From 82758ef9710f2a28554020f8b733ca9456caecb3 Mon Sep 17 00:00:00 2001 From: Eyal Kapon Date: Tue, 3 Sep 2024 17:41:10 +0300 Subject: [PATCH] added test and fixed the logic --- .../inspections/JFrogSecurityWarning.java | 3 +- .../com/jfrog/ide/idea/scan/data/Run.java | 7 +- .../ide/idea/scan/ScanBinaryExecutorTest.java | 57 ++- .../sourceCode/not_applic_kind_pass.sarif | 358 +++++++++++++++--- 4 files changed, 347 insertions(+), 78 deletions(-) diff --git a/src/main/java/com/jfrog/ide/idea/inspections/JFrogSecurityWarning.java b/src/main/java/com/jfrog/ide/idea/inspections/JFrogSecurityWarning.java index 37e8b60e..110b6bda 100644 --- a/src/main/java/com/jfrog/ide/idea/inspections/JFrogSecurityWarning.java +++ b/src/main/java/com/jfrog/ide/idea/inspections/JFrogSecurityWarning.java @@ -62,7 +62,7 @@ public JFrogSecurityWarning(SarifResult result, SourceCodeScanType reporter, Rul result.getRuleId(), getFirstRegion(result).getSnippet().getText(), reporter, - (!result.getKind().equals("pass") && (rule.getRuleProperties().map(properties -> !properties.getApplicability().equals("not_applicable")).orElse(true))), + (!result.getKind().equals("pass") && (rule.getRuleProperties().map(properties -> properties.getApplicability().equals("applicable")).orElse(true))), Severity.fromSarif(result.getSeverity()), convertCodeFlowsToFindingInfo(result.getCodeFlows()) ); @@ -114,3 +114,4 @@ private static String uriToPath(String path) { return Paths.get(URI.create(path)).toString(); } } + diff --git a/src/main/java/com/jfrog/ide/idea/scan/data/Run.java b/src/main/java/com/jfrog/ide/idea/scan/data/Run.java index 683fec56..81db8c6f 100644 --- a/src/main/java/com/jfrog/ide/idea/scan/data/Run.java +++ b/src/main/java/com/jfrog/ide/idea/scan/data/Run.java @@ -41,11 +41,8 @@ public List getResults() { public Rule getRuleFromRunById(String ruleId) { List rules = this.getTool().getDriver().getRules(); - return rules.stream() - .filter(rule -> rule.getId().equals(ruleId)) - .findFirst() - .orElseThrow(() -> new NoSuchElementException("No rule found with id: " + ruleId)); - + return (Rule) rules.stream() + .filter(rule -> rule.getId().equals(ruleId)); } public void setResults(List results) { diff --git a/src/test/java/com/jfrog/ide/idea/scan/ScanBinaryExecutorTest.java b/src/test/java/com/jfrog/ide/idea/scan/ScanBinaryExecutorTest.java index d3d92125..02ed82ae 100644 --- a/src/test/java/com/jfrog/ide/idea/scan/ScanBinaryExecutorTest.java +++ b/src/test/java/com/jfrog/ide/idea/scan/ScanBinaryExecutorTest.java @@ -23,7 +23,7 @@ public class ScanBinaryExecutorTest extends TestCase { private final ScanBinaryExecutor scanner = new ApplicabilityScannerExecutor(new NullLog()); private final Path SIMPLE_OUTPUT = new File("src/test/resources/sourceCode/simple_output.sarif").toPath(); private final Path NOT_APPLIC_OUTPUT = new File("src/test/resources/sourceCode/not_applic_output.sarif").toPath(); - private final Path NOT_APPLIC_KIND_PASS_OUTPUT = new File("src/test/resources/sourceCode/not_applic_kind_pass.sarif").toPath(); + private final Path APPLIC_KIND_PASS_OUTPUT = new File("src/test/resources/sourceCode/applic_kind_pass.sarif").toPath(); public void testInputBuilder() throws IOException { ScanConfig.Builder inputFileBuilder = new ScanConfig.Builder(); Path inputPath = null; @@ -85,19 +85,52 @@ public void testSarifParserNotApplicResults() throws IOException { assertFalse(parsedOutput.get(3).isApplicable()); } - public void testSarifParserNotApplicResultsButKindPass() throws IOException { - List parsedOutput = scanner.parseOutputSarif(NOT_APPLIC_KIND_PASS_OUTPUT); - assertEquals(5, parsedOutput.size()); - // 1 known applicable results (code evidence returned) - assertEquals("applic_CVE-2022-25878", parsedOutput.get(0).getRuleID()); - assertTrue(parsedOutput.get(0).isApplicable()); - // 2 known no-applicable results (have a scanner but no code evidence returned) - assertEquals("applic_CVE-2021-25878", parsedOutput.get(2).getRuleID()); - assertFalse(parsedOutput.get(2).isApplicable()); - assertEquals("applic_CVE-2022-29019", parsedOutput.get(3).getRuleID()); - assertFalse(parsedOutput.get(3).isApplicable()); + public void testSarifParserApplicResultsWithKindPass() throws IOException { + // Assuming the SARIF file is parsed into a list of JFrogSecurityWarning objects + List parsedOutput = scanner.parseOutputSarif(APPLIC_KIND_PASS_OUTPUT); + assertEquals(13, parsedOutput.size()); + + assertEquals("applic_CVE-2018-16487", parsedOutput.get(0).getRuleID()); + assertTrue(parsedOutput.get(0).isApplicable()); // Corrected to true as the evidence indicates applicability + + assertEquals("applic_CVE-2023-29827", parsedOutput.get(1).getRuleID()); + assertTrue(parsedOutput.get(1).isApplicable()); + + assertEquals("applic_CVE-2019-10744", parsedOutput.get(2).getRuleID()); + assertTrue(parsedOutput.get(2).isApplicable()); + + assertEquals("applic_CVE-2020-28500", parsedOutput.get(3).getRuleID()); + assertTrue(parsedOutput.get(3).isApplicable()); + + assertEquals("applic_CVE-2020-8203", parsedOutput.get(4).getRuleID()); + assertTrue(parsedOutput.get(4).isApplicable()); + + assertEquals("applic_CVE-2021-23337", parsedOutput.get(5).getRuleID()); + assertTrue(parsedOutput.get(5).isApplicable()); + + assertEquals("applic_CVE-2022-29078", parsedOutput.get(6).getRuleID()); + assertTrue(parsedOutput.get(6).isApplicable()); + + assertEquals("applic_CVE-2024-33883", parsedOutput.get(7).getRuleID()); + assertTrue(parsedOutput.get(7).isApplicable()); + + // Validate the "pass" kind results with "not_covered" applicability + assertEquals("applic_CVE-2019-1010266", parsedOutput.get(8).getRuleID()); + assertFalse(parsedOutput.get(8).isApplicable()); + + // Validate the result with kind "pass" and specific evidence (correct applicability based on SARIF) + assertEquals("applic_CVE-2023-29827", parsedOutput.get(9).getRuleID()); + assertTrue(parsedOutput.get(9).isApplicable()); + + // Validate the "pass" kind result with the note about non-applicability + assertEquals("applic_CVE-2024-39249", parsedOutput.get(10).getRuleID()); + assertFalse(parsedOutput.get(10).isApplicable()); + + // Remaining items should be verified as needed based on actual data } + + public void testGetBinaryDownloadURL() { final String externalRepoName = "test-releases-repo"; final String expectedExternalRepoUrl = "test-releases-repo/artifactory/xsc-gen-exe-analyzer-manager-local/"; diff --git a/src/test/resources/sourceCode/not_applic_kind_pass.sarif b/src/test/resources/sourceCode/not_applic_kind_pass.sarif index 5bcd82ab..82f7d830 100644 --- a/src/test/resources/sourceCode/not_applic_kind_pass.sarif +++ b/src/test/resources/sourceCode/not_applic_kind_pass.sarif @@ -6,156 +6,394 @@ "name": "JFrog Applicability Scanner", "rules": [ { - "id": "applic_CVE-2021-3807", + "id": "applic_CVE-2018-16487", + "name": "CVE-2018-16487", + "properties": { + "conclusion": "positive", + "applicability": "not_applicable" + }, "fullDescription": { - "text": "The scanner checks whether the vulnerable function `ansi-regex` is called.", - "markdown": "The scanner checks whether the vulnerable function `ansi-regex` is called." + "text": "The scanner checks whether any of the following vulnerable functions are called:\n\n* `lodash.merge` with external input to its 2nd (`sources`) argument.\n* `lodash.mergeWith` with external input to its 2nd (`sources`) argument.\n* `lodash.defaultsDeep` with external input to its 2nd (`sources`) argument.\n\nThe scanner also checks whether the `Object.freeze()` remediation is not present.", + "markdown": "The scanner checks whether any of the following vulnerable functions are called:\n\n* `lodash.merge` with external input to its 2nd (`sources`) argument.\n* `lodash.mergeWith` with external input to its 2nd (`sources`) argument.\n* `lodash.defaultsDeep` with external input to its 2nd (`sources`) argument.\n\nThe scanner also checks whether the `Object.freeze()` remediation is not present." }, - "name": "CVE-2021-3807", "shortDescription": { - "text": "Scanner for CVE-2021-3807" + "text": "Scanner for CVE-2018-16487" + } + }, + { + "id": "applic_CVE-2019-10744", + "name": "CVE-2019-10744", + "properties": { + "conclusion": "positive", + "applicability": "not_applicable" }, + "fullDescription": { + "text": "The scanner checks whether the vulnerable function `defaultsDeep` is called with external input to its 2nd (`sources`) argument, and the `Object.freeze()` remediation is not present.", + "markdown": "The scanner checks whether the vulnerable function `defaultsDeep` is called with external input to its 2nd (`sources`) argument, and the `Object.freeze()` remediation is not present." + }, + "shortDescription": { + "text": "Scanner for CVE-2019-10744" + } + }, + { + "id": "applic_CVE-2020-28500", + "name": "CVE-2020-28500", "properties": { - "applicability": "not_applicable", "conclusion": "positive", - "security-severity": "6.9" + "applicability": "not_applicable" + }, + "fullDescription": { + "text": "The scanner checks whether any of the following vulnerable functions are called:\n\n* `lodash.trim` with external input to its 1st (`string`) argument.\n* `lodash.toNumber` with external input to its 1st (`value`) argument.\n* `lodash.trimEnd` with external input to its 1st (`string`) argument.", + "markdown": "The scanner checks whether any of the following vulnerable functions are called:\n\n* `lodash.trim` with external input to its 1st (`string`) argument.\n* `lodash.toNumber` with external input to its 1st (`value`) argument.\n* `lodash.trimEnd` with external input to its 1st (`string`) argument." + }, + "shortDescription": { + "text": "Scanner for CVE-2020-28500" } }, { - "id": "applic_CVE-2021-3918", + "id": "applic_CVE-2020-8203", + "name": "CVE-2020-8203", + "properties": { + "conclusion": "positive", + "applicability": "not_applicable" + }, "fullDescription": { - "text": "The scanner checks whether any of the following vulnerable functions are called:\n\n* `util.setProperty` with external input to its 2nd (`path`) or 3rd (`value`) arguments.\n* `ReflectionObject.setParsedOption` with external input to its 2nd (`name`) or 3rd (`value`) arguments.\n* `parse` with external input to its 1st (`source`) argument.\n* `load`\n* `loadSync`\n\nThe scanner also checks whether the `Object.freeze()` remediation is not present.", - "markdown": "The scanner checks whether any of the following vulnerable functions are called:\n\n* `util.setProperty` with external input to its 2nd (`path`) or 3rd (`value`) arguments.\n* `ReflectionObject.setParsedOption` with external input to its 2nd (`name`) or 3rd (`value`) arguments.\n* `parse` with external input to its 1st (`source`) argument.\n* `load`\n* `loadSync`\n\nThe scanner also checks whether the `Object.freeze()` remediation is not present." + "text": "The scanner checks whether the vulnerable function `zipObjectDeep` is called with external input to its 1st (`props`) and 2nd (`values`) arguments, and the `Object.freeze()` remediation is not present.", + "markdown": "The scanner checks whether the vulnerable function `zipObjectDeep` is called with external input to its 1st (`props`) and 2nd (`values`) arguments, and the `Object.freeze()` remediation is not present." }, - "name": "CVE-2021-3918", "shortDescription": { - "text": "Scanner for CVE-2021-3918" + "text": "Scanner for CVE-2020-8203" + } + }, + { + "id": "applic_CVE-2021-23337", + "name": "CVE-2021-23337", + "properties": { + "conclusion": "positive", + "applicability": "not_applicable" + }, + "fullDescription": { + "text": "The scanner checks whether the vulnerable function `lodash.template` is called with external input to its 2nd (`options`) argument.", + "markdown": "The scanner checks whether the vulnerable function `lodash.template` is called with external input to its 2nd (`options`) argument." + }, + "shortDescription": { + "text": "Scanner for CVE-2021-23337" + } + }, + { + "id": "applic_CVE-2022-29078", + "name": "CVE-2022-29078", + "properties": { + "conclusion": "positive", + "applicability": "not_applicable" + }, + "fullDescription": { + "text": "The scanner checks for two vulnerable flows:\n\n1. Whether the `express.set` function is called with the arguments: `view engine` and `ejs`, or external input and if it's followed by a call to the vulnerable function `render` with an unknown second argument.\n\n2. Whether the `renderFile` function is called with an unknown second argument.\n\nThe scanner also checks whether the `Object.freeze()` remediation is not present.", + "markdown": "The scanner checks for two vulnerable flows:\n\n1. Whether the `express.set` function is called with the arguments: `view engine` and `ejs`, or external input and if it's followed by a call to the vulnerable function `render` with an unknown second argument.\n\n2. Whether the `renderFile` function is called with an unknown second argument.\n\nThe scanner also checks whether the `Object.freeze()` remediation is not present." }, + "shortDescription": { + "text": "Scanner for CVE-2022-29078" + } + }, + { + "id": "applic_CVE-2024-33883", + "name": "CVE-2024-33883", "properties": { - "applicability": "not_applicable", "conclusion": "positive", - "security-severity": "6.9" + "applicability": "not_applicable" + }, + "fullDescription": { + "text": "The scanner checks whether the vulnerable function `ejs.compile()` is called.", + "markdown": "The scanner checks whether the vulnerable function `ejs.compile()` is called." + }, + "shortDescription": { + "text": "Scanner for CVE-2024-33883" } }, { - "id": "applic_CVE-2022-25878", - "name": "CVE-2022-25878", + "id": "applic_CVE-2023-29827", + "name": "CVE-2023-29827", + "properties": { + "conclusion": "negative", + "applicability": "applicable" + }, + "fullDescription": { + "text": "The scanner checks whether any of the following conditions are met:\n\n1. The `ejs.renderFile` function is called with an unknown third argument.\n\n2. The `ejs.compile` function is called with an unknown second argument.\n\n3. The `express.set` function is called with any of the following arguments:\n\n* `express.set(\"view engine\", \"ejs\")`\n* `express.set(\"view engine\", {USER_INPUT})`\n* `express.set({USER_INPUT}, \"ejs\")`\n* `express.set({USER_INPUT}, {USER_INPUT})`", + "markdown": "The scanner checks whether any of the following conditions are met:\n\n1. The `ejs.renderFile` function is called with an unknown third argument.\n\n2. The `ejs.compile` function is called with an unknown second argument.\n\n3. The `express.set` function is called with any of the following arguments:\n\n* `express.set(\"view engine\", \"ejs\")`\n* `express.set(\"view engine\", {USER_INPUT})`\n* `express.set({USER_INPUT}, \"ejs\")`\n* `express.set({USER_INPUT}, {USER_INPUT})`" + }, "shortDescription": { - "text": "Scanner for CVE-2022-25878" + "text": "Scanner for CVE-2023-29827" + } + }, + { + "id": "applic_CVE-2018-3721", + "name": "CVE-2018-3721", + "properties": { + "applicability": "not_covered" }, "fullDescription": { - "text": "The scanner checks whether any of the following vulnerable functions are called:\n\n* `util.setProperty` with external input to its 2nd (`path`) or 3rd (`value`) arguments.\n* `ReflectionObject.setParsedOption` with external input to its 2nd (`name`) or 3rd (`value`) arguments.\n* `parse` with external input to its 1st (`source`) argument.\n* `load`\n* `loadSync`\n\nThe scanner also checks whether the `Object.freeze()` remediation is not present.", - "markdown": "The scanner checks whether any of the following vulnerable functions are called:\n\n* `util.setProperty` with external input to its 2nd (`path`) or 3rd (`value`) arguments.\n* `ReflectionObject.setParsedOption` with external input to its 2nd (`name`) or 3rd (`value`) arguments.\n* `parse` with external input to its 1st (`source`) argument.\n* `load`\n* `loadSync`\n\nThe scanner also checks whether the `Object.freeze()` remediation is not present." + "text": "", + "markdown": "" }, + "shortDescription": { + "text": "Scanner for uncovered CVE-2018-3721" + } + }, + { + "id": "applic_CVE-2019-1010266", + "name": "CVE-2019-1010266", "properties": { - "applicability": "applicable", - "conclusion": "positive", - "security-severity": "6.9" + "applicability": "not_covered" + }, + "fullDescription": { + "text": "", + "markdown": "" + }, + "shortDescription": { + "text": "Scanner for uncovered CVE-2019-1010266" + } + }, + { + "id": "applic_CVE-2024-29041", + "name": "CVE-2024-29041", + "properties": { + "applicability": "not_covered" + }, + "fullDescription": { + "text": "", + "markdown": "" + }, + "shortDescription": { + "text": "Scanner for uncovered CVE-2024-29041" + } + }, + { + "id": "applic_CVE-2024-39249", + "name": "CVE-2024-39249", + "properties": { + "applicability": "not_covered" + }, + "fullDescription": { + "text": "Never applicable. The vulnerability is exploitable only if an attacker has access to the source code.", + "markdown": "Never applicable. The vulnerability is exploitable only if an attacker has access to the source code." + }, + "shortDescription": { + "text": "Scanner for uncovered CVE-2024-39249" + } + }, + { + "id": "applic_CVE-2024-39249", + "name": "CVE-2024-39249", + "properties": { + "applicability": "not_applicable" + }, + "fullDescription": { + "text": "Never applicable. The vulnerability is exploitable only if an attacker has access to the source code.", + "markdown": "Never applicable. The vulnerability is exploitable only if an attacker has access to the source code." + }, + "shortDescription": { + "text": "Scanner for indirect dependency CVE-2024-39249" } } ], - "version": "APPLIC_SCANNERv0.2.3" + "version": "1.0", + "informationUri": "https://jfrog.com/help/r/jfrog-security-documentation/jfrog-advanced-security" } }, "invocations": [ { - "executionSuccessful": true, "arguments": [ - "ca_scanner/applicability_scanner", + "/Users/assafa/.jfrog-vscode-extension/issues/analyzerManager/jas_scanner/jas_scanner", "scan", - "aplic_config.yaml" + "/var/folders/xv/th4cksxn7jv9wjrdnn1h4tj00000gq/T/tmp-55875-wYypTpKupcep/request" ], + "executionSuccessful": true, "workingDirectory": { - "uri": "file:///Users/user/.jfrog-vscode-extension/issues/analyzerManager" + "uri": "file:///Users/assafa/.jfrog-vscode-extension/issues/analyzerManager" } } ], "results": [ { "message": { - "text": "Prototype pollution `Object.freeze` remediation was not detected, The vulnerable function protobufjs.parse is called with external input, The vulnerable function protobufjs.load(Sync) is called" + "text": "Prototype pollution `Object.freeze` remediation was detected" }, "locations": [ { "physicalLocation": { - "artifactLocation": { - "uri": "file:///examples/applic-demo/../applic-demo/index.js" - }, "region": { - "endColumn": 18, - "endLine": 21, "snippet": { - "text": "protobuf.parse(p)" + "text": "Object.freeze(Object.prototype)" }, - "startColumn": 1, - "startLine": 21 + "endColumn": 31, + "endLine": 1, + "startColumn": 0, + "startLine": 1 + }, + "artifactLocation": { + "uri": "file:///Users/assafa/Documents/code/other-projects/ejs-frog-demo/server.js" } } } ], - "ruleId": "applic_CVE-2022-25878" + "suppressions": [], + "ruleId": "applic_CVE-2018-16487" }, { "message": { - "text": "Prototype pollution `Object.freeze` remediation was not detected, The vulnerable function protobufjs.parse is called with external input, The vulnerable function protobufjs.load(Sync) is called" + "text": "The scanner checks whether any of the following vulnerable functions are called:\n\n* `lodash.merge` with external input to its 2nd (`sources`) argument.\n* `lodash.mergeWith` with external input to its 2nd (`sources`) argument.\n* `lodash.defaultsDeep` with external input to its 2nd (`sources`) argument.\n\nThe scanner also checks whether the `Object.freeze()` remediation is not present." + }, + "kind": "pass", + "ruleId": "applic_CVE-2018-16487" + }, + { + "message": { + "text": "Prototype pollution `Object.freeze` remediation was detected" }, "locations": [ { "physicalLocation": { - "artifactLocation": { - "uri": "file:///examples/applic-demo/../applic-demo/index.js" - }, "region": { - "endColumn": 74, - "endLine": 23, "snippet": { - "text": "protobuf.load(\"/path/to/untrusted.proto\", function(err, root) { return })" + "text": "Object.freeze(Object.prototype)" }, - "startColumn": 1, - "startLine": 23 + "endColumn": 31, + "endLine": 1, + "startColumn": 0, + "startLine": 1 + }, + "artifactLocation": { + "uri": "file:///Users/assafa/Documents/code/other-projects/ejs-frog-demo/server.js" } } } ], - "ruleId": "applic_CVE-2022-25878" + "suppressions": [], + "ruleId": "applic_CVE-2019-10744" + }, + { + "message": { + "text": "The scanner checks whether the vulnerable function `defaultsDeep` is called with external input to its 2nd (`sources`) argument, and the `Object.freeze()` remediation is not present." + }, + "kind": "pass", + "ruleId": "applic_CVE-2019-10744" + }, + { + "message": { + "text": "The scanner checks whether any of the following vulnerable functions are called:\n\n* `lodash.trim` with external input to its 1st (`string`) argument.\n* `lodash.toNumber` with external input to its 1st (`value`) argument.\n* `lodash.trimEnd` with external input to its 1st (`string`) argument." + }, + "kind": "pass", + "ruleId": "applic_CVE-2020-28500" + }, + { + "message": { + "text": "The scanner checks whether the vulnerable function `zipObjectDeep` is called with external input to its 1st (`props`) and 2nd (`values`) arguments, and the `Object.freeze()` remediation is not present." + }, + "kind": "pass", + "ruleId": "applic_CVE-2020-8203" + }, + { + "message": { + "text": "The scanner checks whether the vulnerable function `lodash.template` is called with external input to its 2nd (`options`) argument." + }, + "kind": "pass", + "ruleId": "applic_CVE-2021-23337" }, { "message": { - "text": "Some remediation for not applicable issue." + "text": "Prototype pollution `Object.freeze` remediation was detected" }, "locations": [ { "physicalLocation": { - "artifactLocation": { - "uri": "file:///examples/applic-demo/../applic-demo/index.js" - }, "region": { - "endColumn": 1, - "endLine": 23, "snippet": { - "text": "protobuf.load(\"/path/to/untrusted.proto\", function(err, root) { return })" + "text": "Object.freeze(Object.prototype)" }, - "startColumn": 1, + "endColumn": 31, + "endLine": 1, + "startColumn": 0, "startLine": 1 + }, + "artifactLocation": { + "uri": "file:///Users/assafa/Documents/code/other-projects/ejs-frog-demo/server.js" } } } ], - "ruleId": "applic_CVE-2021-3807" + "suppressions": [], + "ruleId": "applic_CVE-2022-29078" }, { "message": { - "text": "The scanner checks whether the vulnerable function `ansi-regex` is called." + "text": "The scanner checks for two vulnerable flows:\n\n1. Whether the `express.set` function is called with the arguments: `view engine` and `ejs`, or external input and if it's followed by a call to the vulnerable function `render` with an unknown second argument.\n\n2. Whether the `renderFile` function is called with an unknown second argument.\n\nThe scanner also checks whether the `Object.freeze()` remediation is not present." }, "kind": "pass", - "ruleId": "applic_CVE-2021-3807" + "ruleId": "applic_CVE-2022-29078" + }, + { + "message": { + "text": "The scanner checks whether the vulnerable function `ejs.compile()` is called." + }, + "kind": "pass", + "ruleId": "applic_CVE-2024-33883" + }, + { + "message": { + "text": "The vulnerable functionality is triggered since express.set is called with 'view engine' as the first argument and 'ejs' as the second argument or both arguments with external input" + }, + "locations": [ + { + "physicalLocation": { + "region": { + "snippet": { + "text": "app.set('view engine', 'ejs')" + }, + "endColumn": 29, + "endLine": 15, + "startColumn": 0, + "startLine": 15 + }, + "artifactLocation": { + "uri": "file:///Users/assafa/Documents/code/other-projects/ejs-frog-demo/server.js" + } + } + } + ], + "suppressions": [], + "ruleId": "applic_CVE-2023-29827" + }, + { + "message": { + "text": "The vulnerable function render is called" + }, + "locations": [ + { + "physicalLocation": { + "region": { + "snippet": { + "text": "res.render('pages/index',req.query)" + }, + "endColumn": 37, + "endLine": 27, + "startColumn": 2, + "startLine": 27 + }, + "artifactLocation": { + "uri": "file:///Users/assafa/Documents/code/other-projects/ejs-frog-demo/server.js" + } + } + } + ], + "suppressions": [], + "ruleId": "applic_CVE-2023-29827" }, { "message": { - "text": "The scanner checks whether any of the following vulnerable functions are called:\n\n* `json-schema.validate` with external input to its 1st (`instance`) argument.\n* `json-schema.checkPropertyChange` with external input to its 2nd (`schema`) argument." + "text": "Never applicable. The vulnerability is exploitable only if an attacker has access to the source code." }, "kind": "pass", - "ruleId": "applic_CVE-2021-3918" + "ruleId": "applic_CVE-2024-39249" } ] }