
|
||
<h5>Other relevant keywords</h5> | ||
<p style="margin: 10pt"> | ||
|
||
<li class="list-group-item">access</li> | ||
|
||
|
||
<li class="list-group-item">configuration</li> | ||
|
||
|
||
<li class="list-group-item">credential</li> | ||
|
||
|
||
<li class="list-group-item">file</li> | ||
|
||
|
||
<li class="list-group-item">jenkins</li> | ||
|
||
|
||
<li class="list-group-item">master</li> | ||
|
||
|
||
<li class="list-group-item">plugin</li> | ||
|
||
|
||
<li class="list-group-item">store</li> | ||
|
||
|
||
<li class="list-group-item">system</li> | ||
|
||
|
||
<li class="list-group-item">user</li> | ||
|
||
|
||
<li class="list-group-item">view</li> | ||
|
||
|
||
<li class="list-group-item">weibo</li> | ||
|
||
|
||
</p> | ||
|
||
</div> | ||
|
||
<button class="btn btn-primary" type="button" data-bs-toggle="offcanvas" data-bs-target="#offcanvasExample" | ||
aria-controls="offcanvasExample"> | ||
Show exec. stats | ||
</button> | ||
|
||
<div class="offcanvas offcanvas-start" tabindex="-1" id="offcanvasExample" aria-labelledby="offcanvasExampleLabel"> | ||
<div class="offcanvas-header"> | ||
<h5 class="offcanvas-title" id="offcanvasExampleLabel">Execution Statistics</h5> | ||
<button type="button" class="btn-close text-reset" data-bs-dismiss="offcanvas" aria-label="Close"></button> | ||
</div> | ||
<div class="offcanvas-body"> | ||
<ul class="statistics-list"><li><i class="fas fa-sitemap"></i> <strong>core</strong> <ul class="statistics-list"><li><i class="fas fa-sitemap"></i> <strong>retrieval of commit candidates</strong> <ul class="statistics-list"><li><i class="fas fa-hourglass-half"></i> <strong>execution time</strong> = 0.002072 seconds</li></ul></li><li><i class="fas fa-sitemap"></i> <strong>git</strong> <ul class="statistics-list"><li><i class="fas fa-sitemap"></i> <strong>git</strong> <ul class="statistics-list"><li><i class="fas fa-sitemap"></i> <strong>Git</strong> <ul class="statistics-list"><li><i class="fas fa-sitemap"></i> <strong>create_commits</strong> <ul class="statistics-list"><li><i class="fas fa-hourglass-half"></i> <strong>execution time</strong> is a list of numbers<ul class="statistics-list property-list"><li class="property">average = 0.0009302739053964615 seconds</li><li class="property">deviation = 0.001300225008205017 seconds</li><li class="property">median = 0.0009302739053964615 seconds</li><li class="property">count = 2</li><li class="property">sum = 0.001860547810792923 seconds</li></ul></li></ul></li></ul></li></ul></li></ul></li><li><i class="fas fa-info-circle"></i> <strong>candidates</strong> = 0 commits</li><li><i class="fas fa-sitemap"></i> <strong>commit preprocessing</strong> <ul class="statistics-list"><li><i class="fas fa-hourglass-half"></i> <strong>execution time</strong> = 0.0001336 seconds</li></ul></li><li><i class="fas fa-sitemap"></i> <strong>candidates analysis</strong> <ul class="statistics-list"><li><i class="fas fa-hourglass-half"></i> <strong>execution time</strong> = 0.02646 seconds</li></ul></li><li><i class="fas fa-hourglass-half"></i> <strong>execution time</strong> = 1.808 seconds</li></ul></li><li><i class="fas fa-sitemap"></i> <strong>rules</strong> <ul class="statistics-list"><li><i class="fas fa-info-circle"></i> <strong>active</strong> = 17 rules</li><li><i class="fas fa-info-circle"></i> <strong>matches</strong> = 0 matches</li></ul></li><li><i class="fas fa-sitemap"></i> <strong>LLM</strong> <ul class="statistics-list"><li><i class="fas fa-sitemap"></i> <strong>repository_url</strong> <ul class="statistics-list"><li><i class="fas fa-hourglass-half"></i> <strong>execution time</strong> = 1.429 seconds</li></ul></li></ul></li></ul> | ||
</div> | ||
</div> | ||
|
||
</div> | ||
|
||
<div class="col h-100 overflow-scroll"> | ||
<div class="container"> | ||
<div class="row"> | ||
<div class="col"> | ||
<h1>Prospector Report</h1> | ||
</div> | ||
<div class="col col-auto align-self-end mb-2"> | ||
<span class="popuptext" id="copy-popup">Copied!</span> | ||
<a target="_blank" class="btn btn-primary btn-sm" id="clipboardCopyButton">Copy | ||
to clipboard</a> | ||
<a target="_blank" class="btn btn-primary btn-sm" id="downloadYamlButton">Download | ||
as YAML statement</a> | ||
</div> | ||
|
||
</div> | ||
<div id="col accordion"> | ||
|
||
</div> | ||
</div> | ||
</div> | ||
</div> | ||
</div> | ||
|
||
<script type="text/javascript"> | ||
buttons = document.getElementsByClassName("selector"); | ||
|
||
function toggle(selector) { | ||
if (selector.classList.contains("btn-primary")) { | ||
selector.classList.replace("btn-primary", "btn-outline-primary"); | ||
} else { | ||
selector.classList.replace("btn-outline-primary", "btn-primary"); | ||
} | ||
} | ||
|
||
|
||
function showFromRelevance(relevance) { | ||
let commit_cards = document.getElementsByClassName('commit'); | ||
relevanceRangeOutput = document.getElementById("relevanceRangeOutput"); | ||
relevanceRangeOutput.innerHTML = relevance; | ||
for (let card of commit_cards) { | ||
if (parseInt(card.dataset.relevances) >= parseInt(relevance)) { | ||
card.classList.replace('d-none', 'd-flex') | ||
} else { | ||
card.classList.replace('d-flex', 'd-none') | ||
} | ||
} | ||
} | ||
relevanceRange = document.getElementById("relevanceRange"); | ||
relevanceRange.oninput = function () { | ||
showFromRelevance(this.value); | ||
|
||
} | ||
max = parseInt(document.getElementsByClassName('commit')[0].dataset.relevances); | ||
relevanceRange.max = max; | ||
relevanceRange.value = max; | ||
showFromRelevance(max); | ||
|
||
function selectCard() { | ||
let hdr = event.target.closest("div.card-header") | ||
if (hdr.classList.contains('bg-success')) { | ||
hdr.classList.remove('bg-success') | ||
} else { | ||
hdr.classList.add('bg-success') | ||
} | ||
} | ||
|
||
function exportToYaml() { | ||
let list = document.querySelectorAll(".card-header.bg-success") | ||
if (list.length == 0) { | ||
return "" | ||
} | ||
|
||
let cve_id = document.getElementById("cve_id").textContent | ||
let out = `vulnerability_id: ${cve_id}\nfixes:\n` | ||
|
||
for (let i = 0; i < list.length; i++) { | ||
let [repo_url, commit_id] = list[i].closest('.card').querySelector('#repository_url').href.split('/commit/') | ||
let main_tag = list[i].closest('.card').querySelector('#mainCommitTag').textContent.split(":")[1].trim() | ||
out += `- id: ${main_tag}\n commits:\n - id: ${commit_id}\n repository: ${repo_url}\n` | ||
let twins = list[i].closest('.card').querySelectorAll('#commitTwinsList') | ||
for (let twin of twins) { | ||
let twin_tag = twin.querySelector('#twinCommitTag').textContent.split(":")[0].trim() | ||
let [twin_url, twin_id] = twin.querySelector('#twinCommitId').href.split("/commit/") | ||
out += `- id: ${twin_tag}\n commits:\n - id: ${twin_id}\n repository: ${twin_url}\n` | ||
} | ||
} | ||
|
||
return out | ||
} | ||
|
||
function copyToClipboard() { | ||
let text = exportToYaml() | ||
try { | ||
navigator.clipboard.writeText(text) | ||
document.getElementById("copy-popup").classList.toggle("show") | ||
setTimeout(() => { | ||
document.getElementById("copy-popup").classList.toggle("show") | ||
}, 1000) | ||
} catch (err) { | ||
console.log('Something went wrong', err); | ||
} | ||
} | ||
|
||
function downloadAsFile() { | ||
let text = exportToYaml() | ||
if (text == "") { | ||
return | ||
} | ||
var element = document.createElement('a'); | ||
element.setAttribute('href', 'data:text/plain;charset=utf-8,' + encodeURIComponent(text)); | ||
element.setAttribute('download', "statement.yaml"); | ||
|
||
element.style.display = 'none'; | ||
document.body.appendChild(element); | ||
|
||
element.click(); | ||
|
||
document.body.removeChild(element); | ||
} | ||
|
||
let copyButton = document.getElementById("clipboardCopyButton") | ||
copyButton.addEventListener("click", copyToClipboard) | ||
|
||
let downloadButton = document.getElementById("downloadYamlButton") | ||
downloadButton.addEventListener("click", downloadAsFile) | ||
|
||
|
||
</script> | ||
<script type="application/javascript"> | ||
function toggle_collapse_all(selector) { | ||
|
||
if (selector.classList.contains("btn-primary")) { | ||
selector.classList.replace("btn-primary", "btn-outline-primary"); | ||
selector.innerHTML = 'Collapse all'; | ||
collapseAll(true) | ||
|
||
} else { | ||
selector.classList.replace("btn-outline-primary", "btn-primary"); | ||
selector.innerHTML = 'Expand all'; | ||
collapseAll(false) | ||
} | ||
|
||
// for (let card of commit_cards) { | ||
// let card_body = card.getElementsByClassName('collapse').item(0); | ||
// if (selector.innerHTML == 'Expand All') { | ||
// card_body.classList.replace('hide', 'show'); | ||
// } else { | ||
// card_body.classList.replace('show', 'hide'); | ||
// } | ||
// } | ||
// console.log("toggle collapse all") | ||
} | ||
|
||
function collapseAll(show) { | ||
let commit_cards = document.getElementsByClassName('commit'); | ||
for (let card of commit_cards) { | ||
let card_body = card.getElementsByClassName('collapse').item(0); | ||
if (show) { | ||
card_body.classList.replace('hide', 'show'); | ||
} else { | ||
card_body.classList.replace('show', 'hide'); | ||
} | ||
} | ||
} | ||
|
||
collapse_all_button = document.getElementById('collapse_all_toggle'); | ||
collapse_all_button.addEventListener('click', function () { toggle_collapse_all(collapse_all_button); }) | ||
|
||
</script> | ||
|
||
|
||
<!-- Bootstrap Bundle with Popper --> | ||
<script src="https://cdn.jsdelivr.net/npm/[email protected]/dist/js/bootstrap.bundle.min.js" | ||
integrity="sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM" | ||
crossorigin="anonymous"></script> | ||
</body> | ||
|
||
</html> |
Oops, something went wrong.