/
TestSarifPresenterDir.golden
97 lines (97 loc) · 3.63 KB
/
TestSarifPresenterDir.golden
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
{
"version": "2.1.0",
"$schema": "https://json.schemastore.org/sarif-2.1.0-rtm.5.json",
"runs": [
{
"tool": {
"driver": {
"name": "Grype",
"version": "0.0.0-dev",
"informationUri": "https://github.com/anchore/grype",
"rules": [
{
"id": "CVE-1999-0001-package-1",
"name": "DpkgMatcherExactDirectMatch",
"shortDescription": {
"text": "CVE-1999-0001 low vulnerability for package-1 package"
},
"fullDescription": {
"text": "1999-01 description"
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-1999-0001\nSeverity: low\nPackage: package-1\nVersion: 1.0.1\nFix Version: \nType: deb\nLocation: etc/pkg-1\nData Namespace: source-1\nLink: CVE-1999-0001",
"markdown": "**Vulnerability CVE-1999-0001**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | package-1 | 1.0.1 | | deb | etc/pkg-1 | source-1 | CVE-1999-0001 |\n"
},
"properties": {
"security-severity": "4.000000"
}
},
{
"id": "CVE-1999-0002-package-2",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-1999-0002 critical vulnerability for package-2 package"
},
"fullDescription": {
"text": "1999-02 description"
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-1999-0002\nSeverity: critical\nPackage: package-2\nVersion: 2.0.1\nFix Version: \nType: deb\nLocation: pkg-2\nData Namespace: source-2\nLink: CVE-1999-0002",
"markdown": "**Vulnerability CVE-1999-0002**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| critical | package-2 | 2.0.1 | | deb | pkg-2 | source-2 | CVE-1999-0002 |\n"
},
"properties": {
"security-severity": "1.000000"
}
}
]
}
},
"results": [
{
"ruleId": "CVE-1999-0001-package-1",
"message": {
"text": "The path etc/pkg-1 reports package-1 at version 1.0.1 which would result in a vulnerable (deb) package installed"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "etc/pkg-1"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-1999-0002-package-2",
"message": {
"text": "The path pkg-2 reports package-2 at version 2.0.1 which would result in a vulnerable (deb) package installed"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "pkg-2"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
}
]
}
]
}