struct Issue::Linker::ShiftLeftIssue

Overview

We get our data like this: { "id": "2759", "app": "brokencrystals", "type": "vuln", "title": "XML External Entities: Attacker-controlled Data Parsed as XML via xml in app.controller.ts:xml", "description": "Attacker-controlled data is parsed as XML.", "internal_id": "xxe-injection-attacker/f6b5560d469f42a5750972b4fd8a7f93/69247c3b2bc226d3953c196a67a6fe94cfb590f6f843d5a2a686f3afa2c7dbb5", "severity": "critical", "owasp_category": "a4-xxe", "category": "XML External Entities", "version_first_seen": "10214a2198b82e82c2b36a14ee80fc1b5c3d6d9ca00ed705fb9e90658b733c99", "scan_first_seen": "4", "created_at": "2024-01-18T15:59:48.351355Z", "details": { "Link": "https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A4-XML_External_Entities_(XXE)", "name": "xxe-injection-attacker", "tags": "", "ml_assisted": "false", "sink_method": "^libxmljs^.parseXml", "source_method": "src/app.controller.ts::program:xml", "file_locations": [ "src/app.controller.ts:103", "src/app.controller.ts:104" ] }, "tags": [ { "key": "category", "value": "XML External Entities" }, { "key": "cvss_31_severity_rating", "value": "critical" }, { "key": "cvss_score", "value": "9" }, { "key": "cwe_category", "value": "611" }, { "key": "cwe_category", "value": "91" }, { "key": "language", "value": "javascript" }, { "key": "ml_assisted", "value": "false" }, { "key": "owasp_2021_category", "value": "a05-security-misconfiguration" }, { "key": "owasp_category", "value": "a05-2021-security-misconfiguration" }, { "key": "owasp_category", "value": "a4-xxe" }, { "key": "severity", "value": "critical" }, { "key": "sink_method", "value": "^libxmljs^.parseXml" }, { "key": "source_method", "value": "src/app.controller.ts::program:xml" } ], "related_findings": {}, "risk_score": 2.05 }

Included Modules

Defined in:

vendors/shiftleft/shiftleft_issue.cr

Constructors

Instance Method Summary

Constructor Detail

def self.new(pull : JSON::PullParser) #

[View source]

Instance Method Detail

def app : String #

[View source]
def cwe : Array(String) #

[View source]
def description : String #

[View source]
def details : Details #

[View source]
def id : String #

[View source]
def internal_id : String #

[View source]
def severity : String #

[View source]
def tags : Array(Tag) #

[View source]
def title : String #

[View source]
def type : String #

[View source]