-
Notifications
You must be signed in to change notification settings - Fork 533
/
display-result.spec.ts.snap
260 lines (190 loc) · 7.77 KB
/
display-result.spec.ts.snap
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
// Jest Snapshot v1, https://goo.gl/fbAQLP
exports[`displayResult Docker test result 1`] = `
"
Testing src...
✗ High severity vulnerability found in musl
Description: Out-of-bounds Write
Info: [URL]
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > musl@1.1.19-r10
Fixed in: 1.1.19-r11
✗ High severity vulnerability found in expat
Description: XML External Entity (XXE) Injection
Info: [URL]
Introduced through: expat@2.2.5-r0, .python-rundeps@0, git@2.18.2-r0
From: expat@2.2.5-r0
From: .python-rundeps@0 > expat@2.2.5-r0
From: git@2.18.2-r0 > expat@2.2.5-r0
Remediation:
Upgrade direct dependency expat@2.2.5-r0 to expat@2.2.7-r0 (triggers upgrades to expat@2.2.7-r0)
Some paths have no direct dependency upgrade that can address this issue.
Fixed in: 2.2.7-r0
✗ High severity vulnerability found in expat
Description: XML External Entity (XXE) Injection
Info: [URL]
Introduced through: expat@2.2.5-r0, .python-rundeps@0, git@2.18.2-r0
From: expat@2.2.5-r0
From: .python-rundeps@0 > expat@2.2.5-r0
From: git@2.18.2-r0 > expat@2.2.5-r0
Remediation:
Upgrade direct dependency expat@2.2.5-r0 to expat@2.2.7-r1 (triggers upgrades to expat@2.2.7-r1)
Some paths have no direct dependency upgrade that can address this issue.
Fixed in: 2.2.7-r1
Organization: gitphill
Package manager: undefined
Docker image: src
Licenses: enabled
Tested 40 dependencies for known issues, found 3 issues.
Tip: Detected multiple supported manifests (3), use --all-projects to scan all of them at once.
Pro tip: use \`--file\` option to get base image remediation advice.
Example: $ snyk test --docker src --file=path/to/Dockerfile
To remove this message in the future, please run \`snyk config set disableSuggestions=true\`"
`;
exports[`displayResult Docker test result with base image name not found warning 1`] = `
"
Testing alpine:latest...
✗ High severity vulnerability found in musl
Description: Out-of-bounds Write
Info: [URL]
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > musl@1.1.19-r10
Fixed in: 1.1.19-r11
Organization: test-organization
Package manager: apk
Target file: Dockerfile
Project name: alpine
Docker image: alpine:latest
Platform: linux/amd64
Licenses: enabled
Tested 40 dependencies for known issues, found 1 issue.
Tip: Detected multiple supported manifests (1), use --all-projects to scan all of them at once.
Warning: Unable to analyse Dockerfile provided through \`--file\`.
Dockerfile must begin with a FROM instruction. This may be after parser directives, comments, and globally scoped ARGs.
Pro tip: use \`--exclude-base-image-vulns\` to exclude from display Docker base image vulnerabilities.
To remove this message in the future, please run \`snyk config set disableSuggestions=true\`"
`;
exports[`displayResult Docker test result with base image non resolvable warning 1`] = `
"
Testing alpine:latest...
✗ High severity vulnerability found in musl
Description: Out-of-bounds Write
Info: [URL]
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > musl@1.1.19-r10
Fixed in: 1.1.19-r11
Organization: test-organization
Package manager: apk
Target file: Dockerfile
Project name: alpine
Docker image: alpine:latest
Platform: linux/amd64
Licenses: enabled
Tested 40 dependencies for known issues, found 1 issue.
Tip: Detected multiple supported manifests (1), use --all-projects to scan all of them at once.
Warning: Unable to analyse Dockerfile provided through \`--file\`.
Dockerfile must have default values for all ARG instructions.
Pro tip: use \`--exclude-base-image-vulns\` to exclude from display Docker base image vulnerabilities.
To remove this message in the future, please run \`snyk config set disableSuggestions=true\`"
`;
exports[`displayResult Pip result with pins 1`] = `
"
Testing src...
Tested 2 dependencies for known issues, found 32 issues, 2 vulnerable paths.
Issues to fix by upgrading dependencies:
Upgrade django@1.6.1 to django@2.2.18 to fix
✗ Content Spoofing [Medium Severity][URL] in django@1.6.1
introduced by:
django@1.6.1
Issues with no direct upgrade or patch:
✗ Directory Traversal [Low Severity][URL] in django@1.6.1
introduced by:
django@1.6.1
This issue was fixed in versions: 2.2.18, 3.0.12, 3.1.6
Organization: lili
Package manager: pip
Target file: requirements.txt
Project name: pip-app
Open source: no
Project path: src
Licenses: enabled
Tip: Try \`snyk fix\` to address these issues.\`snyk fix\` is a new CLI command in that aims to automatically apply the recommended updates for supported ecosystems.
See documentation on how to enable this beta feature: https://support.snyk.io/hc/en-us/articles/4403417279505-Automatic-remediation-with-snyk-fix
Tip: Detected multiple supported manifests (3), use --all-projects to scan all of them at once."
`;
exports[`displayResult with Upgrades & Patches 1`] = `
"
Testing src...
Tested 2 dependencies for known vulnerabilities, found 4 vulnerabilities, 4 vulnerable paths.
Issues to fix by upgrading:
Upgrade qs@0.0.6 to qs@6.0.4 to fix
✗ Prototype Override Protection Bypass [Low Severity (originally High)][URL] in qs@0.0.6
introduced by:
qs@0.0.6
✗ Denial of Service (DoS) [Low Severity (originally High)][URL] in qs@0.0.6
introduced by:
qs@0.0.6
✗ Denial of Service (DoS) [Low Severity (originally Medium)][URL] in qs@0.0.6
introduced by:
qs@0.0.6
Patchable issues:
Patch available for node-uuid@1.4.0
✗ Insecure Randomness [Low Severity (originally Medium)][URL] in node-uuid@1.4.0
introduced by:
node-uuid@1.4.0
Organization: another-org
Package manager: npm
Target file: package-lock.json
Project name: shallow-goof
Open source: no
Project path: src
Tip: Run \`snyk wizard\` to address these issues.
Tip: Detected multiple supported manifests (3), use --all-projects to scan all of them at once."
`;
exports[`displayResult with license issues 1`] = `
"
Testing src...
Tested 3 dependencies for known issues, found 6 issues, 8 vulnerable paths.
Issues to fix by upgrading:
Upgrade rack@1.6.5 to rack@1.6.11 to fix
✗ Cross-site Scripting (XSS) [Medium Severity][URL] in rack@1.6.5
introduced by:
rack@1.6.5
rack-cache@1.1 > rack@1.6.5
rack-protection@1.5.3 > rack@1.6.5
Upgrade rack-cache@1.1 to rack-cache@1.3.0 to fix
✗ Cross-site Scripting (XSS) [Medium Severity][URL] in rack@1.6.5
introduced by:
rack@1.6.5
rack-cache@1.1 > rack@1.6.5
rack-protection@1.5.3 > rack@1.6.5
✗ HTTP Header Caching Weakness [High Severity][URL] in rack-cache@1.1
introduced by:
rack-cache@1.1
Upgrade rack-protection@1.5.3 to rack-protection@2.0.0 to fix
✗ Side-channel attack [Low Severity][URL] in rack-protection@1.5.3
introduced by:
rack-protection@1.5.3
✗ Timing Attack [Medium Severity][URL] in rack-protection@1.5.3
introduced by:
rack-protection@1.5.3
✗ Directory Traversal [Medium Severity][URL] in rack-protection@1.5.3
introduced by:
rack-protection@1.5.3
✗ Cross-site Scripting (XSS) [Medium Severity][URL] in rack@1.6.5
introduced by:
rack@1.6.5
rack-cache@1.1 > rack@1.6.5
rack-protection@1.5.3 > rack@1.6.5
License issues:
✗ Unknown license [High Severity][URL] in rack-cache@1.1
introduced by:
rack-cache@1.1
Legal instructions:
○ for LGPL-3.0 license: I am legal license instruction
Organization: lili2311
Package manager: rubygems
Open source: no
Project path: src
Licenses: enabled
Tip: Detected multiple supported manifests (3), use --all-projects to scan all of them at once."
`;