434 lines
No EOL
11 KiB
JSON
434 lines
No EOL
11 KiB
JSON
{
|
|
"runs": [
|
|
{
|
|
"results": [
|
|
{
|
|
"fixes": [
|
|
{
|
|
"artifactChanges": null,
|
|
"description": {}
|
|
}
|
|
],
|
|
"level": "error",
|
|
"locations": [
|
|
{
|
|
"physicalLocation": {
|
|
"artifactLocation": {
|
|
"uri": "utils/hash.go"
|
|
},
|
|
"region": {
|
|
"endColumn": 65,
|
|
"endLine": 32,
|
|
"snippet": {
|
|
"text": "argonHash := argon2.IDKey([]byte(pass), salt, 6, 64*1024, uint8(runtime.NumCPU()), 45)"
|
|
},
|
|
"sourceLanguage": "go",
|
|
"startColumn": 65,
|
|
"startLine": 32
|
|
}
|
|
}
|
|
}
|
|
],
|
|
"message": {
|
|
"text": "integer overflow conversion int -\u003e uint8"
|
|
},
|
|
"ruleId": "G115"
|
|
},
|
|
{
|
|
"fixes": [
|
|
{
|
|
"artifactChanges": null,
|
|
"description": {}
|
|
}
|
|
],
|
|
"level": "error",
|
|
"locations": [
|
|
{
|
|
"physicalLocation": {
|
|
"artifactLocation": {
|
|
"uri": "cmd/assets.go"
|
|
},
|
|
"region": {
|
|
"endColumn": 26,
|
|
"endLine": 71,
|
|
"snippet": {
|
|
"text": "destinationFile, err := os.Create(destinationPath)"
|
|
},
|
|
"sourceLanguage": "go",
|
|
"startColumn": 26,
|
|
"startLine": 71
|
|
}
|
|
}
|
|
}
|
|
],
|
|
"message": {
|
|
"text": "Potential file inclusion via variable"
|
|
},
|
|
"ruleId": "G304"
|
|
},
|
|
{
|
|
"fixes": [
|
|
{
|
|
"artifactChanges": null,
|
|
"description": {}
|
|
}
|
|
],
|
|
"level": "error",
|
|
"locations": [
|
|
{
|
|
"physicalLocation": {
|
|
"artifactLocation": {
|
|
"uri": "cmd/assets.go"
|
|
},
|
|
"region": {
|
|
"endColumn": 21,
|
|
"endLine": 65,
|
|
"snippet": {
|
|
"text": "sourceFile, err := os.Open(sourcePath)"
|
|
},
|
|
"sourceLanguage": "go",
|
|
"startColumn": 21,
|
|
"startLine": 65
|
|
}
|
|
}
|
|
}
|
|
],
|
|
"message": {
|
|
"text": "Potential file inclusion via variable"
|
|
},
|
|
"ruleId": "G304"
|
|
},
|
|
{
|
|
"fixes": [
|
|
{
|
|
"artifactChanges": null,
|
|
"description": {}
|
|
}
|
|
],
|
|
"level": "error",
|
|
"locations": [
|
|
{
|
|
"physicalLocation": {
|
|
"artifactLocation": {
|
|
"uri": "cmd/assets.go"
|
|
},
|
|
"region": {
|
|
"endColumn": 14,
|
|
"endLine": 49,
|
|
"snippet": {
|
|
"text": "if err := os.MkdirAll(\"server/assets/dist/\"+distFolder, os.ModePerm); err != nil \u0026\u0026 !errors.Is(err, fs.ErrExist) {"
|
|
},
|
|
"sourceLanguage": "go",
|
|
"startColumn": 14,
|
|
"startLine": 49
|
|
}
|
|
}
|
|
}
|
|
],
|
|
"message": {
|
|
"text": "Expect directory permissions to be 0750 or less"
|
|
},
|
|
"ruleId": "G301"
|
|
},
|
|
{
|
|
"fixes": [
|
|
{
|
|
"artifactChanges": null,
|
|
"description": {}
|
|
}
|
|
],
|
|
"level": "warning",
|
|
"locations": [
|
|
{
|
|
"physicalLocation": {
|
|
"artifactLocation": {
|
|
"uri": "cmd/assets.go"
|
|
},
|
|
"region": {
|
|
"endColumn": 2,
|
|
"endLine": 83,
|
|
"snippet": {
|
|
"text": "destinationFile.Close()"
|
|
},
|
|
"sourceLanguage": "go",
|
|
"startColumn": 2,
|
|
"startLine": 83
|
|
}
|
|
}
|
|
}
|
|
],
|
|
"message": {
|
|
"text": "Errors unhandled."
|
|
},
|
|
"ruleId": "G104"
|
|
},
|
|
{
|
|
"fixes": [
|
|
{
|
|
"artifactChanges": null,
|
|
"description": {}
|
|
}
|
|
],
|
|
"level": "warning",
|
|
"locations": [
|
|
{
|
|
"physicalLocation": {
|
|
"artifactLocation": {
|
|
"uri": "cmd/assets.go"
|
|
},
|
|
"region": {
|
|
"endColumn": 2,
|
|
"endLine": 82,
|
|
"snippet": {
|
|
"text": "sourceFile.Close()"
|
|
},
|
|
"sourceLanguage": "go",
|
|
"startColumn": 2,
|
|
"startLine": 82
|
|
}
|
|
}
|
|
}
|
|
],
|
|
"message": {
|
|
"text": "Errors unhandled."
|
|
},
|
|
"ruleId": "G104"
|
|
}
|
|
],
|
|
"taxonomies": [
|
|
{
|
|
"downloadUri": "https://cwe.mitre.org/data/xml/cwec_v4.4.xml.zip",
|
|
"guid": "f2856fc0-85b7-373f-83e7-6f8582243547",
|
|
"informationUri": "https://cwe.mitre.org/data/published/cwe_v4.4.pdf/",
|
|
"isComprehensive": true,
|
|
"language": "en",
|
|
"minimumRequiredLocalizedDataSemanticVersion": "4.4",
|
|
"name": "CWE",
|
|
"organization": "MITRE",
|
|
"releaseDateUtc": "2021-03-15",
|
|
"shortDescription": {
|
|
"text": "The MITRE Common Weakness Enumeration"
|
|
},
|
|
"taxa": [
|
|
{
|
|
"fullDescription": {
|
|
"text": "The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control."
|
|
},
|
|
"guid": "c71e4fa0-720e-3e82-8b67-b2d44d0c604b",
|
|
"helpUri": "https://cwe.mitre.org/data/definitions/190.html",
|
|
"id": "190",
|
|
"shortDescription": {
|
|
"text": "Integer Overflow or Wraparound"
|
|
}
|
|
},
|
|
{
|
|
"fullDescription": {
|
|
"text": "The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory."
|
|
},
|
|
"guid": "3e718404-88bc-3f17-883e-e85e74078a76",
|
|
"helpUri": "https://cwe.mitre.org/data/definitions/22.html",
|
|
"id": "22",
|
|
"shortDescription": {
|
|
"text": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
|
|
}
|
|
},
|
|
{
|
|
"fullDescription": {
|
|
"text": "During installation, installed file permissions are set to allow anyone to modify those files."
|
|
},
|
|
"guid": "fca8970d-b44c-3162-a385-cc09266d12a4",
|
|
"helpUri": "https://cwe.mitre.org/data/definitions/276.html",
|
|
"id": "276",
|
|
"shortDescription": {
|
|
"text": "Incorrect Default Permissions"
|
|
}
|
|
},
|
|
{
|
|
"fullDescription": {
|
|
"text": "The software does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the software."
|
|
},
|
|
"guid": "7df38d1d-038e-3ced-8601-8d9265b90a25",
|
|
"helpUri": "https://cwe.mitre.org/data/definitions/703.html",
|
|
"id": "703",
|
|
"shortDescription": {
|
|
"text": "Improper Check or Handling of Exceptional Conditions"
|
|
}
|
|
}
|
|
],
|
|
"version": "4.4"
|
|
}
|
|
],
|
|
"tool": {
|
|
"driver": {
|
|
"guid": "8b518d5f-906d-39f9-894b-d327b1a421c5",
|
|
"informationUri": "https://github.com/securego/gosec/",
|
|
"name": "gosec",
|
|
"rules": [
|
|
{
|
|
"defaultConfiguration": {
|
|
"level": "warning"
|
|
},
|
|
"fullDescription": {
|
|
"text": "Errors unhandled."
|
|
},
|
|
"help": {
|
|
"text": "Errors unhandled.\nSeverity: LOW\nConfidence: HIGH\n"
|
|
},
|
|
"id": "G104",
|
|
"name": "Improper Check or Handling of Exceptional Conditions",
|
|
"properties": {
|
|
"precision": "high",
|
|
"tags": [
|
|
"security",
|
|
"LOW"
|
|
]
|
|
},
|
|
"relationships": [
|
|
{
|
|
"kinds": [
|
|
"superset"
|
|
],
|
|
"target": {
|
|
"guid": "7df38d1d-038e-3ced-8601-8d9265b90a25",
|
|
"id": "703",
|
|
"toolComponent": {
|
|
"guid": "f2856fc0-85b7-373f-83e7-6f8582243547",
|
|
"name": "CWE"
|
|
}
|
|
}
|
|
}
|
|
],
|
|
"shortDescription": {
|
|
"text": "Errors unhandled."
|
|
}
|
|
},
|
|
{
|
|
"defaultConfiguration": {
|
|
"level": "error"
|
|
},
|
|
"fullDescription": {
|
|
"text": "Expect directory permissions to be 0750 or less"
|
|
},
|
|
"help": {
|
|
"text": "Expect directory permissions to be 0750 or less\nSeverity: MEDIUM\nConfidence: HIGH\n"
|
|
},
|
|
"id": "G301",
|
|
"name": "Incorrect Default Permissions",
|
|
"properties": {
|
|
"precision": "high",
|
|
"tags": [
|
|
"security",
|
|
"MEDIUM"
|
|
]
|
|
},
|
|
"relationships": [
|
|
{
|
|
"kinds": [
|
|
"superset"
|
|
],
|
|
"target": {
|
|
"guid": "fca8970d-b44c-3162-a385-cc09266d12a4",
|
|
"id": "276",
|
|
"toolComponent": {
|
|
"guid": "f2856fc0-85b7-373f-83e7-6f8582243547",
|
|
"name": "CWE"
|
|
}
|
|
}
|
|
}
|
|
],
|
|
"shortDescription": {
|
|
"text": "Expect directory permissions to be 0750 or less"
|
|
}
|
|
},
|
|
{
|
|
"defaultConfiguration": {
|
|
"level": "error"
|
|
},
|
|
"fullDescription": {
|
|
"text": "Potential file inclusion via variable"
|
|
},
|
|
"help": {
|
|
"text": "Potential file inclusion via variable\nSeverity: MEDIUM\nConfidence: HIGH\n"
|
|
},
|
|
"id": "G304",
|
|
"name": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
|
|
"properties": {
|
|
"precision": "high",
|
|
"tags": [
|
|
"security",
|
|
"MEDIUM"
|
|
]
|
|
},
|
|
"relationships": [
|
|
{
|
|
"kinds": [
|
|
"superset"
|
|
],
|
|
"target": {
|
|
"guid": "3e718404-88bc-3f17-883e-e85e74078a76",
|
|
"id": "22",
|
|
"toolComponent": {
|
|
"guid": "f2856fc0-85b7-373f-83e7-6f8582243547",
|
|
"name": "CWE"
|
|
}
|
|
}
|
|
}
|
|
],
|
|
"shortDescription": {
|
|
"text": "Potential file inclusion via variable"
|
|
}
|
|
},
|
|
{
|
|
"defaultConfiguration": {
|
|
"level": "error"
|
|
},
|
|
"fullDescription": {
|
|
"text": "integer overflow conversion int -\u003e uint8"
|
|
},
|
|
"help": {
|
|
"text": "integer overflow conversion int -\u003e uint8\nSeverity: HIGH\nConfidence: MEDIUM\n"
|
|
},
|
|
"id": "G115",
|
|
"name": "Integer Overflow or Wraparound",
|
|
"properties": {
|
|
"precision": "medium",
|
|
"tags": [
|
|
"security",
|
|
"HIGH"
|
|
]
|
|
},
|
|
"relationships": [
|
|
{
|
|
"kinds": [
|
|
"superset"
|
|
],
|
|
"target": {
|
|
"guid": "c71e4fa0-720e-3e82-8b67-b2d44d0c604b",
|
|
"id": "190",
|
|
"toolComponent": {
|
|
"guid": "f2856fc0-85b7-373f-83e7-6f8582243547",
|
|
"name": "CWE"
|
|
}
|
|
}
|
|
}
|
|
],
|
|
"shortDescription": {
|
|
"text": "integer overflow conversion int -\u003e uint8"
|
|
}
|
|
}
|
|
],
|
|
"semanticVersion": "2.21.1",
|
|
"supportedTaxonomies": [
|
|
{
|
|
"guid": "f2856fc0-85b7-373f-83e7-6f8582243547",
|
|
"name": "CWE"
|
|
}
|
|
],
|
|
"version": "2.21.1"
|
|
}
|
|
}
|
|
}
|
|
],
|
|
"$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.json",
|
|
"version": "2.1.0"
|
|
} |