diff --git a/ee/spec/factories/ci/job_artifacts.rb b/ee/spec/factories/ci/job_artifacts.rb
index 6ae8010cb41bdc8287fd49750d5953c5bfb0dea4..36f17eb3937a665946eed7383fe4f837bc13f8db 100644
--- a/ee/spec/factories/ci/job_artifacts.rb
+++ b/ee/spec/factories/ci/job_artifacts.rb
@@ -118,7 +118,7 @@
after(:build) do |artifact, _|
artifact.file = fixture_file_upload(
- Rails.root.join('ee/spec/fixtures/security-reports/feature-branch/gl-dependency-scanning-report.json'), 'application/json')
+ Rails.root.join('ee/spec/fixtures/security_reports/feature-branch/gl-dependency-scanning-report.json'), 'application/json')
end
end
@@ -148,7 +148,7 @@
after(:build) do |artifact, _|
artifact.file = fixture_file_upload(
- Rails.root.join('spec/fixtures/security-reports/feature-branch/gl-container-scanning-report.json'), 'application/json')
+ Rails.root.join('ee/spec/fixtures/security_reports/feature-branch/gl-container-scanning-report.json'), 'application/json')
end
end
diff --git a/ee/spec/fixtures/security-reports/feature-branch/gl-dependency-scanning-report.json b/ee/spec/fixtures/security-reports/feature-branch/gl-dependency-scanning-report.json
deleted file mode 100644
index ff452b6b59222ab75c09a698f99236e146b7bfb6..0000000000000000000000000000000000000000
--- a/ee/spec/fixtures/security-reports/feature-branch/gl-dependency-scanning-report.json
+++ /dev/null
@@ -1,170 +0,0 @@
-{
- "version": "1.3",
- "vulnerabilities": [
- {
- "category": "dependency_scanning",
- "name": "io.netty/netty - CVE-2014-3488",
- "message": "DoS by CPU exhaustion when using malicious SSL packets",
- "cve": "app/pom.xml:io.netty/netty@3.9.1.Final:CVE-2014-3488",
- "severity": "Unknown",
- "solution": "Upgrade to the latest version",
- "scanner": {
- "id": "gemnasium",
- "name": "Gemnasium"
- },
- "location": {
- "file": "app/pom.xml",
- "dependency": {
- "package": {
- "name": "io.netty/netty"
- },
- "version": "3.9.1.Final"
- }
- },
- "identifiers": [
- {
- "type": "gemnasium",
- "name": "Gemnasium-d1bf36d9-9f07-46cd-9cfc-8675338ada8f",
- "value": "d1bf36d9-9f07-46cd-9cfc-8675338ada8f",
- "url": "https://deps.sec.gitlab.com/packages/maven/io.netty/netty/versions/3.9.1.Final/advisories"
- },
- {
- "type": "cve",
- "name": "CVE-2014-3488",
- "value": "CVE-2014-3488",
- "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3488"
- }
- ],
- "links": [
- {
- "url": "https://bugzilla.redhat.com/CVE-2014-3488"
- },
- {
- "url": "http://netty.io/news/2014/06/11/3.html"
- },
- {
- "url": "https://github.com/netty/netty/issues/2562"
- }
- ],
- "priority": "Unknown",
- "file": "app/pom.xml",
- "url": "https://bugzilla.redhat.com/CVE-2014-3488",
- "tool": "gemnasium"
- },
- {
- "category": "dependency_scanning",
- "name": "Django - CVE-2017-12794",
- "message": "Possible XSS in traceback section of technical 500 debug page",
- "cve": "app/requirements.txt:Django@1.11.3:CVE-2017-12794",
- "severity": "Unknown",
- "solution": "Upgrade to latest version or apply patch.",
- "scanner": {
- "id": "gemnasium",
- "name": "Gemnasium"
- },
- "location": {
- "file": "app/requirements.txt",
- "dependency": {
- "package": {
- "name": "Django"
- },
- "version": "1.11.3"
- }
- },
- "identifiers": [
- {
- "type": "gemnasium",
- "name": "Gemnasium-6162a015-8635-4a15-8d7c-dc9321db366f",
- "value": "6162a015-8635-4a15-8d7c-dc9321db366f",
- "url": "https://deps.sec.gitlab.com/packages/pypi/Django/versions/1.11.3/advisories"
- },
- {
- "type": "cve",
- "name": "CVE-2017-12794",
- "value": "CVE-2017-12794",
- "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12794"
- }
- ],
- "links": [
- {
- "url": "https://www.djangoproject.com/weblog/2017/sep/05/security-releases/"
- }
- ],
- "priority": "Unknown",
- "file": "app/requirements.txt",
- "url": "https://www.djangoproject.com/weblog/2017/sep/05/security-releases/",
- "tool": "gemnasium"
- },
- {
- "category": "dependency_scanning",
- "message": "Directory traversal vulnerability in rubyzip",
- "cve": "Gemfile.lock:rubyzip:cve:CVE-2017-5946",
- "severity": "High",
- "solution": "upgrade to \u003e= 1.2.1",
- "scanner": {
- "id": "bundler_audit",
- "name": "bundler-audit"
- },
- "location": {
- "file": "Gemfile.lock",
- "dependency": {
- "package": {
- "name": "rubyzip"
- },
- "version": "1.2.0"
- }
- },
- "identifiers": [
- {
- "type": "cve",
- "name": "CVE-2017-5946",
- "value": "CVE-2017-5946",
- "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5946"
- }
- ],
- "links": [
- {
- "url": "https://github.com/rubyzip/rubyzip/issues/315"
- }
- ]
- },
- {
- "category": "dependency_scanning",
- "name": "ffi - CVE-2018-1000201",
- "message": "ruby-ffi DDL loading issue on Windows OS",
- "cve": "ffi:1.9.18:CVE-2018-1000201",
- "severity": "High",
- "solution": "upgrade to \u003e= 1.9.24",
- "scanner": {
- "id": "bundler_audit",
- "name": "bundler-audit"
- },
- "location": {
- "file": "sast-sample-rails/Gemfile.lock",
- "dependency": {
- "package": {
- "name": "ffi"
- },
- "version": "1.9.18"
- }
- },
- "identifiers": [
- {
- "type": "cve",
- "name": "CVE-2018-1000201",
- "value": "CVE-2018-1000201",
- "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000201"
- }
- ],
- "links": [
- {
- "url": "https://github.com/ffi/ffi/releases/tag/1.9.24"
- }
- ],
- "priority": "High",
- "file": "sast-sample-rails/Gemfile.lock",
- "url": "https://github.com/ffi/ffi/releases/tag/1.9.24",
- "tool": "bundler_audit"
- }
- ]
- }
\ No newline at end of file
diff --git a/ee/spec/fixtures/security_reports/feature-branch/gl-dependency-scanning-report.json b/ee/spec/fixtures/security_reports/feature-branch/gl-dependency-scanning-report.json
index 8555be6618ce6980e94443fcaf76938b78b570e0..f8d92ce586b44fa6c6783b29a172ac3946b118b8 100644
--- a/ee/spec/fixtures/security_reports/feature-branch/gl-dependency-scanning-report.json
+++ b/ee/spec/fixtures/security_reports/feature-branch/gl-dependency-scanning-report.json
@@ -97,47 +97,36 @@
},
{
"category": "dependency_scanning",
- "name": "nokogiri - USN-3424-1",
- "message": "Vulnerabilities in libxml2",
- "cve": "rails/Gemfile.lock:nokogiri@1.8.0:USN-3424-1",
- "severity": "Unknown",
- "solution": "Upgrade to latest version.",
+ "message": "Directory traversal vulnerability in rubyzip",
+ "cve": "Gemfile.lock:rubyzip:cve:CVE-2017-5946",
+ "severity": "High",
+ "solution": "upgrade to \u003e= 1.2.1",
"scanner": {
- "id": "gemnasium",
- "name": "Gemnasium"
+ "id": "bundler_audit",
+ "name": "bundler-audit"
},
"location": {
- "file": "rails/Gemfile.lock",
+ "file": "Gemfile.lock",
"dependency": {
"package": {
- "name": "nokogiri"
+ "name": "rubyzip"
},
- "version": "1.8.0"
+ "version": "1.2.0"
}
},
"identifiers": [
{
- "type": "gemnasium",
- "name": "Gemnasium-06565b64-486d-4326-b906-890d9915804d",
- "value": "06565b64-486d-4326-b906-890d9915804d",
- "url": "https://deps.sec.gitlab.com/packages/gem/nokogiri/versions/1.8.0/advisories"
- },
- {
- "type": "usn",
- "name": "USN-3424-1",
- "value": "USN-3424-1",
- "url": "https://usn.ubuntu.com/3424-1/"
+ "type": "cve",
+ "name": "CVE-2017-5946",
+ "value": "CVE-2017-5946",
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5946"
}
],
"links": [
{
- "url": "https://github.com/sparklemotion/nokogiri/issues/1673"
+ "url": "https://github.com/rubyzip/rubyzip/issues/315"
}
- ],
- "priority": "Unknown",
- "file": "rails/Gemfile.lock",
- "url": "https://github.com/sparklemotion/nokogiri/issues/1673",
- "tool": "gemnasium"
+ ]
},
{
"category": "dependency_scanning",