From c591e4494e69efe77fd3b832279a6e3b79dbfaa6 Mon Sep 17 00:00:00 2001 From: Curtis Yanko Date: Wed, 31 Mar 2021 12:05:17 -0400 Subject: [PATCH 01/23] Update inspect.yml --- inspect.yml | 28 +++++++++++----------------- 1 file changed, 11 insertions(+), 17 deletions(-) diff --git a/inspect.yml b/inspect.yml index b780548..94b0597 100644 --- a/inspect.yml +++ b/inspect.yml @@ -1,27 +1,21 @@ inspect: - - app: - language: JAVA - name: tarpit-java - policy: 639070ed-7aad-4e53-bd5c-b97190308dc2/first_policy:latest - modify-findings: - - my_modification_rule - - default: - policy: io.shiftleft/default +- app: + name: tarpit-java-circle + modify-findings: + - downgrade_sdl finding-modifications: - my_modification_rule: + downgrade_sdl: + # Use filter to specify the category filter: category: - Sensitive Data Leak - id: - - 97 - type: - - vuln - severity: - - info - - moderate - - critical + # Specify the value for the tags, such as cvss_score or severity, that you would like to use + # Optionally, you can add a custom tag (e.g, a tag indicating the reason a vuln is + # marked as such) tags: - key: cvss_score value: 3 - key: severity value: info + - key: reason + value: appsec_approved From e5951326284ded2f9da5912146f36c185f43d025 Mon Sep 17 00:00:00 2001 From: Curtis Yanko Date: Wed, 31 Mar 2021 12:30:34 -0400 Subject: [PATCH 02/23] Update inspect.yml --- inspect.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/inspect.yml b/inspect.yml index 94b0597..c3ff805 100644 --- a/inspect.yml +++ b/inspect.yml @@ -1,10 +1,12 @@ inspect: - app: - name: tarpit-java-circle + language: JAVA + name: tarpit-java + policy: 639070ed-7aad-4e53-bd5c-b97190308dc2/first_policy:latest modify-findings: - - downgrade_sdl + - sdl_to_info finding-modifications: - downgrade_sdl: + sdl_to_info: # Use filter to specify the category filter: category: From 09569e379c4ea93b8abdbdc181fe7d01bcca7877 Mon Sep 17 00:00:00 2001 From: Curtis Yanko Date: Wed, 31 Mar 2021 12:33:52 -0400 Subject: [PATCH 03/23] Update inspect.yml --- inspect.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inspect.yml b/inspect.yml index c3ff805..64e1dff 100644 --- a/inspect.yml +++ b/inspect.yml @@ -1,7 +1,7 @@ inspect: - app: language: JAVA - name: tarpit-java + name: tarpit-java-circle policy: 639070ed-7aad-4e53-bd5c-b97190308dc2/first_policy:latest modify-findings: - sdl_to_info From 8c7cbf4dae17a26488b6e6a68ca0509b90cd8fe7 Mon Sep 17 00:00:00 2001 From: Curtis Yanko Date: Wed, 31 Mar 2021 12:39:24 -0400 Subject: [PATCH 04/23] Update inspect.yml --- inspect.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/inspect.yml b/inspect.yml index 64e1dff..f0e4738 100644 --- a/inspect.yml +++ b/inspect.yml @@ -14,6 +14,13 @@ finding-modifications: # Specify the value for the tags, such as cvss_score or severity, that you would like to use # Optionally, you can add a custom tag (e.g, a tag indicating the reason a vuln is # marked as such) + id: + - 97 + type: + - vuln + severity: + - moderate + - critical tags: - key: cvss_score value: 3 From 9b79f08a728639f9d91ff579675168887ded3fe9 Mon Sep 17 00:00:00 2001 From: Curtis Yanko Date: Wed, 31 Mar 2021 12:42:40 -0400 Subject: [PATCH 05/23] Update inspect.yml --- inspect.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/inspect.yml b/inspect.yml index f0e4738..b54493b 100644 --- a/inspect.yml +++ b/inspect.yml @@ -14,13 +14,13 @@ finding-modifications: # Specify the value for the tags, such as cvss_score or severity, that you would like to use # Optionally, you can add a custom tag (e.g, a tag indicating the reason a vuln is # marked as such) - id: - - 97 - type: - - vuln - severity: - - moderate - - critical + id: + - 97 + type: + - vuln + severity: + - moderate + - critical tags: - key: cvss_score value: 3 From 44d0cf2f9e4fb26a7098b6600bc77935df9c00d7 Mon Sep 17 00:00:00 2001 From: Curtis Yanko Date: Wed, 31 Mar 2021 12:48:48 -0400 Subject: [PATCH 06/23] Update inspect.yml --- inspect.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/inspect.yml b/inspect.yml index b54493b..adc7ddf 100644 --- a/inspect.yml +++ b/inspect.yml @@ -26,5 +26,4 @@ finding-modifications: value: 3 - key: severity value: info - - key: reason - value: appsec_approved + From fa40bee78c52cee0dcc612c1ccddc3e701b678d3 Mon Sep 17 00:00:00 2001 From: Curtis Yanko Date: Wed, 31 Mar 2021 12:52:41 -0400 Subject: [PATCH 07/23] Update inspect.yml --- inspect.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/inspect.yml b/inspect.yml index adc7ddf..9aeaaf8 100644 --- a/inspect.yml +++ b/inspect.yml @@ -5,6 +5,8 @@ inspect: policy: 639070ed-7aad-4e53-bd5c-b97190308dc2/first_policy:latest modify-findings: - sdl_to_info +- default: + policy: io.shiftleft/default finding-modifications: sdl_to_info: # Use filter to specify the category From bb955c7b725f18c02f0cf37ccbbbe8423d7ffec9 Mon Sep 17 00:00:00 2001 From: Curtis Yanko Date: Wed, 31 Mar 2021 12:55:28 -0400 Subject: [PATCH 08/23] Update inspect.yml --- inspect.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/inspect.yml b/inspect.yml index 9aeaaf8..2990d8e 100644 --- a/inspect.yml +++ b/inspect.yml @@ -21,6 +21,7 @@ finding-modifications: type: - vuln severity: + - info - moderate - critical tags: From 5f22b5d7748c5e4e7a493f53771706032eadbdba Mon Sep 17 00:00:00 2001 From: Curtis Yanko Date: Wed, 31 Mar 2021 12:59:43 -0400 Subject: [PATCH 09/23] Update inspect.yml --- inspect.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/inspect.yml b/inspect.yml index 2990d8e..fceaa36 100644 --- a/inspect.yml +++ b/inspect.yml @@ -13,9 +13,6 @@ finding-modifications: filter: category: - Sensitive Data Leak - # Specify the value for the tags, such as cvss_score or severity, that you would like to use - # Optionally, you can add a custom tag (e.g, a tag indicating the reason a vuln is - # marked as such) id: - 97 type: From 84ced7c1a823228e24011475d331c4af6a53654e Mon Sep 17 00:00:00 2001 From: Curtis Yanko Date: Wed, 31 Mar 2021 13:15:58 -0400 Subject: [PATCH 10/23] Update inspect.yml --- inspect.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/inspect.yml b/inspect.yml index fceaa36..838361e 100644 --- a/inspect.yml +++ b/inspect.yml @@ -9,7 +9,6 @@ inspect: policy: io.shiftleft/default finding-modifications: sdl_to_info: - # Use filter to specify the category filter: category: - Sensitive Data Leak From eb024d6a0e38a91773b1a0bfd2bffa478278bd51 Mon Sep 17 00:00:00 2001 From: Curtis Yanko Date: Wed, 31 Mar 2021 13:27:09 -0400 Subject: [PATCH 11/23] Update inspect.yml --- inspect.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/inspect.yml b/inspect.yml index 838361e..ceeb55f 100644 --- a/inspect.yml +++ b/inspect.yml @@ -1,11 +1,11 @@ inspect: -- app: + - app: language: JAVA name: tarpit-java-circle policy: 639070ed-7aad-4e53-bd5c-b97190308dc2/first_policy:latest modify-findings: - sdl_to_info -- default: + - default: policy: io.shiftleft/default finding-modifications: sdl_to_info: From 97583b4869c400ae9e57cbbde6f68188f400c696 Mon Sep 17 00:00:00 2001 From: Curtis Yanko Date: Wed, 31 Mar 2021 13:31:50 -0400 Subject: [PATCH 12/23] Update inspect.yml --- inspect.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/inspect.yml b/inspect.yml index ceeb55f..93d268b 100644 --- a/inspect.yml +++ b/inspect.yml @@ -1,12 +1,12 @@ inspect: - app: - language: JAVA - name: tarpit-java-circle - policy: 639070ed-7aad-4e53-bd5c-b97190308dc2/first_policy:latest - modify-findings: - - sdl_to_info + language: JAVA + name: tarpit-java-circle + policy: 639070ed-7aad-4e53-bd5c-b97190308dc2/first_policy:latest + modify-findings: + - sdl_to_info - default: - policy: io.shiftleft/default + policy: io.shiftleft/default finding-modifications: sdl_to_info: filter: From 45b3e2b09811c14a3cac9c531cdacce7d8f05fb7 Mon Sep 17 00:00:00 2001 From: Curtis Yanko Date: Wed, 31 Mar 2021 13:35:38 -0400 Subject: [PATCH 13/23] Update inspect.yml --- inspect.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/inspect.yml b/inspect.yml index 93d268b..69cdb96 100644 --- a/inspect.yml +++ b/inspect.yml @@ -1,14 +1,14 @@ inspect: - app: language: JAVA - name: tarpit-java-circle + name: tarpit-java policy: 639070ed-7aad-4e53-bd5c-b97190308dc2/first_policy:latest modify-findings: - - sdl_to_info + - my_modification_rule - default: policy: io.shiftleft/default finding-modifications: - sdl_to_info: + my_modification_rule: filter: category: - Sensitive Data Leak From 899d9c78b01f149132ef30209f0e99e426aace72 Mon Sep 17 00:00:00 2001 From: Curtis Yanko Date: Wed, 31 Mar 2021 13:48:43 -0400 Subject: [PATCH 14/23] Update inspect.yml --- inspect.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/inspect.yml b/inspect.yml index 69cdb96..551c721 100644 --- a/inspect.yml +++ b/inspect.yml @@ -19,7 +19,6 @@ finding-modifications: severity: - info - moderate - - critical tags: - key: cvss_score value: 3 From c686629560961838e3323e154c973c8af7e6b388 Mon Sep 17 00:00:00 2001 From: Curtis Yanko Date: Wed, 31 Mar 2021 13:51:52 -0400 Subject: [PATCH 15/23] Update inspect.yml --- inspect.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inspect.yml b/inspect.yml index 551c721..12b969c 100644 --- a/inspect.yml +++ b/inspect.yml @@ -17,8 +17,8 @@ finding-modifications: type: - vuln severity: - - info - moderate + - critical tags: - key: cvss_score value: 3 From bf61c4ca2890312d8823068fbb7af6a3e9bcda0a Mon Sep 17 00:00:00 2001 From: Curtis Yanko Date: Wed, 31 Mar 2021 14:23:18 -0400 Subject: [PATCH 16/23] Update inspect.yml --- inspect.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/inspect.yml b/inspect.yml index 12b969c..a06b829 100644 --- a/inspect.yml +++ b/inspect.yml @@ -16,9 +16,6 @@ finding-modifications: - 97 type: - vuln - severity: - - moderate - - critical tags: - key: cvss_score value: 3 From c1fd3b7376aedcde42ff7785236ca917cbdf0d2c Mon Sep 17 00:00:00 2001 From: Curtis Yanko Date: Wed, 31 Mar 2021 14:26:05 -0400 Subject: [PATCH 17/23] Update inspect.yml --- inspect.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/inspect.yml b/inspect.yml index a06b829..c52e753 100644 --- a/inspect.yml +++ b/inspect.yml @@ -12,10 +12,6 @@ finding-modifications: filter: category: - Sensitive Data Leak - id: - - 97 - type: - - vuln tags: - key: cvss_score value: 3 From 1e92027d65f9a54c9a3ae76205842d9ba1ec88b9 Mon Sep 17 00:00:00 2001 From: Curtis Yanko Date: Wed, 31 Mar 2021 14:32:18 -0400 Subject: [PATCH 18/23] Update inspect.yml --- inspect.yml | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/inspect.yml b/inspect.yml index c52e753..9395cca 100644 --- a/inspect.yml +++ b/inspect.yml @@ -3,18 +3,5 @@ inspect: language: JAVA name: tarpit-java policy: 639070ed-7aad-4e53-bd5c-b97190308dc2/first_policy:latest - modify-findings: - - my_modification_rule - default: policy: io.shiftleft/default -finding-modifications: - my_modification_rule: - filter: - category: - - Sensitive Data Leak - tags: - - key: cvss_score - value: 3 - - key: severity - value: info - From fa29ba28a07ce6ba64c197e32f806ed7d60a4f20 Mon Sep 17 00:00:00 2001 From: Curtis Yanko Date: Wed, 31 Mar 2021 14:38:07 -0400 Subject: [PATCH 19/23] Update config.yml --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index abf3481..4153b21 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -36,7 +36,7 @@ jobs: mvn clean package curl https://www.shiftleft.io/download/sl-latest-linux-x64.tar.gz > /tmp/sl.tar.gz && sudo tar -C /usr/local/bin -xzf /tmp/sl.tar.gz sl check-environment --jvm - sl analyze --wait --tag branch=$CIRCLE_BRANCH --policy 639070ed-7aad-4e53-bd5c-b97190308dc2/first_policy:latest --sca --cpg --app tarpit-java-circle /home/circleci/repo/target/tarpit-java.war + sl analyze --wait --tag branch=$CIRCLE_BRANCH --sca --cpg --app tarpit-java-circle /home/circleci/repo/target/tarpit-java.war sl_build_rules: docker: From aef3d12eb7fa7d3fdcc9e22f9f5ebde3e853a809 Mon Sep 17 00:00:00 2001 From: Curtis Yanko Date: Wed, 31 Mar 2021 14:46:40 -0400 Subject: [PATCH 20/23] Update inspect.yml --- inspect.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/inspect.yml b/inspect.yml index 9395cca..ca84f10 100644 --- a/inspect.yml +++ b/inspect.yml @@ -1,7 +1,5 @@ inspect: - app: language: JAVA - name: tarpit-java - policy: 639070ed-7aad-4e53-bd5c-b97190308dc2/first_policy:latest - - default: - policy: io.shiftleft/default + name: tarpit-java-circle + From 9a54f97b90ae25c5214bafffcfa39565d4255319 Mon Sep 17 00:00:00 2001 From: Curtis Yanko Date: Wed, 31 Mar 2021 14:59:03 -0400 Subject: [PATCH 21/23] Update inspect.yml --- inspect.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/inspect.yml b/inspect.yml index ca84f10..e3ae6ae 100644 --- a/inspect.yml +++ b/inspect.yml @@ -2,4 +2,5 @@ inspect: - app: language: JAVA name: tarpit-java-circle + policy: 639070ed-7aad-4e53-bd5c-b97190308dc2/first_policy:latest From bbe264638ae1d45bd97a502cb80897995396583f Mon Sep 17 00:00:00 2001 From: Curtis Yanko Date: Wed, 31 Mar 2021 15:11:48 -0400 Subject: [PATCH 22/23] Update config.yml --- .circleci/config.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index 4153b21..c8ebb62 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -37,6 +37,7 @@ jobs: curl https://www.shiftleft.io/download/sl-latest-linux-x64.tar.gz > /tmp/sl.tar.gz && sudo tar -C /usr/local/bin -xzf /tmp/sl.tar.gz sl check-environment --jvm sl analyze --wait --tag branch=$CIRCLE_BRANCH --sca --cpg --app tarpit-java-circle /home/circleci/repo/target/tarpit-java.war + sl modify-findings --app tarpit-java-circle sl_build_rules: docker: From 612195bfd38e4ad08ea4c8f78f3b6593d5e90582 Mon Sep 17 00:00:00 2001 From: Curtis Yanko Date: Wed, 31 Mar 2021 15:25:32 -0400 Subject: [PATCH 23/23] Update inspect.yml --- inspect.yml | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/inspect.yml b/inspect.yml index e3ae6ae..63116b9 100644 --- a/inspect.yml +++ b/inspect.yml @@ -1,6 +1,19 @@ inspect: - - app: - language: JAVA - name: tarpit-java-circle - policy: 639070ed-7aad-4e53-bd5c-b97190308dc2/first_policy:latest - +- app: + language: JAVA + name: tarpit-java-circle + policy: 639070ed-7aad-4e53-bd5c-b97190308dc2/first_policy:latest + modify-findings: + - sdl_to_info +finding-modifications: + sdl_to_info: + filter: + category: + - Sensitive Data Leak + tags: + - key: cvss_score + value: 3 + - key: severity + value: info + - key: reason + value: appsec_approved