diff --git a/.gitignore b/.gitignore index f889bfb8c..8d79fa9b0 100644 --- a/.gitignore +++ b/.gitignore @@ -1,9 +1,23 @@ +# General site **/merge.log -.kaybee */cpu.prof *.pyc *git-cache* +*.log +*.log.* +**/cov_html +.coverage +similarities.csv + +# Virtual environment +**/.venv/ + +# VSCode Settings +**/.vscode/ + +# Regarding KB +.kaybee kaybee/internal/repository/profile001.pdf kaybee/internal/repository/repository.test kaybee/internal/tasks/.kaybee @@ -12,10 +26,9 @@ kaybee/internal/tasks/profile001.pdf kaybee/internal/tasks/tasks.test kaybee/internal/repository/cpu.prof kaybee/kaybee.code-workspace -.vscode/launch.json -.vscode/task.code-snippets kaybee/coverage.out kaybee/kaybee +kaybee/internal/reconcile/debug.test kaybee/internal/.kaybee/**/* kaybee/dist/** kaybee/kaybeeconf.yaml @@ -25,9 +38,9 @@ kaybee/steady.sh kaybee/kaybeeconf-custom.yaml kaybee/kaybee-new-statements kaybee/pkged.go -*.log -*.log.* kaybeeconf.yaml + +# Regarding Prospector prospector/.env prospector/workspace.code-workspace prospector/disabled_tests/skip_test-commits.db @@ -35,40 +48,19 @@ prospector/disabled_tests/skip_test-vulnerabilities.db prospector/tracer_dataset_final_2 prospector/results prospector/*.py -prospector/.vscode/launch.json -prospector/.vscode/settings.json prospector/install_fastext.sh -prospector/nvd.ipynb -prospector/data/nvd.pkl -prospector/data/nvd.csv -prospector/data_sources/reports -.vscode/settings.json prospector/cov_html/* -prospector/client/cli/cov_html/* prospector/config.yaml -prospector/client/web/node-app/node_modules prospector/.coverage.* prospector/.coverage -**/cov_html prospector/cov_html -.coverage -prospector/.venv prospector/prospector.code-workspace prospector/requests-cache.sqlite prospector/prospector-report.html prospector/test_report.html prospector/test_report.json prospector/.idea/* -similarities.csv prospector/*.html prospector/*.json -requests-cache.sqlite -prospector/output.png -prospector/output.pstats -prospector/kaybee-new-statements -prospector/run.sh -prospector/cve_data prospector/evaluation -.DS_Store -kaybee/internal/reconcile/debug.test -prospector/client/web/node-app/build +.DS_Store \ No newline at end of file diff --git a/prospector/pipeline/reports/CVE-2019-16572_5806f368-d4f2-44cb-84ba-c5513bb9c3de.html b/prospector/pipeline/reports/CVE-2019-16572_5806f368-d4f2-44cb-84ba-c5513bb9c3de.html deleted file mode 100644 index 979fd8aba..000000000 --- a/prospector/pipeline/reports/CVE-2019-16572_5806f368-d4f2-44cb-84ba-c5513bb9c3de.html +++ /dev/null @@ -1,300 +0,0 @@ - - - -
- - - - - - - - - - - -Jenkins Weibo Plugin 1.0.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
- - - -- -
- Use the slider to filter out lower relevance scores and the button to collapse or expand all the commits. -
- -Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. - -Solr Streaming Expressions allows users to extract data from other Solr Clouds, using a "zkHost" parameter. -When original SolrCloud is setup to use ZooKeeper credentials and ACLs, they will be sent to whatever "zkHost" the user provides. -An attacker could setup a server to mock ZooKeeper, that accepts ZooKeeper requests with credentials and ACLs and extracts the sensitive information, -then send a streaming expression using the mock server's address in "zkHost". -Streaming Expressions are exposed via the "/streaming" handler, with "read" permissions. - -Users are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue. -From these versions on, only zkHost values that have the same server address (regardless of chroot), will use the given ZooKeeper credentials and ACLs when connecting. - -
- - --
- -
A missing permission check in an HTTP endpoint in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions.
- - --
- -
- Use the slider to filter out lower relevance scores and the button to collapse or expand all the commits. -
- -Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
- - --
- -
- Use the slider to filter out lower relevance scores and the button to collapse or expand all the commits. -
- -Mattermost versions 9.5.x <= 9.5.7 and 9.10.x <= 9.10.0 fail to time limit and size limit the CA path file in the ElasticSearch configuration which allows a System Role with access to the Elasticsearch system console to add any file as a CA path field, such as /dev/zero and, after testing the connection, cause the application to crash.
- - --
- -
- Use the slider to filter out lower relevance scores and the button to collapse or expand all the commits. -
- -CKAN is an open-source data management system for powering data hubs and data portals. If there were connection issues with the Solr server, the internal Solr URL (potentially including credentials) could be leaked to package_search calls as part of the returned error message. This has been patched in CKAN 2.10.5 and 2.11.0.
- - --
- -