Skip to content

Commit

Permalink
refactor(vuln): don't remove VendorSeverity in JSON report (#5761)
Browse files Browse the repository at this point in the history
  • Loading branch information
@DmitriyLewen
DmitriyLewen committed Dec 12, 2023
1 parent be5a550 commit 9b4bced
Show file tree
Hide file tree
Showing 58 changed files with 742 additions and 29 deletions.
12 changes: 12 additions & 0 deletions integration/testdata/almalinux-8.json.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,18 @@
"CweIDs": [
"CWE-125"
],
"VendorSeverity": {
"alma": 2,
"amazon": 2,
"arch-linux": 3,
"cbl-mariner": 3,
"nvd": 3,
"oracle-oval": 2,
"photon": 3,
"redhat": 2,
"rocky": 2,
"ubuntu": 2
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
Expand Down
32 changes: 32 additions & 0 deletions integration/testdata/alpine-310-registry.json.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,14 @@
"CweIDs": [
"CWE-330"
],
"VendorSeverity": {
"amazon": 2,
"nvd": 2,
"oracle-oval": 2,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
Expand Down Expand Up @@ -145,6 +153,14 @@
"CweIDs": [
"CWE-200"
],
"VendorSeverity": {
"amazon": 1,
"nvd": 2,
"oracle-oval": 1,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
Expand Down Expand Up @@ -216,6 +232,14 @@
"CweIDs": [
"CWE-330"
],
"VendorSeverity": {
"amazon": 2,
"nvd": 2,
"oracle-oval": 2,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
Expand Down Expand Up @@ -277,6 +301,14 @@
"CweIDs": [
"CWE-200"
],
"VendorSeverity": {
"amazon": 1,
"nvd": 2,
"oracle-oval": 1,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
Expand Down
32 changes: 32 additions & 0 deletions integration/testdata/alpine-310.json.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,14 @@
"CweIDs": [
"CWE-330"
],
"VendorSeverity": {
"amazon": 2,
"nvd": 2,
"oracle-oval": 2,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
Expand Down Expand Up @@ -139,6 +147,14 @@
"CweIDs": [
"CWE-200"
],
"VendorSeverity": {
"amazon": 1,
"nvd": 2,
"oracle-oval": 1,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
Expand Down Expand Up @@ -210,6 +226,14 @@
"CweIDs": [
"CWE-330"
],
"VendorSeverity": {
"amazon": 2,
"nvd": 2,
"oracle-oval": 2,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
Expand Down Expand Up @@ -271,6 +295,14 @@
"CweIDs": [
"CWE-200"
],
"VendorSeverity": {
"amazon": 1,
"nvd": 2,
"oracle-oval": 1,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
Expand Down
6 changes: 6 additions & 0 deletions integration/testdata/alpine-39-high-critical.json.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,9 @@
"CweIDs": [
"CWE-787"
],
"VendorSeverity": {
"nvd": 4
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
Expand Down Expand Up @@ -116,6 +119,9 @@
"CweIDs": [
"CWE-787"
],
"VendorSeverity": {
"nvd": 4
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
Expand Down
16 changes: 16 additions & 0 deletions integration/testdata/alpine-39-ignore-cveids.json.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,14 @@
"CweIDs": [
"CWE-200"
],
"VendorSeverity": {
"amazon": 1,
"nvd": 2,
"oracle-oval": 1,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
Expand Down Expand Up @@ -149,6 +157,14 @@
"CweIDs": [
"CWE-200"
],
"VendorSeverity": {
"amazon": 1,
"nvd": 2,
"oracle-oval": 1,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
Expand Down
38 changes: 38 additions & 0 deletions integration/testdata/alpine-39.json.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,14 @@
"CweIDs": [
"CWE-330"
],
"VendorSeverity": {
"amazon": 2,
"nvd": 2,
"oracle-oval": 2,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
Expand Down Expand Up @@ -139,6 +147,14 @@
"CweIDs": [
"CWE-200"
],
"VendorSeverity": {
"amazon": 1,
"nvd": 2,
"oracle-oval": 1,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
Expand Down Expand Up @@ -210,6 +226,14 @@
"CweIDs": [
"CWE-330"
],
"VendorSeverity": {
"amazon": 2,
"nvd": 2,
"oracle-oval": 2,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
Expand Down Expand Up @@ -271,6 +295,14 @@
"CweIDs": [
"CWE-200"
],
"VendorSeverity": {
"amazon": 1,
"nvd": 2,
"oracle-oval": 1,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
Expand Down Expand Up @@ -341,6 +373,9 @@
"CweIDs": [
"CWE-787"
],
"VendorSeverity": {
"nvd": 4
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
Expand Down Expand Up @@ -380,6 +415,9 @@
"CweIDs": [
"CWE-787"
],
"VendorSeverity": {
"nvd": 4
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
Expand Down
3 changes: 3 additions & 0 deletions integration/testdata/alpine-distroless.json.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,9 @@
"CweIDs": [
"CWE-427"
],
"VendorSeverity": {
"ubuntu": 2
},
"References": [
"http://www.openwall.com/lists/oss-security/2022/04/12/7",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24765",
Expand Down
9 changes: 9 additions & 0 deletions integration/testdata/amazon-1.json.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,15 @@
"CweIDs": [
"CWE-415"
],
"VendorSeverity": {
"amazon": 2,
"arch-linux": 2,
"nvd": 4,
"oracle-oval": 2,
"photon": 4,
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
Expand Down
18 changes: 18 additions & 0 deletions integration/testdata/amazon-2.json.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,15 @@
"CweIDs": [
"CWE-415"
],
"VendorSeverity": {
"amazon": 2,
"arch-linux": 2,
"nvd": 4,
"oracle-oval": 2,
"photon": 4,
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
Expand Down Expand Up @@ -136,6 +145,15 @@
"CweIDs": [
"CWE-787"
],
"VendorSeverity": {
"amazon": 1,
"arch-linux": 3,
"nvd": 3,
"oracle-oval": 2,
"photon": 3,
"redhat": 1,
"ubuntu": 2
},
"CVSS": {
"nvd": {
"V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
Expand Down
6 changes: 6 additions & 0 deletions integration/testdata/amazonlinux2-gp2-x86-vm.json.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,12 @@
"Title": "bind: memory leak in ECDSA DNSSEC verification code",
"Description": "By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.",
"Severity": "MEDIUM",
"VendorSeverity": {
"arch-linux": 2,
"nvd": 2,
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
Expand Down
6 changes: 6 additions & 0 deletions integration/testdata/busybox-with-lockfile.json.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,9 @@
"CweIDs": [
"CWE-674"
],
"VendorSeverity": {
"nvd": 3
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
Expand Down Expand Up @@ -115,6 +118,9 @@
"CweIDs": [
"CWE-79"
],
"VendorSeverity": {
"nvd": 2
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
Expand Down
16 changes: 16 additions & 0 deletions integration/testdata/centos-6.json.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,14 @@
"CweIDs": [
"CWE-787"
],
"VendorSeverity": {
"amazon": 2,
"arch-linux": 2,
"nvd": 3,
"oracle-oval": 2,
"photon": 3,
"redhat": 2
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
Expand Down Expand Up @@ -139,6 +147,14 @@
"CweIDs": [
"CWE-203"
],
"VendorSeverity": {
"amazon": 2,
"arch-linux": 2,
"nvd": 2,
"oracle-oval": 2,
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
Expand Down

0 comments on commit 9b4bced

Please sign in to comment.