Skip to content

Commit

Permalink
GoSec mapper impact fix (#5952)
Browse files Browse the repository at this point in the history 
Signed-off-by: Charles Hu <[email protected]>
  • Loading branch information
@charleshu-8
charleshu-8 authored Jul 2, 2024
1 parent 7b33d36 commit 744445a
Show file tree
Hide file tree
Showing 4 changed files with 340 additions and 48 deletions.
258 changes: 258 additions & 0 deletions libs/hdf-converters/sample_jsons/gosec_mapper/gosec-hdf-withraw.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,258 @@
{
"platform": {
"name": "Heimdall Tools",
"release": "2.10.8"
},
"version": "2.10.8",
"statistics": {},
"profiles": [
{
"name": "Gosec scanner",
"title": "gosec",
"version": "dev",
"supports": [],
"attributes": [],
"groups": [],
"status": "loaded",
"controls": [
{
"tags": {
"nist": ["SI-10"],
"cwe": {
"id": "22",
"url": "https://cwe.mitre.org/data/definitions/22.html"
},
"nosec": "",
"suppressions": "",
"confidence": "HIGH"
},
"refs": [],
"source_location": {},
"title": "Potential file inclusion via variable",
"id": "G304",
"desc": "",
"impact": 0.5,
"results": [
{
"status": "failed",
"code_desc": "82: \t\tcase tar.TypeReg:\n83: \t\t\tf, err := os.OpenFile(target, os.O_CREATE|os.O_RDWR, os.FileMode(header.Mode))\n84: \t\t\tif err != nil {\n",
"message": "C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\internal\\file\\tar.go, line:83, column:14",
"start_time": ""
},
{
"status": "failed",
"code_desc": "51: \n52: \ttemplateContents, err := os.ReadFile(expandedPathToTemplateFile)\n53: \tif err != nil {\n",
"message": "C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\grype\\presenter\\template\\presenter.go, line:52, column:27",
"start_time": ""
},
{
"status": "failed",
"code_desc": "95: func isPossibleSBOM(userInput string) bool {\n96: \tf, err := os.Open(userInput)\n97: \tif err != nil {\n",
"message": "C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\grype\\pkg\\syft_sbom_provider.go, line:96, column:12",
"start_time": ""
},
{
"status": "failed",
"code_desc": "86: \n87: \tsbom, err := os.Open(expandedPath)\n88: \tif err != nil {\n",
"message": "C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\grype\\pkg\\syft_sbom_provider.go, line:87, column:15",
"start_time": ""
},
{
"status": "failed",
"code_desc": "18: \tdefault:\n19: \t\treportFile, err := os.OpenFile(path, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0644)\n20: \n",
"message": "C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\cmd\\report_writer.go, line:19, column:22",
"start_time": ""
}
]
},
{
"tags": {
"nist": ["SI-2", "RA-5"],
"cwe": {
"id": "276",
"url": "https://cwe.mitre.org/data/definitions/276.html"
},
"nosec": "",
"suppressions": "",
"confidence": "HIGH"
},
"refs": [],
"source_location": {},
"title": "Expect file permissions to be 0600 or less",
"id": "G302",
"desc": "",
"impact": 0.5,
"results": [
{
"status": "failed",
"code_desc": "18: \tdefault:\n19: \t\treportFile, err := os.OpenFile(path, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0644)\n20: \n",
"message": "C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\cmd\\report_writer.go, line:19, column:22",
"start_time": ""
}
]
},
{
"tags": {
"nist": ["SI-2", "RA-5"],
"cwe": {
"id": "276",
"url": "https://cwe.mitre.org/data/definitions/276.html"
},
"nosec": "",
"suppressions": "",
"confidence": "HIGH"
},
"refs": [],
"source_location": {},
"title": "Expect directory permissions to be 0750 or less",
"id": "G301",
"desc": "",
"impact": 0.5,
"results": [
{
"status": "failed",
"code_desc": "76: \t\t\tif _, err := os.Stat(target); err != nil {\n77: \t\t\t\tif err := os.MkdirAll(target, 0755); err != nil {\n78: \t\t\t\t\treturn fmt.Errorf(\"failed to mkdir (%s): %w\", target, err)\n",
"message": "C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\internal\\file\\tar.go, line:77, column:15",
"start_time": ""
}
]
}
],
"sha256": "9109339ee9544698a40d378e6389f61273596593fa61f3aef97aa1a1cf58261c"
}
],
"passthrough": {
"auxiliary_data": [
{
"name": "Gosec",
"data": {
"Golang errors": {}
}
}
],
"raw": {
"Golang errors": {},
"Issues": [
{
"severity": "MEDIUM",
"confidence": "HIGH",
"cwe": {
"id": "22",
"url": "https://cwe.mitre.org/data/definitions/22.html"
},
"rule_id": "G304",
"details": "Potential file inclusion via variable",
"file": "C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\internal\\file\\tar.go",
"code": "82: \t\tcase tar.TypeReg:\n83: \t\t\tf, err := os.OpenFile(target, os.O_CREATE|os.O_RDWR, os.FileMode(header.Mode))\n84: \t\t\tif err != nil {\n",
"line": "83",
"column": "14",
"nosec": false,
"suppressions": null
},
{
"severity": "MEDIUM",
"confidence": "HIGH",
"cwe": {
"id": "22",
"url": "https://cwe.mitre.org/data/definitions/22.html"
},
"rule_id": "G304",
"details": "Potential file inclusion via variable",
"file": "C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\grype\\presenter\\template\\presenter.go",
"code": "51: \n52: \ttemplateContents, err := os.ReadFile(expandedPathToTemplateFile)\n53: \tif err != nil {\n",
"line": "52",
"column": "27",
"nosec": false,
"suppressions": null
},
{
"severity": "MEDIUM",
"confidence": "HIGH",
"cwe": {
"id": "22",
"url": "https://cwe.mitre.org/data/definitions/22.html"
},
"rule_id": "G304",
"details": "Potential file inclusion via variable",
"file": "C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\grype\\pkg\\syft_sbom_provider.go",
"code": "95: func isPossibleSBOM(userInput string) bool {\n96: \tf, err := os.Open(userInput)\n97: \tif err != nil {\n",
"line": "96",
"column": "12",
"nosec": false,
"suppressions": null
},
{
"severity": "MEDIUM",
"confidence": "HIGH",
"cwe": {
"id": "22",
"url": "https://cwe.mitre.org/data/definitions/22.html"
},
"rule_id": "G304",
"details": "Potential file inclusion via variable",
"file": "C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\grype\\pkg\\syft_sbom_provider.go",
"code": "86: \n87: \tsbom, err := os.Open(expandedPath)\n88: \tif err != nil {\n",
"line": "87",
"column": "15",
"nosec": false,
"suppressions": null
},
{
"severity": "MEDIUM",
"confidence": "HIGH",
"cwe": {
"id": "22",
"url": "https://cwe.mitre.org/data/definitions/22.html"
},
"rule_id": "G304",
"details": "Potential file inclusion via variable",
"file": "C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\cmd\\report_writer.go",
"code": "18: \tdefault:\n19: \t\treportFile, err := os.OpenFile(path, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0644)\n20: \n",
"line": "19",
"column": "22",
"nosec": false,
"suppressions": null
},
{
"severity": "MEDIUM",
"confidence": "HIGH",
"cwe": {
"id": "276",
"url": "https://cwe.mitre.org/data/definitions/276.html"
},
"rule_id": "G302",
"details": "Expect file permissions to be 0600 or less",
"file": "C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\cmd\\report_writer.go",
"code": "18: \tdefault:\n19: \t\treportFile, err := os.OpenFile(path, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0644)\n20: \n",
"line": "19",
"column": "22",
"nosec": false,
"suppressions": null
},
{
"severity": "MEDIUM",
"confidence": "HIGH",
"cwe": {
"id": "276",
"url": "https://cwe.mitre.org/data/definitions/276.html"
},
"rule_id": "G301",
"details": "Expect directory permissions to be 0750 or less",
"file": "C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\internal\\file\\tar.go",
"code": "76: \t\t\tif _, err := os.Stat(target); err != nil {\n77: \t\t\t\tif err := os.MkdirAll(target, 0755); err != nil {\n78: \t\t\t\t\treturn fmt.Errorf(\"failed to mkdir (%s): %w\", target, err)\n",
"line": "77",
"column": "15",
"nosec": false,
"suppressions": null
}
],
"Stats": {
"files": 199,
"lines": 12401,
"nosec": 0,
"found": 7
},
"GosecVersion": "dev"
}
}
}
47 changes: 18 additions & 29 deletions libs/hdf-converters/sample_jsons/gosec_mapper/gosec-hdf.json
View file
Original file line number Diff line number Diff line change
@@ -1,19 +1,9 @@
{
"passthrough": {
"auxiliary_data": [
{
"name": "Gosec",
"data": {
"Golang errors": {}
}
}
]
},
"platform": {
"name": "Heimdall Tools",
"release": "2.6.32"
"release": "2.10.8"
},
"version": "2.6.32",
"version": "2.10.8",
"statistics": {},
"profiles": [
{
Expand All @@ -27,16 +17,13 @@
"controls": [
{
"tags": {
"nist": [
"SI-10"
],
"nist": ["SI-10"],
"cwe": {
"id": "22",
"url": "https://cwe.mitre.org/data/definitions/22.html"
},
"nosec": "",
"suppressions": "",
"severity": "MEDIUM",
"confidence": "HIGH"
},
"refs": [],
Expand Down Expand Up @@ -80,17 +67,13 @@
},
{
"tags": {
"nist": [
"SI-2",
"RA-5"
],
"nist": ["SI-2", "RA-5"],
"cwe": {
"id": "276",
"url": "https://cwe.mitre.org/data/definitions/276.html"
},
"nosec": "",
"suppressions": "",
"severity": "MEDIUM",
"confidence": "HIGH"
},
"refs": [],
Expand All @@ -110,17 +93,13 @@
},
{
"tags": {
"nist": [
"SI-2",
"RA-5"
],
"nist": ["SI-2", "RA-5"],
"cwe": {
"id": "276",
"url": "https://cwe.mitre.org/data/definitions/276.html"
},
"nosec": "",
"suppressions": "",
"severity": "MEDIUM",
"confidence": "HIGH"
},
"refs": [],
Expand All @@ -139,7 +118,17 @@
]
}
],
"sha256": "b849a262dbb19f2c8f950a75c551aa50b97c76967cd092d6ac5585cabe3fbbc4"
"sha256": "9109339ee9544698a40d378e6389f61273596593fa61f3aef97aa1a1cf58261c"
}
]
}
],
"passthrough": {
"auxiliary_data": [
{
"name": "Gosec",
"data": {
"Golang errors": {}
}
}
]
}
}
Loading

0 comments on commit 744445a

Please sign in to comment.