From 3ff2f1eb4597e45dbcd9e2e27a562ea8b7eb0423 Mon Sep 17 00:00:00 2001 From: Gaston Yelmini Date: Tue, 13 Jun 2023 10:43:56 -0300 Subject: [PATCH 1/6] INT-6664: ingest GitLab vulnerability findings --- docs/jupiterone.md | 1 + src/constants.ts | 6 + src/converters/index.ts | 90 + src/provider/GitlabClient.ts | 14 + src/provider/types.ts | 64 + .../recording.har | 1450 +++++++++++++++++ src/steps/findings.test.ts | 37 + src/steps/findings.ts | 44 + src/steps/index.ts | 2 + 9 files changed, 1708 insertions(+) create mode 100644 src/steps/__recordings__/fetch-vulnerability-findings_3065310133/recording.har create mode 100644 src/steps/findings.test.ts create mode 100644 src/steps/findings.ts diff --git a/docs/jupiterone.md b/docs/jupiterone.md index 041659e..0a76e05 100644 --- a/docs/jupiterone.md +++ b/docs/jupiterone.md @@ -84,6 +84,7 @@ The following entities are created: | ------------- | ---------------------- | --------------------- | | Account | `gitlab_account` | `Account` | | Commit | `gitlab_commit` | `CodeCommit` | +| Finding | `gitlab_finding` | `Finding` | | Group | `gitlab_group` | `Group` | | Merge Request | `gitlab_merge_request` | `CodeReview`, `PR` | | Project | `gitlab_project` | `CodeRepo`, `Project` | diff --git a/src/constants.ts b/src/constants.ts index d66bd63..a890b39 100644 --- a/src/constants.ts +++ b/src/constants.ts @@ -7,6 +7,7 @@ export const Steps = { PROJECTS: 'fetch-projects', MERGE_REQUESTS: 'fetch-merge-requests', COMMITS: 'fetch-mr-commits', + FINDINGS: 'fetch-vulnerability-findings', BUILD_ACCOUNT_HAS_PROJECT: 'build-account-project-relationships', BUILD_ACCOUNT_HAS_GROUP: 'build-account-group-relationships', BUILD_PROJECT_HAS_USER: 'build-project-user-relationships', @@ -34,6 +35,11 @@ export const Entities = { _type: 'gitlab_group', _class: 'Group', }, + FINDING: { + resourceName: 'Finding', + _type: 'gitlab_finding', + _class: ['Finding'], + }, MERGE_REQUEST: { resourceName: 'Merge Request', _type: 'gitlab_merge_request', diff --git a/src/converters/index.ts b/src/converters/index.ts index 86e9dda..48f2fc0 100644 --- a/src/converters/index.ts +++ b/src/converters/index.ts @@ -11,6 +11,7 @@ import { GitLabMergeRequestApproval, GitLabProject, GitLabUser, + GitLabFinding, } from '../provider/types'; import { getCommitWebLinkFromMergeRequest } from '../util/mergeRequest'; @@ -204,3 +205,92 @@ const COMMIT_ID_PREFIX = 'gitlab-commit'; export function createCommitIdentifier(id: number): string { return `${COMMIT_ID_PREFIX}:${id}`; } + +export function createVulnerabilityFindingEntity( + finding: GitLabFinding, +): Entity { + const key = createFindingIdentifier(finding.id); + + // For more Finding data model class required fields please visit: https://github.com/JupiterOne/data-model/blob/main/src/schemas/Finding.json. + return createIntegrationEntity({ + entityData: { + source: finding, + assign: { + _key: key, + _type: Entities.FINDING._type, + _class: Entities.FINDING._class, + // START: finding data model required fields + category: finding?.report_type, + severity: finding?.severity, + numericSeverity: getNumericSeverity(finding?.severity), + open: finding.state?.toLocaleLowerCase() === 'detected', + // END: finding data model required fields + id: String(finding.id), + reportType: finding.report_type, + name: finding.name, + confidence: finding.confidence, + 'scanner.externalId': finding.scanner?.external_id, + 'scanner.name': finding.scanner?.name, + 'scanner.vendor': finding.scanner?.vendor, + identifiers: finding.identifiers?.map( + (identifier) => identifier.external_id, + ), + projectFingerprint: finding.project_fingerprint, + uuid: finding.uuid, + createJiraIssueUrl: finding.create_jira_issue_url, + falsePositive: finding.false_positive, + createVulnerabilityFeedbackIssuePath: + finding.create_vulnerability_feedback_issue_path, + createVulnerabilityFeedbackMergeRequestPath: + finding.create_vulnerability_feedback_merge_request_path, + createVulnerabilityFeedbackDismissalPath: + finding.create_vulnerability_feedback_dismissal_path, + 'project.id': finding.project?.id, + 'project.name': finding.project?.name, + 'project.fullPath': finding.project?.full_path, + 'project.fullName': finding.project?.full_name, + dismissalFeedback: finding.dismissal_feedback, + issueFeedback: finding.issue_feedback, + mergeRequestFeedback: finding.merge_request_feedback, + description: finding.description, + links: finding.links?.map((link) => link.url), + 'location.file': finding.location?.file, + 'location.startLine': finding.location?.start_line, + 'location.class': finding.location?.class, + 'location.method': finding.location?.method, + 'location.hostname': finding.location?.hostname, + solution: finding.solution, + evidence: finding.evidence, + state: finding.state, + blobPath: finding.blob_path, + 'scan.type': finding.scan?.type, + 'scan.status': finding.scan?.status, + 'scan.startTime': parseTimePropertyValue(finding.scan?.start_time), + 'scan.endTime': parseTimePropertyValue(finding.scan?.end_time), + }, + }, + }); +} + +const FINDING_ID_PREFIX = 'gitlab-finding'; +export function createFindingIdentifier(id: number): string { + return `${FINDING_ID_PREFIX}:${id}`; +} + +export function getNumericSeverity(severity: string | undefined) { + if (!severity) { + return 0; + } else if (/critical/i.test(severity)) { + return 10; + } else if (/high/i.test(severity)) { + return 7; + } else if (/medium/i.test(severity)) { + return 5; + } else if (/low/i.test(severity)) { + return 2; + } else if (/info/i.test(severity)) { + return 1; + } else if (/unknown/i.test(severity)) { + return undefined; + } +} diff --git a/src/provider/GitlabClient.ts b/src/provider/GitlabClient.ts index 8fb27d3..7a1e979 100644 --- a/src/provider/GitlabClient.ts +++ b/src/provider/GitlabClient.ts @@ -11,6 +11,7 @@ import { } from '@jupiterone/integration-sdk-core'; import { + GitLabFinding, GitLabGroup, GitLabMergeRequest, GitLabMergeRequestApproval, @@ -81,6 +82,19 @@ export class GitlabClient { return this.makePaginatedRequest(HttpMethod.GET, '/groups'); } + async iterateProjectVulnerabilities( + projectId: string, + iteratee: ResourceIteratee, + ): Promise { + return this.iterateResources( + `/projects/${projectId}/vulnerability_findings`, + iteratee, + { + params: { severity: ['medium', 'high', 'critical'] }, + }, + ); + } + async iterateOwnedProjects( iteratee: ResourceIteratee, ): Promise { diff --git a/src/provider/types.ts b/src/provider/types.ts index 6e09496..f0329cf 100644 --- a/src/provider/types.ts +++ b/src/provider/types.ts @@ -51,6 +51,70 @@ export interface GitLabGroup { file_template_project_id: number; } +export interface GitLabFinding { + id: number; + report_type?: string; + name?: string; + severity?: string; + confidence?: string; + scanner?: { + external_id?: string; + name?: string; + vendor?: string; + }; + identifiers?: [ + { + external_type: string; + external_id: string; + name: string; + url: string; + }, + ]; + project_fingerprint?: string; + uuid?: string; + create_jira_issue_url?: string; + false_positive?: boolean; + create_vulnerability_feedback_issue_path?: string; + create_vulnerability_feedback_merge_request_path?: string; + create_vulnerability_feedback_dismissal_path?: string; + project?: { + id?: number; + name?: string; + full_path?: string; + full_name?: string; + }; + dismissal_feedback?: string; + issue_feedback?: string; + merge_request_feedback?: string; + description?: null; + links?: [{ url: string }]; + location?: { + file?: string; + start_line?: number; + class?: string; + method?: string; + hostname?: string; + }; + solution?: string; + evidence?: string; + details?: { + urls: { name?: string; type?: string }; + discovered_at?: { + name?: string; + type?: string; + value?: string; + }; + }; + state?: string; + scan?: { + type?: string; + status?: string; + start_time?: string; + end_time?: string; + }; + blob_path?: string; +} + export type GitLabProject = Opaque; export type GitLabMergeRequest = Opaque; diff --git a/src/steps/__recordings__/fetch-vulnerability-findings_3065310133/recording.har b/src/steps/__recordings__/fetch-vulnerability-findings_3065310133/recording.har new file mode 100644 index 0000000..a7707b7 --- /dev/null +++ b/src/steps/__recordings__/fetch-vulnerability-findings_3065310133/recording.har @@ -0,0 +1,1450 @@ +{ + "log": { + "_recordingName": "fetch-vulnerability-findings", + "creator": { + "comment": "persister:JupiterOneIntegationFSPersister", + "name": "Polly.JS", + "version": "6.0.5" + }, + "entries": [ + { + "_id": "4c0c3c4f5586254e081147211bb205b6", + "_order": 0, + "cache": {}, + "request": { + "bodySize": 0, + "cookies": [], + "headers": [ + { + "_fromType": "array", + "name": "private-token", + "value": "glpat-QihpZ7LzBWRBP_EW-VSs" + }, + { + "_fromType": "array", + "name": "accept", + "value": "*/*" + }, + { + "_fromType": "array", + "name": "user-agent", + "value": "node-fetch/1.0 (+https://github.com/bitinn/node-fetch)" + }, + { + "_fromType": "array", + "name": "accept-encoding", + "value": "gzip,deflate" + }, + { + "_fromType": "array", + "name": "connection", + "value": "close" + }, + { + "name": "host", + "value": "gitlab.com" + } + ], + "headersSize": 261, + "httpVersion": "HTTP/1.1", + "method": "GET", + "queryString": [ + { + "name": "page", + "value": "1" + }, + { + "name": "per_page", + "value": "100" + } + ], + "url": "https://gitlab.com/api/v4/groups?page=1&per_page=100" + }, + "response": { + "bodySize": 532, + "content": { + "encoding": "base64", + "mimeType": "application/json", + "size": 532, + "text": "[\"H4sIAAAAAAAAA4WSQY8TMQyF/wryOd12StlWOe+JCxdOIGR5Ek/H2zQJiTMVQvx31Bm67KpCHOP4vfh7ztefIB5s1z3uusPj3sCFe2wlgIVRNVe7Xh9FA/UPLp3Xx5JaruvnlkW5pMgrzxMYiHRmsPBxqX+K/O6JJw4pnzkqGMikI1i403murkhWSREsgIFJqvQSRH+AhVxkImUwUEcqjBfREecRMCR3AjtQqGyg8PcmhVEvCQdymgpS05GjiqPF+0/nq45jIceYuUjyYHcHA7mkZ3aKrvCswnBlAAt+YeECBqhpQs9TyhU5Uh/Yg40tBAO19ctwdwZnkqgkcXbgM0mo6KW+UV+TkhTvL8Lw6iUtja+xDdSCYl8ouhFzScpuAd0aoImUyrLExeIaEFdFco7rndvQQsD/bXBu+tcaZ2D2SAoWtpttt9rsVpv95+17+6Gzm93Dodt/mb9B4agof9k8ZXTxzXEZ8iUWKif2OKSCngPPsaYXwUVOcqO6hX2j+/XtN2oGyrvcAgAA\"]" + }, + "cookies": [ + { + "domain": ".gitlab.com", + "httpOnly": true, + "name": "_cfuvid", + "path": "/", + "sameSite": "None", + "secure": true, + "value": "[REDACTED]" + } + ], + "headers": [ + { + "name": "date", + "value": "Tue, 13 Jun 2023 13:41:18 GMT" + }, + { + "name": "content-type", + "value": "application/json" + }, + { + "name": "transfer-encoding", + "value": "chunked" + }, + { + "name": "connection", + "value": "close" + }, + { + "name": "cache-control", + "value": "max-age=0, private, must-revalidate" + }, + { + "name": "content-security-policy", + "value": "default-src 'none'" + }, + { + "name": "etag", + "value": "W/\"5ee1ad37a693c63914691c33ae743593\"" + }, + { + "name": "link", + "value": "; rel=\"first\", ; rel=\"last\"" + }, + { + "name": "vary", + "value": "Origin, Accept-Encoding" + }, + { + "name": "x-content-type-options", + "value": "nosniff" + }, + { + "name": "x-frame-options", + "value": "SAMEORIGIN" + }, + { + "name": "x-gitlab-meta", + "value": "{\"correlation_id\":\"719344c2efefd3f0e7fb9e683025b404\",\"version\":\"1\"}" + }, + { + "name": "x-next-page", + "value": "" + }, + { + "name": "x-page", + "value": "1" + }, + { + "name": "x-per-page", + "value": "100" + }, + { + "name": "x-prev-page", + "value": "" + }, + { + "name": "x-request-id", + "value": "719344c2efefd3f0e7fb9e683025b404" + }, + { + "name": "x-runtime", + "value": "0.077100" + }, + { + "name": "x-total", + "value": "1" + }, + { + "name": "x-total-pages", + "value": "1" + }, + { + "name": "strict-transport-security", + "value": "max-age=31536000" + }, + { + "name": "referrer-policy", + "value": "strict-origin-when-cross-origin" + }, + { + "name": "ratelimit-observed", + "value": "4" + }, + { + "name": "ratelimit-remaining", + "value": "1996" + }, + { + "name": "ratelimit-reset", + "value": "1686663738" + }, + { + "name": "ratelimit-resettime", + "value": "Tue, 13 Jun 2023 13:42:18 GMT" + }, + { + "name": "ratelimit-limit", + "value": "2000" + }, + { + "name": "gitlab-lb", + "value": "fe-16-lb-gprd" + }, + { + "name": "gitlab-sv", + "value": "localhost" + }, + { + "name": "cf-cache-status", + "value": "MISS" + }, + { + "name": "report-to", + "value": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=rrjU3%2Bq2x3CwjlpcZjDZv2aQfHUHsouS84uN1CXgHLKeVyUcOy3yekH3ysi8ePCEhCM5c7lk5%2B3cTnWJs3kS0I7NmTxlNwMunS0v8QUuZl1xaf%2BTDe5mZJ2u5nM%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}" + }, + { + "name": "nel", + "value": "{\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}" + }, + { + "_fromType": "array", + "name": "set-cookie", + "value": "[REDACTED]" + }, + { + "name": "server", + "value": "cloudflare" + }, + { + "name": "cf-ray", + "value": "7d6ac017af820901-EZE" + }, + { + "name": "content-encoding", + "value": "gzip" + } + ], + "headersSize": 1764, + "httpVersion": "HTTP/1.1", + "redirectURL": "", + "status": 200, + "statusText": "OK" + }, + "startedDateTime": "2023-06-13T13:41:18.518Z", + "time": 386, + "timings": { + "blocked": -1, + "connect": -1, + "dns": -1, + "receive": 0, + "send": 0, + "ssl": -1, + "wait": 386 + } + }, + { + "_id": "b85c9079f59028069f1522292327d4f0", + "_order": 0, + "cache": {}, + "request": { + "bodySize": 0, + "cookies": [], + "headers": [ + { + "_fromType": "array", + "name": "private-token", + "value": "glpat-QihpZ7LzBWRBP_EW-VSs" + }, + { + "_fromType": "array", + "name": "accept", + "value": "*/*" + }, + { + "_fromType": "array", + "name": "user-agent", + "value": "node-fetch/1.0 (+https://github.com/bitinn/node-fetch)" + }, + { + "_fromType": "array", + "name": "accept-encoding", + "value": "gzip,deflate" + }, + { + "_fromType": "array", + "name": "connection", + "value": "close" + }, + { + "name": "host", + "value": "gitlab.com" + } + ], + "headersSize": 279, + "httpVersion": "HTTP/1.1", + "method": "GET", + "queryString": [ + { + "name": "page", + "value": "1" + }, + { + "name": "per_page", + "value": "100" + } + ], + "url": "https://gitlab.com/api/v4/groups/11641867/projects?page=1&per_page=100" + }, + "response": { + "bodySize": 2903, + "content": { + "encoding": "base64", + "mimeType": "application/json", + "size": 2903, + "text": "[\"H4sIAAAAAAAAA+2aW2/sthGA/8qCj632Iu3NFhAgRnOQoEkR4NRN28QBwaVGWnopkiYp2Zvi/PeCoqSVtRd7bfelZ99skTMk58bhZ//2H8QSFM8Wy+toNpsGKAFDNVOWSYFiUXAeIEFyQDH6nhgrxeCXggvQZMU4swzM4BaMRX4SfmR2jd1PRhHqZP5aKGZB/yxg8B2UwKXKQdjBeHBamSJ2jWKUVZOG5fNJQ7ubtL/ivV9RChgmUI5Pq6AaiIUEE4tiFE2i6XCyGIbRbTiLZ9fxbDKKrha/ImeUlBTc4pUmgrqd5YQJFCBLMsyZsSj+7fcAWakYNf5nY9a40BxbiTUo6Q7D7LcZs5ysRlTm8ev3OcqY2+vaWtVT6T6ZeDzeqR2frfYRVk7re7WhAGkgSQ4foWw8HK+4XI2dlcefP91897dPozxBAUql3hhMZSEsiicBIiWxRPslfawa9/tuAifGYkItK5ndvujmThz5tAjDxSy8WizbHDgcz7uIfX5GFKANE4lzvpaFcgcoOMfH5iqiQVjsFvaH2T/eSW9Vi5iendGXAFEpLGECNNaQMWP1FrOcZICVhpQ9oRg130dvdT7mTGyMs5sBnh7eH1FsXM7GSst7oNaMm6KDAsSMKcCcJzauhQKUg84Aa3gowNhztfSEXRwrWWf62VtysoZZqbfjVoOLwhXwc1XVQgGCEsTZp6qFnG3yFejzjeKlAkR5YSxoTLI37KIn/MXFON2QDAwGQVYcEhRbXUCAIFd2W9e1lHADASKarlnpptQfSmZYFXdbFCOlWUksVP4ykpeAZWGTqponLE1xwgwtjGFSmFbBLg/gSTFN3CWHleSMbl3kUpKAqC6R0BWbdoe19AZAYYHicBIgyRPQ2K6JQDG6niTNBaghA5dPoz89+4KdbHudwpPFuhC9cjTdlaNpuPzVGcsHeN9UzwO2P/rINqz/7V6u9uYZwZSCffkDtaIvCbpkFHACZnNyjCSJBuNiplJK7bCOkD8/Ly3DE6Vl2MTSsDLG8FsmqMyZyDqVykUpEdhf5viZeTATzdZqYxJKwRjMXfVGcetkn/Y+dY/P6Zn+6Dx3TzGRHZ9Qeeno6KpgPDmhvvXd0RmqyrHe8C5liCB8axk9oeFAHBzfD9BCVxesSDCVueKMCArH19fAgZhT3gBRMi2Fu11P2RmILTTglJPsxDQmUk2M1QWtZh93rxQuAE7sKieMG1db6qivm4410ZC4nBag9zKKp/tJ5kJV6uqqX0ZX02V4HSCWK6lt97avv9itgt4nY4ktXGYJKZxBpQKB6wjfdT+dXh6vbe7OggJUqORw0zuPo2k8jUZX4cR1Q5Thpu/NmMUJKNe2RJNqJJX6kejEfeVy69y0d0aG7+UKW7kBgQ2VCnC/olKGDSiiq+1Q4u/bVppwLh/dQhusmALOBJiq+S0EZgLX3VJdUhq5KnWq/Rrr9GburkjB0jWqKzgnrq5goi1LyU5Qg7GaUYsLA9odnAlIcEk0c3ve3SGNk6tzuVfR53A6u7qehWmoxL/mD/O/qD/yH27MP+k2clb082szdK4dJizokrS+rpq3YyFECisxdTnFsQKRuNrS2mS/dGDLcpCFRfF0MZnU4gmUUpk9H3THvDO7lnNVgIlCFsYHBJUiZVnTwbpCU6w4o87TrevqbKheZr4l9U8iKfi2dqqvoyxtD4FNQSlAsrNzd6IU2GxcyUtagcZsTZ2vU7Znt0NLEs67zQEm2lX0qoXYWUVDLkvARhaaQt0MYpK6XqZS1CygNHMGynq3jmuGD1/bOdi1dC8CryZA5qEgZo1l/eJun5o=\",\"Mk2rMphKtwNS2DWma6Ab46xRKC5JsrN4kWVgqrCiMs+ZxTkYQ7LWSn7tesxCrlwStNXL7+DIaFVUGgv0B13wUC6NO3kK2nVPCW56+Tp0ldKyJNzgFaRSQ2O/SYByprXUrc3hyYIWhFeHlZr94ROFcmIMSxn1v1ZtsY+9nOgNJK5C4AQ4VMOuqNVnPjC6YxrOU0yDv196nno2dvalt9dPtSOpJjk8uiesT4i6XveN2msyDg/vKmI/of241YSJ/cFjCeHvkybCFDGmWyKq+W2qWs2yzDX1lWehcwXUEl8C/3qO5stofn0d9aAS+gmIFoO1fBxYOSgMDL5n9ieycr+ZQrn7bbCVhR4YmdpHomGQdNARZykM6JZyGKH2We41ejXns6iedF3cuPs69F3ma2lTT6aPl8LhZDacLG+jaTwP43AxisLwCF5yz6YPBUzdrb2HKB3Qcw5C6lnoTGbUld5BImerV2OiQ6vU5XQ8HJutsZA3L9mxFxw3gTy+0XYliU5G9ypDr4RNx5x+gU2jV4fJW+hS47Qz6VLr63fRpVbLR9ClVtn76VKr6k10qZV+G13qGOU9dKlVc6FLr6FLvv5cdepPNP+q6FK3lgyb4LngpAtO+r/ESVeLaD5fXL2Ik5AP+Jaf7KOllAlm1tVGD+ClMDrIl+6KyWRK1SAhlgz981lJ880dCuNwGMbL6A4NEqa/uavejnd+PnzUi8CvPlZe62HWNRtG89sKdMXRdLRYTI+zrvmFdR1mXU+Lf8xm67/flA8/3iewvJGhZRfWdWFdF9Z1YV1fNesK+6xrx6iqv2a6Cn4+oOqK1uWo/+lFNNUVeIFLzUezxeu5FFJbu5bCcyDUpVR7I+cyq3bP7wFWfSXn0Kqu0c5EVa3oGznVuf/ONLm+DcN4HsXz5ehqfiFMLxGmrmvfgZfCt+Gl8EPwUviReCn8OLwUvgsvhe/DS+HH4KXwgpfegpfmo9nV7KvCS20hadhSeGFLF7b0VbOl/+2/Kh3odC745ix882Bvbs2nzz+srv8twvLBrn/85emCby745oJvLvjmK8M3v/8XWNVZtwE3AAA=\"]" + }, + "cookies": [ + { + "domain": ".gitlab.com", + "httpOnly": true, + "name": "_cfuvid", + "path": "/", + "sameSite": "None", + "secure": true, + "value": "[REDACTED]" + } + ], + "headers": [ + { + "name": "date", + "value": "Tue, 13 Jun 2023 13:41:19 GMT" + }, + { + "name": "content-type", + "value": "application/json" + }, + { + "name": "transfer-encoding", + "value": "chunked" + }, + { + "name": "connection", + "value": "close" + }, + { + "name": "cache-control", + "value": "max-age=0, private, must-revalidate" + }, + { + "name": "content-security-policy", + "value": "default-src 'none'" + }, + { + "name": "etag", + "value": "W/\"1d1d2fab81ac583c9e148936a313d361\"" + }, + { + "name": "link", + "value": "; rel=\"first\", ; rel=\"last\"" + }, + { + "name": "vary", + "value": "Origin, Accept-Encoding" + }, + { + "name": "x-content-type-options", + "value": "nosniff" + }, + { + "name": "x-frame-options", + "value": "SAMEORIGIN" + }, + { + "name": "x-gitlab-meta", + "value": "{\"correlation_id\":\"7a122129c209f3a38ddbaa7baaefb500\",\"version\":\"1\"}" + }, + { + "name": "x-next-page", + "value": "" + }, + { + "name": "x-page", + "value": "1" + }, + { + "name": "x-per-page", + "value": "100" + }, + { + "name": "x-prev-page", + "value": "" + }, + { + "name": "x-request-id", + "value": "7a122129c209f3a38ddbaa7baaefb500" + }, + { + "name": "x-runtime", + "value": "0.187912" + }, + { + "name": "x-total", + "value": "3" + }, + { + "name": "x-total-pages", + "value": "1" + }, + { + "name": "strict-transport-security", + "value": "max-age=31536000" + }, + { + "name": "referrer-policy", + "value": "strict-origin-when-cross-origin" + }, + { + "name": "ratelimit-observed", + "value": "5" + }, + { + "name": "ratelimit-remaining", + "value": "1995" + }, + { + "name": "ratelimit-reset", + "value": "1686663739" + }, + { + "name": "ratelimit-resettime", + "value": "Tue, 13 Jun 2023 13:42:19 GMT" + }, + { + "name": "ratelimit-limit", + "value": "2000" + }, + { + "name": "gitlab-lb", + "value": "fe-32-lb-gprd" + }, + { + "name": "gitlab-sv", + "value": "localhost" + }, + { + "name": "cf-cache-status", + "value": "MISS" + }, + { + "name": "report-to", + "value": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=auCSl4eYUb%2F%2BhYQK%2Bs3aHP%2FshvJZBhIoMwJz%2BkrTNV0jeSLHaaIzx%2FhFw2Qf2Ke4GkHJLZPmGomeMtqiIi7oPfnV9DwAVqTSrG4v1d3t2FSiMJuqEhQVOdJE7Lc%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}" + }, + { + "name": "nel", + "value": "{\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}" + }, + { + "_fromType": "array", + "name": "set-cookie", + "value": "[REDACTED]" + }, + { + "name": "server", + "value": "cloudflare" + }, + { + "name": "cf-ray", + "value": "7d6ac01a18a808e5-EZE" + }, + { + "name": "content-encoding", + "value": "gzip" + } + ], + "headersSize": 2182, + "httpVersion": "HTTP/1.1", + "redirectURL": "", + "status": 200, + "statusText": "OK" + }, + "startedDateTime": "2023-06-13T13:41:18.921Z", + "time": 522, + "timings": { + "blocked": -1, + "connect": -1, + "dns": -1, + "receive": 0, + "send": 0, + "ssl": -1, + "wait": 522 + } + }, + { + "_id": "2db93305f2de0ff04a790468e167ceb4", + "_order": 0, + "cache": {}, + "request": { + "bodySize": 0, + "cookies": [], + "headers": [ + { + "_fromType": "array", + "name": "private-token", + "value": "glpat-QihpZ7LzBWRBP_EW-VSs" + }, + { + "_fromType": "array", + "name": "accept", + "value": "*/*" + }, + { + "_fromType": "array", + "name": "user-agent", + "value": "node-fetch/1.0 (+https://github.com/bitinn/node-fetch)" + }, + { + "_fromType": "array", + "name": "accept-encoding", + "value": "gzip,deflate" + }, + { + "_fromType": "array", + "name": "connection", + "value": "close" + }, + { + "name": "host", + "value": "gitlab.com" + } + ], + "headersSize": 274, + "httpVersion": "HTTP/1.1", + "method": "GET", + "queryString": [ + { + "name": "owned", + "value": "true" + }, + { + "name": "page", + "value": "1" + }, + { + "name": "per_page", + "value": "100" + } + ], + "url": "https://gitlab.com/api/v4/projects?owned=true&page=1&per_page=100" + }, + "response": { + "bodySize": 2958, + "content": { + "encoding": "base64", + "mimeType": "application/json", + "size": 2958, + "text": "[\"H4sIAAAAAAAAA+2a62/rthXA/xWDHzf5IfkZAQUarBct1g4F7rJua1MQNHUkM6ZIhqScuBf53weKkqzIj8RJ+mXX3xKR55A8Lx7+kt++IJageDKbX0WTyThACRiqmbJMChSLgvMACZIDitH3xFgper8UXIAmS8aZZWB6N2As8pPwA7Mr7H4yilAn8/dCMQv6ZwG972ADXKochO0Ne6eVKWJXKEZZOam/eT6pb3eT9le88ytKAf0ENsPTKqgGYiHBxKIYRaNo3B/N+mF0E07iyVU8GQ2ixexX5IySkoJbvNREULeznDCBAmRJhjkzFsW//R4gKxWjxv9szAoXmmMrsQYl3WGY/TZjlpPlgMo8fv0+Bxlze11Zqzoq3ScTD4c7tcOz1T7A0ml9rzYUIA0kyeEjlA37wyWXy6Gz8vDzp+vv/vFpkCcoQKnUa4OpLIRF8ShAZEMs0X5JH6vG/b6bwImxmFDLNsxuX3RzK458WoThbBIuZvMmBw7H8y5in58RBWjNROKcr2Wh3AEKzvGxuYpoEBa7hf1h9o930lvlIqZjZ/QUICqFJUyAxhoyZqzeYpaTDLDSkLJHFKP6++CtzsecibVxdjPA08P7I4oNN5Oh0vIOqDXDuuigADFjCjDniQ0roQDloDPAGu4LMPZcLR1hF8dKVpl+9pacrGFW6u2w0eCicAn8XFWVUIBgA+LsU1VCzjb5EvT5RvFSAaK8MBY0JtkbdtERfnIxTtckA4NBkCWHBMVWFxAgyJU=\",\"3VZ1LSXcQICIpiu2cVOqDxtmWBl3WxQjpdmGWCj9ZSTfAJaFTcpqnrA0xQkztDCGSWEaBbs8gEfFNHGXHFaSM7p1kUtJAqK8REJXbJodVtJrAIUFisNRgCRPQGO7IgLF6GqU1BeghgxcPg3+8uwLdrLNdQqPFutCdMrReFeOxuH8V2csH+BdUz0P2O7oA1uz7rc7udybZwRTCvblD9SKriToDaOAEzDrk2MkSTQYFzOlUmr7VYT89Xlp6Z8oLf06lvqlMfrfMkFlzkTWqlQuSonA/jLHz8yDmai3VhmTUArGYO6qN4obJ/u096l7fE7H9EfnuXuKiez4hNJLR0eXBePJCfWN747OUGWOdYZ3KUME4VvL6AkNB+Lg+H6AFrq8YEWCqcwVZ0RQOL6+Bg7EnPIGiA3TUrjb9ZSdgdhCA045yU5MYyLVxFhd0HL2cfdK4QLgxK5ywrhxtaWK+qrpWBENictpAXovo3i6n2QuVKUur/p5tBjPw6sAsVxJbdu3ffXFbhV0PhlLbOEyS0jhDCoVCFxF+K77afXyeGVzdxYUoEIlh5veaRyN43E0WIQj1w1Rhuu+N2MWJ6Bc2xKNypFU6geiE/eVy61z094ZGb6TS2zlGgQ2VCrA3YpKGTagiC63Q4m/bxtpwrl8cAutsWIKOBNgyua3EJgJXHVLVUmp5crUKfdrrNObubsiBUtXqKrgnLi6gom2LCU7QQ3GakYtLgxod3AmIMEbopnb8+4OqZ1cnsu9ij6H48niahKmoRL/md5P/6b+yH+4Nv+m28hZ0c+vzNC6dpiwoDek8XXZvB0LIVJYianLKY4ViMTVlsYm+6UDW5aDLCyKx7PRqBJPYCOV2fNBe8w7s205VwWYKGRhfEBQKVKW1R2sKzTFkjPqPN24rsqG8mXmW1L/JJKCbyun+jrK0uYQ2BSUAiQ7O7cnSoHN2pW8pBGozVbX+SplO3Y7tCThvN0cYKJdRS9biJ1VNORyA9jIQlOomkFMUtfLlIrqBZRmzkBZ59ZxzfDhazsHu5LuReDVBMjcF8SssKxe3M1TU6ZpWQZT6XZACrvCdAV0bZw1CsUlSXYWL7IMTBlWVOY5szgHY0jWWMmvXY1ZyJVLgqZ6+R0cGS2LSm2B7qALHsqlcSdPQbvuKcF1L1+FrlJabgg3eAmp1FDbbxSgnGktdWNzeLSgBeHlYaVmf/hEoZwYw1JG/a9lW+xjLyd6DYmrEDgBDuWwK2rVmQ+M7piG8xTT4O+XjqeejZ196e31U81IqkkOD+4J6xOiqtddo3aajMPDu4rYTWg/bjVhYn/wWEL4+6SOMEWMaZeIcn6TqlazLHNNfelZaF0BjYQCnbO6+f6Cqhpd2fJ5xau/fUHPLT0dBUhI23K8/z5+enoK/Os8ms6j6dVV1IFW6CcgWvRW8qFnZa8w0Pue2Z/I0v1mCuXuz95WFrpnZGofiIZe0kJTnKXQo1vKYYCaZ7/X6NWcz7o60lXx5O5r33exr6VZHZkuvgr7o0l/NL+JxvE0jMPZIArDI/jKPcs+FGC1t/YeYnVAzzmIqmOhM5lUW3oHoZytXo2hDq1Slethf2i2xkJev5SHXnBYB/LwWtulJDoZ3KkMvRJmHXP6BWYNXh0mb6FXtdPOpFeNr99FrxotH0GvGmXvp1eNqjfRq0b6bfSqZZT30KtGzYVevYZe+fqzaNWfaPpV0at2LenXwXPBVRdc9X+JqxazaDqdLV7EVcgHfMNn9tFVygQzq3KjB/BVGB3kV7fFaDSmqpcQS/r+ea6k+eYWhXHYD+N5dIt6CdPf3JZv01s/Hz7qReBXHyqv9Q==\",\"MEub9KPpTQnS4mg8mM3Gx1na9MLSDrO0x9m/JpPVP6839z/eJTC/lqFlF5Z2YWkXlnZhaReW9ieytLDL0nYMrPxrrFv9fADWFq3KXffTi+irLfAC95oOJrPXcy+ktnYlhedMqE3B9kbOZWLNnt8DxLpKzqFhbaOdicIa0TdysHP/HWt0dROG8TSKp/PBYnohWC8RrLZr34Gvwrfhq/BD8FX4kfgq/Dh8Fb4LX4Xvw1fhx+Cr8IKv3oKvpoPJYvJV4aumkNTsKrywqwu7+qrZ1Z/7r1YHOp0LHjoLD93b6xvz6fMPy6v/inBzb1c//vJ4wUMXPHTBQxc8dMFDH4qHfv8fkRODNyE4AAA=\"]" + }, + "cookies": [ + { + "domain": ".gitlab.com", + "httpOnly": true, + "name": "_cfuvid", + "path": "/", + "sameSite": "None", + "secure": true, + "value": "[REDACTED]" + } + ], + "headers": [ + { + "name": "date", + "value": "Tue, 13 Jun 2023 13:41:20 GMT" + }, + { + "name": "content-type", + "value": "application/json" + }, + { + "name": "transfer-encoding", + "value": "chunked" + }, + { + "name": "connection", + "value": "close" + }, + { + "name": "cache-control", + "value": "max-age=0, private, must-revalidate" + }, + { + "name": "content-security-policy", + "value": "default-src 'none'" + }, + { + "name": "etag", + "value": "W/\"6b48283f18b55c0899e77523ea701d2e\"" + }, + { + "name": "link", + "value": "; rel=\"first\", ; rel=\"last\"" + }, + { + "name": "vary", + "value": "Origin, Accept-Encoding" + }, + { + "name": "x-content-type-options", + "value": "nosniff" + }, + { + "name": "x-frame-options", + "value": "SAMEORIGIN" + }, + { + "name": "x-gitlab-meta", + "value": "{\"correlation_id\":\"df94b61c25ee46470102e98858e458e2\",\"version\":\"1\"}" + }, + { + "name": "x-next-page", + "value": "" + }, + { + "name": "x-page", + "value": "1" + }, + { + "name": "x-per-page", + "value": "100" + }, + { + "name": "x-prev-page", + "value": "" + }, + { + "name": "x-request-id", + "value": "df94b61c25ee46470102e98858e458e2" + }, + { + "name": "x-runtime", + "value": "0.288138" + }, + { + "name": "x-total", + "value": "3" + }, + { + "name": "x-total-pages", + "value": "1" + }, + { + "name": "strict-transport-security", + "value": "max-age=31536000" + }, + { + "name": "referrer-policy", + "value": "strict-origin-when-cross-origin" + }, + { + "name": "ratelimit-observed", + "value": "6" + }, + { + "name": "ratelimit-remaining", + "value": "1994" + }, + { + "name": "ratelimit-reset", + "value": "1686663740" + }, + { + "name": "ratelimit-resettime", + "value": "Tue, 13 Jun 2023 13:42:20 GMT" + }, + { + "name": "ratelimit-limit", + "value": "2000" + }, + { + "name": "gitlab-lb", + "value": "fe-19-lb-gprd" + }, + { + "name": "gitlab-sv", + "value": "localhost" + }, + { + "name": "cf-cache-status", + "value": "MISS" + }, + { + "name": "report-to", + "value": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=nsIbqIlOCHV2HE6nAChve0A%2B13XSjCrWe8GD6PJqekugveUobk077Q%2ByOmJ3%2F3q6mX5z4tTv2D8Or%2BTdv7%2Bu%2FJF1rCPSrCfE1JHZ8O5PikS7dmwpIBpTSEzI0N8%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}" + }, + { + "name": "nel", + "value": "{\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}" + }, + { + "_fromType": "array", + "name": "set-cookie", + "value": "[REDACTED]" + }, + { + "name": "server", + "value": "cloudflare" + }, + { + "name": "cf-ray", + "value": "7d6ac01d6bf408b8-EZE" + }, + { + "name": "content-encoding", + "value": "gzip" + } + ], + "headersSize": 2144, + "httpVersion": "HTTP/1.1", + "redirectURL": "", + "status": 200, + "statusText": "OK" + }, + "startedDateTime": "2023-06-13T13:41:19.451Z", + "time": 682, + "timings": { + "blocked": -1, + "connect": -1, + "dns": -1, + "receive": 0, + "send": 0, + "ssl": -1, + "wait": 682 + } + }, + { + "_id": "e2531ffc5077c92b79f5a5ddb3a96d4d", + "_order": 0, + "cache": {}, + "request": { + "bodySize": 0, + "cookies": [], + "headers": [ + { + "_fromType": "array", + "name": "private-token", + "value": "glpat-QihpZ7LzBWRBP_EW-VSs" + }, + { + "_fromType": "array", + "name": "accept", + "value": "*/*" + }, + { + "_fromType": "array", + "name": "user-agent", + "value": "node-fetch/1.0 (+https://github.com/bitinn/node-fetch)" + }, + { + "_fromType": "array", + "name": "accept-encoding", + "value": "gzip,deflate" + }, + { + "_fromType": "array", + "name": "connection", + "value": "close" + }, + { + "name": "host", + "value": "gitlab.com" + } + ], + "headersSize": 329, + "httpVersion": "HTTP/1.1", + "method": "GET", + "queryString": [ + { + "name": "severity", + "value": "medium,high,critical" + }, + { + "name": "page", + "value": "1" + }, + { + "name": "per_page", + "value": "100" + } + ], + "url": "https://gitlab.com/api/v4/projects/46792443/vulnerability_findings?severity=medium%2Chigh%2Ccritical&page=1&per_page=100" + }, + "response": { + "bodySize": 3447, + "content": { + "encoding": "base64", + "mimeType": "application/json", + "size": 3447, + "text": "[\"H4sIAAAAAAAAA+1Z73LbNhJ/FQz7oclEFP/LEjP54HPcJG3a6Cq37qTOcEBiKSIhAR4ASnYznrmHuCe8J7lZkFRkJ05at9frtf5iScD+w2J3sfvzj28dzpx0lvjhbBEE8XziKGilMpm5aMFJHUa1cSaOoA3+OlotU3LKa1ZQxchjrqAwfAPOxNGwAcXNhZM6DTDeNc7EKaQoOQNRIGsn3gi5FUhaUCFAOelbB84NKEHrDI1wfqKtkucX79S9OD1cLclLYOTQGFq8IUvcJ/deHi7vOxNnA4JJ5aTOE26e09y5nDiozvCSg9JO+uOeguE4Lw+tiGxZd2sunjFncs2GwPeT5OccuFO1kzqVMa1OPW/NTdXl00I23nCK3Wdey9zbhn6wcP3ADWKPyUJ7gxP0tGHO5eR9Q49Oj9+zbbaI9iw7PXb7hauWFFuYNtwomEq19hg11GNQcsENl0J7s0U0rUxTO5evJk6r5GsoTFZysQbVKi6MvfJoQSOABGZ5nPssCpMkL6FcJDM/mC98WrK5f+AvUHVnDQvn5UEQ5oEbzoLCTZIkceksDN15zBZ+EMVlHpcYDwqogew1VzTjWneQWdNFV9cTp6S1hqyVmlsHp/b3jmfT1QIUzXnNzUVWArCcFm8GKS01lZM63uuu5QaUFOAy2Hhrqo0U7j4rB+0a0MZzvQ9LdD6lsQG1hkzBPzrQ5nfVzLhuuNa0/o21DkGA6YiXGc8OFmEcR7tAe2LFku+viiUnYAtD2dW3MWjkHHR82TO+EEAewwZq2TYgDPHIx5UrKHUfQ7/IGciGxeKdR3fuGIKxj6vrq1fv/vquNnh5RlGh+1xz0h9fjaJqLt4MC1el7G0w0IXiLfJifkth0AcrKDosrGQpa15ckHtHq+V9wjWhglDGgJGaXoAisiR6JDUVNaSCutXESMLAQGEIFYw03PA1NUAKUIZyQbDaaOSltsDqKXkmirpjXKzJvbwzREhDat5wA4wYeZ8cKak1WXEDZNVbi5Q/rFb3J1YDFhzCBUYUl+Kd2JMKNIw/CVVAOg2MlFIRfDkuTIWCSiWbXoSpoDRovUZVDEpagI0JqQjj2iied1aDLElD6y1VMCVHqyVpldxwBppQosFYtxgqGJbvpycnS1IBZaB07yNa13JLtpBbLXIr7A66rKjRRtqiOGBEy04VvaeK4WKsgFzJrUYmXcmuZiSHXqb1FqklZUSKnrSlayD//ue/SCE3oJDA+h7VfEk3tPfmhBytVhPy9OTr56RUtAE9IaUURk8Ib+ga6QUj0OTAGM1rIDJHV2uiu6IiVFtRaHYNyHNoX6sfJoR2jEvLi86RpOQ16KlzJegy+y6kzlnn+1HR2ntw+4O3Uj86c4I0cIN0FoRnDmFcPTpzaGfkWc8AdwF7F7D/7YDtQ9Nr+4hzJs5YPt/udUGp52232+k2sh3Qybfe0WoZerbL+jjRB2gKKninwTZ2n2mgqqgeDf58MEbvg9YG+geYe0J3JHR7QivsGvW1HlJXtIWRzdO03lD7LLzPxPrnEjvJtZTrujd1C7lXdoJRjEBaa28nq9DtZ70ZGTqdg86MzGi25QyyDVUczEUmy0zBEEG2Uaxl0RuQvnWGxx47B6po039twFSS9d8rqc3wro9Wvg7cdeFyYWCtrCB8o91NNO2KqZrSttWtNGg5PssKcIKge2+olnU3PIvHQncK+gC9kJ3CXCAa1AbUxIYR7y3drdmQzmlNRYE/wRRTLEatQqfVF8QOKetO9QmAGWgqIEMxc8di5g7FrE9GLJyw2Y02mOxdbVytCvK5kAI+f4jlg5QSMwvLBBs=\",\"BwdNgJsK1JjI42Qxpus9qQhaqo1UGiuUAlvRbAsPbILVBNcwI+sLzGbK6otxO+1T0N1JwFxUjUv72oY27Sy5p+9/gtzWk0aKtfXI3hGs85m0hpW0rrEL6ovQzg8Tgp0VF2sPzsfybCpo0PUoTdMGMPvp6CEq+oo6tW2d7Y0w2IbiZzN8HHxoUYGLF6RkjVMgrTtcF9ItcMsmyUD7VNo+cST5JWG4k7FUdN3QTyj6ToNyD9cg9tV9LX/idU29ZOqTe6dcMLnV5JsTEvhT/yE55WIWPyTn+Edt0sBPpv598gSKN9IL/cD3Az8gX3AFpTz37K5NxV2mPTk+eW/4+9kH9JTMpdFTc44G55Jd9G2sTT/dSqHhJvcPmfEcxNpUe6cN4sW+R27IoD2G99PmQ/wnOA+/YzJwbjxsVB6SoqJKg3nUmdKd77M+pgauXIOYkCAkX3aChH4YkSBJw3nqz8mTr0/2+Va2ZOxxPrEVlXyhrC1sn/Z7qvbPclgU0Br3WBQSY32f8gf3qJYdc08ULfq4hfP9KIlz/2CWQ1zGQeL7UR7Ny8SPymBRhGF0UMI1WXtucV+0fZHcj00teFle5VnKLb7f7t/2LT4+bxXovrwroFqKrK0UxXt3vpGGfCE7gfAIjjWdzgrJwEljP74WLWMZzPoKthuGuhZRJC7WWQNaYyMwblGtwexGHkN5rTHUOtV/jgn17XM814CG1NzmMTfQ9MFYKSh/fdwP0jGH0GG3ForNWEPb6XlTX5P6qh8zhw4qo2bviI9364TuWXMtPDBiXX/mBuHJGLfTMFo4l5fDyGkzCRtmYAO4No7yyXw2j8I4HpGFXv91iQdpEE/9ZPESq0nLbqSbp8FiOl8cIF3e8ZpZUCqOk4NFNFscJL3ua7ghF6V00reX77CmqxhDy1uouQC7PF8cRH6URPHEqalFCVKjOhhj0Ekd3RUFALMnLbnAVNNZS5WxE3cmuiZHYHEWX04cxN1GZMJe7xWgc/EJoPOjw8xTWxYJpskKzJ8L/Yzmt/bCHST6DhJN/DCPGAN3Ps8TN1lQ5s6LYObOKIUkXgRlGNI7SPQOEr2DRP/okOiE8B3CdDOYdIcl/SXAz2Th/4HAz7vQ/AvDnFfQv2nTYw22wwHhfrfqe6pTyL0xJi3E+QxhE9YVOJkNQZuNBNnyQ0Cm7aAqoEZXAEaD4qCnckt1a5XtbXk3CMyOkCZbIdHQad0Gi91GxXRoKrlEiBNHMCg83UKhbwJbEfB0kYKXAzI4ZbD5iBW4kyiJyYGtKwjPdEYqfhVFvUHZJwDkEqgZ4eOR9Xbg8Z8Sk70NFDtBUlpUHDZAZGt4Q+sx+8mAQqTk7CY46syxpe6oUrIBEiYPJiPkRsLogU3MFS2p4uTgwYSc7QEwHxY0MsdTv+d+JnBcAUOOz9taKlAk8B/0/3lCaaeQf8WNe7RaXrUkiK8onz24BjnfoaS/B0r6m0Gj0f8Y2Tw+oes9vlPvzGFu/bjdPv97/tO3L5suLl/T1xsRfXV6eB60b86c2+Kin0I7w3mcx3O/CPIoXvizwg9ZMWclPcipP08Wi1+JXL746jpkGfr+/zdk+RvilL8LOBkFB3fg5C8DJ1/9B5BnQDaHKQAA\"]" + }, + "cookies": [ + { + "domain": ".gitlab.com", + "httpOnly": true, + "name": "_cfuvid", + "path": "/", + "sameSite": "None", + "secure": true, + "value": "[REDACTED]" + } + ], + "headers": [ + { + "name": "date", + "value": "Tue, 13 Jun 2023 13:41:20 GMT" + }, + { + "name": "content-type", + "value": "application/json" + }, + { + "name": "transfer-encoding", + "value": "chunked" + }, + { + "name": "connection", + "value": "close" + }, + { + "name": "cache-control", + "value": "max-age=0, private, must-revalidate" + }, + { + "name": "content-security-policy", + "value": "default-src 'none'" + }, + { + "name": "etag", + "value": "W/\"ee8e6ed0998b4da94eee90667ef520c6\"" + }, + { + "name": "link", + "value": "; rel=\"first\", ; rel=\"last\"" + }, + { + "name": "vary", + "value": "Origin, Accept-Encoding" + }, + { + "name": "x-content-type-options", + "value": "nosniff" + }, + { + "name": "x-frame-options", + "value": "SAMEORIGIN" + }, + { + "name": "x-gitlab-meta", + "value": "{\"correlation_id\":\"9ec93dc8e8da1d26173296a136110534\",\"version\":\"1\"}" + }, + { + "name": "x-next-page", + "value": "" + }, + { + "name": "x-page", + "value": "1" + }, + { + "name": "x-per-page", + "value": "100" + }, + { + "name": "x-prev-page", + "value": "" + }, + { + "name": "x-request-id", + "value": "9ec93dc8e8da1d26173296a136110534" + }, + { + "name": "x-runtime", + "value": "0.310541" + }, + { + "name": "x-total", + "value": "2" + }, + { + "name": "x-total-pages", + "value": "1" + }, + { + "name": "strict-transport-security", + "value": "max-age=31536000" + }, + { + "name": "referrer-policy", + "value": "strict-origin-when-cross-origin" + }, + { + "name": "ratelimit-observed", + "value": "7" + }, + { + "name": "ratelimit-remaining", + "value": "1993" + }, + { + "name": "ratelimit-reset", + "value": "1686663740" + }, + { + "name": "ratelimit-resettime", + "value": "Tue, 13 Jun 2023 13:42:20 GMT" + }, + { + "name": "ratelimit-limit", + "value": "2000" + }, + { + "name": "gitlab-lb", + "value": "fe-21-lb-gprd" + }, + { + "name": "gitlab-sv", + "value": "localhost" + }, + { + "name": "cf-cache-status", + "value": "MISS" + }, + { + "name": "report-to", + "value": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=O6PWhufLNGUC6YPFQ9lOFBDoTYQPArJQwgWzrpV%2BW3XYa9StX4ApX2eYPoXAlnoeKk6H%2BYNV52Rb0YdyKOBKosrCXQBhOjeiCdAbkBxNBVitmVf2zBxKk7n%2Fe4I%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}" + }, + { + "name": "nel", + "value": "{\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}" + }, + { + "_fromType": "array", + "name": "set-cookie", + "value": "[REDACTED]" + }, + { + "name": "server", + "value": "cloudflare" + }, + { + "name": "cf-ray", + "value": "7d6ac021bb8b0901-EZE" + }, + { + "name": "content-encoding", + "value": "gzip" + } + ], + "headersSize": 2780, + "httpVersion": "HTTP/1.1", + "redirectURL": "", + "status": 200, + "statusText": "OK" + }, + "startedDateTime": "2023-06-13T13:41:20.147Z", + "time": 702, + "timings": { + "blocked": -1, + "connect": -1, + "dns": -1, + "receive": 0, + "send": 0, + "ssl": -1, + "wait": 702 + } + }, + { + "_id": "ec3d22db6e5dab128bde6e9c1bf00341", + "_order": 0, + "cache": {}, + "request": { + "bodySize": 0, + "cookies": [], + "headers": [ + { + "_fromType": "array", + "name": "private-token", + "value": "glpat-QihpZ7LzBWRBP_EW-VSs" + }, + { + "_fromType": "array", + "name": "accept", + "value": "*/*" + }, + { + "_fromType": "array", + "name": "user-agent", + "value": "node-fetch/1.0 (+https://github.com/bitinn/node-fetch)" + }, + { + "_fromType": "array", + "name": "accept-encoding", + "value": "gzip,deflate" + }, + { + "_fromType": "array", + "name": "connection", + "value": "close" + }, + { + "name": "host", + "value": "gitlab.com" + } + ], + "headersSize": 329, + "httpVersion": "HTTP/1.1", + "method": "GET", + "queryString": [ + { + "name": "severity", + "value": "medium,high,critical" + }, + { + "name": "page", + "value": "1" + }, + { + "name": "per_page", + "value": "100" + } + ], + "url": "https://gitlab.com/api/v4/projects/25725992/vulnerability_findings?severity=medium%2Chigh%2Ccritical&page=1&per_page=100" + }, + "response": { + "bodySize": 2, + "content": { + "mimeType": "application/json", + "size": 2, + "text": "[]" + }, + "cookies": [ + { + "domain": ".gitlab.com", + "httpOnly": true, + "name": "_cfuvid", + "path": "/", + "sameSite": "None", + "secure": true, + "value": "[REDACTED]" + } + ], + "headers": [ + { + "name": "date", + "value": "Tue, 13 Jun 2023 13:41:21 GMT" + }, + { + "name": "content-type", + "value": "application/json" + }, + { + "name": "content-length", + "value": "2" + }, + { + "name": "connection", + "value": "close" + }, + { + "name": "cache-control", + "value": "max-age=0, private, must-revalidate" + }, + { + "name": "content-security-policy", + "value": "default-src 'none'" + }, + { + "name": "etag", + "value": "W/\"4f53cda18c2baa0c0354bb5f9a3ecbe5\"" + }, + { + "name": "link", + "value": "; rel=\"first\", ; rel=\"last\"" + }, + { + "name": "vary", + "value": "Origin, Accept-Encoding" + }, + { + "name": "x-content-type-options", + "value": "nosniff" + }, + { + "name": "x-frame-options", + "value": "SAMEORIGIN" + }, + { + "name": "x-gitlab-meta", + "value": "{\"correlation_id\":\"b4c80e083136fe72c92c31c400e5de6d\",\"version\":\"1\"}" + }, + { + "name": "x-next-page", + "value": "" + }, + { + "name": "x-page", + "value": "1" + }, + { + "name": "x-per-page", + "value": "100" + }, + { + "name": "x-prev-page", + "value": "" + }, + { + "name": "x-request-id", + "value": "b4c80e083136fe72c92c31c400e5de6d" + }, + { + "name": "x-runtime", + "value": "0.069433" + }, + { + "name": "x-total", + "value": "0" + }, + { + "name": "x-total-pages", + "value": "1" + }, + { + "name": "strict-transport-security", + "value": "max-age=31536000" + }, + { + "name": "referrer-policy", + "value": "strict-origin-when-cross-origin" + }, + { + "name": "ratelimit-observed", + "value": "8" + }, + { + "name": "ratelimit-remaining", + "value": "1992" + }, + { + "name": "ratelimit-reset", + "value": "1686663741" + }, + { + "name": "ratelimit-resettime", + "value": "Tue, 13 Jun 2023 13:42:21 GMT" + }, + { + "name": "ratelimit-limit", + "value": "2000" + }, + { + "name": "gitlab-lb", + "value": "fe-39-lb-gprd" + }, + { + "name": "gitlab-sv", + "value": "localhost" + }, + { + "name": "cf-cache-status", + "value": "MISS" + }, + { + "name": "accept-ranges", + "value": "bytes" + }, + { + "name": "report-to", + "value": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=BYPcQSwZdwnkJg7gPO4Lu03dRxeSXuZUuU9h8rmfiifinrzn%2FkkkFd6iXM8khDOnlZ6SbjX17YHq7mOrWCUKRkKX4WmK6GQflLl6KIisK7hPYc3V0vh%2F3dlKfaE%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}" + }, + { + "name": "nel", + "value": "{\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}" + }, + { + "_fromType": "array", + "name": "set-cookie", + "value": "[REDACTED]" + }, + { + "name": "server", + "value": "cloudflare" + }, + { + "name": "cf-ray", + "value": "7d6ac0263c9908dd-EZE" + } + ], + "headersSize": 2767, + "httpVersion": "HTTP/1.1", + "redirectURL": "", + "status": 200, + "statusText": "OK" + }, + "startedDateTime": "2023-06-13T13:41:20.868Z", + "time": 337, + "timings": { + "blocked": -1, + "connect": -1, + "dns": -1, + "receive": 0, + "send": 0, + "ssl": -1, + "wait": 337 + } + }, + { + "_id": "f566d199bab2eb578ece60ff96471434", + "_order": 0, + "cache": {}, + "request": { + "bodySize": 0, + "cookies": [], + "headers": [ + { + "_fromType": "array", + "name": "private-token", + "value": "glpat-QihpZ7LzBWRBP_EW-VSs" + }, + { + "_fromType": "array", + "name": "accept", + "value": "*/*" + }, + { + "_fromType": "array", + "name": "user-agent", + "value": "node-fetch/1.0 (+https://github.com/bitinn/node-fetch)" + }, + { + "_fromType": "array", + "name": "accept-encoding", + "value": "gzip,deflate" + }, + { + "_fromType": "array", + "name": "connection", + "value": "close" + }, + { + "name": "host", + "value": "gitlab.com" + } + ], + "headersSize": 329, + "httpVersion": "HTTP/1.1", + "method": "GET", + "queryString": [ + { + "name": "severity", + "value": "medium,high,critical" + }, + { + "name": "page", + "value": "1" + }, + { + "name": "per_page", + "value": "100" + } + ], + "url": "https://gitlab.com/api/v4/projects/25725991/vulnerability_findings?severity=medium%2Chigh%2Ccritical&page=1&per_page=100" + }, + "response": { + "bodySize": 2, + "content": { + "mimeType": "application/json", + "size": 2, + "text": "[]" + }, + "cookies": [ + { + "domain": ".gitlab.com", + "httpOnly": true, + "name": "_cfuvid", + "path": "/", + "sameSite": "None", + "secure": true, + "value": "[REDACTED]" + } + ], + "headers": [ + { + "name": "date", + "value": "Tue, 13 Jun 2023 13:41:21 GMT" + }, + { + "name": "content-type", + "value": "application/json" + }, + { + "name": "content-length", + "value": "2" + }, + { + "name": "connection", + "value": "close" + }, + { + "name": "cache-control", + "value": "max-age=0, private, must-revalidate" + }, + { + "name": "content-security-policy", + "value": "default-src 'none'" + }, + { + "name": "etag", + "value": "W/\"4f53cda18c2baa0c0354bb5f9a3ecbe5\"" + }, + { + "name": "link", + "value": "; rel=\"first\", ; rel=\"last\"" + }, + { + "name": "vary", + "value": "Origin, Accept-Encoding" + }, + { + "name": "x-content-type-options", + "value": "nosniff" + }, + { + "name": "x-frame-options", + "value": "SAMEORIGIN" + }, + { + "name": "x-gitlab-meta", + "value": "{\"correlation_id\":\"34aff84f9a5f56e8f59d47c82afd1ca7\",\"version\":\"1\"}" + }, + { + "name": "x-next-page", + "value": "" + }, + { + "name": "x-page", + "value": "1" + }, + { + "name": "x-per-page", + "value": "100" + }, + { + "name": "x-prev-page", + "value": "" + }, + { + "name": "x-request-id", + "value": "34aff84f9a5f56e8f59d47c82afd1ca7" + }, + { + "name": "x-runtime", + "value": "0.064545" + }, + { + "name": "x-total", + "value": "0" + }, + { + "name": "x-total-pages", + "value": "1" + }, + { + "name": "strict-transport-security", + "value": "max-age=31536000" + }, + { + "name": "referrer-policy", + "value": "strict-origin-when-cross-origin" + }, + { + "name": "ratelimit-observed", + "value": "9" + }, + { + "name": "ratelimit-remaining", + "value": "1991" + }, + { + "name": "ratelimit-reset", + "value": "1686663741" + }, + { + "name": "ratelimit-resettime", + "value": "Tue, 13 Jun 2023 13:42:21 GMT" + }, + { + "name": "ratelimit-limit", + "value": "2000" + }, + { + "name": "gitlab-lb", + "value": "fe-11-lb-gprd" + }, + { + "name": "gitlab-sv", + "value": "localhost" + }, + { + "name": "cf-cache-status", + "value": "MISS" + }, + { + "name": "accept-ranges", + "value": "bytes" + }, + { + "name": "report-to", + "value": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=gsdNTozMsFw4EXaieA6zslKHKDsNcyQCHrpqotKczaoiKI9fhTLNnxuEnCyUjusMV3R86frLh5rsaRPtZsXQHF8%2BI8s4GiDWAVUpzWqFIP5inl%2Bx90ogoV7m70U%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}" + }, + { + "name": "nel", + "value": "{\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}" + }, + { + "_fromType": "array", + "name": "set-cookie", + "value": "[REDACTED]" + }, + { + "name": "server", + "value": "cloudflare" + }, + { + "name": "cf-ray", + "value": "7d6ac0286c8208bc-EZE" + } + ], + "headersSize": 2767, + "httpVersion": "HTTP/1.1", + "redirectURL": "", + "status": 200, + "statusText": "OK" + }, + "startedDateTime": "2023-06-13T13:41:21.211Z", + "time": 346, + "timings": { + "blocked": -1, + "connect": -1, + "dns": -1, + "receive": 0, + "send": 0, + "ssl": -1, + "wait": 346 + } + } + ], + "pages": [], + "version": "1.2" + } +} diff --git a/src/steps/findings.test.ts b/src/steps/findings.test.ts new file mode 100644 index 0000000..77f66d7 --- /dev/null +++ b/src/steps/findings.test.ts @@ -0,0 +1,37 @@ +import { + executeStepWithDependencies, + Recording, + setupRecording, + StepTestConfig, +} from '@jupiterone/integration-sdk-testing'; + +import { Steps } from '../constants'; +import { invocationConfig } from '..'; + +describe(Steps.FINDINGS, () => { + let recording: Recording; + afterEach(async () => { + if (recording) await recording.stop(); + }); + + jest.setTimeout(45000); + + test(Steps.FINDINGS, async () => { + recording = setupRecording({ + name: Steps.FINDINGS, + directory: __dirname, + }); + + const stepTestConfig: StepTestConfig = { + stepId: Steps.FINDINGS, + instanceConfig: { + baseUrl: process.env.BASE_URL || 'https://gitlab.com', + personalToken: process.env.PERSONAL_TOKEN || 'string-value', + }, + invocationConfig: invocationConfig as any, + }; + + const result = await executeStepWithDependencies(stepTestConfig); + expect(result).toMatchStepMetadata(stepTestConfig); + }); +}); diff --git a/src/steps/findings.ts b/src/steps/findings.ts new file mode 100644 index 0000000..d3a8e40 --- /dev/null +++ b/src/steps/findings.ts @@ -0,0 +1,44 @@ +import { + IntegrationStep, + IntegrationStepExecutionContext, + getRawData, +} from '@jupiterone/integration-sdk-core'; + +import { Entities, Steps } from '../constants'; +import { createGitlabClient } from '../provider'; +import { GitlabIntegrationConfig } from '../types'; +import { GitLabProject } from '../provider/types'; +import { createVulnerabilityFindingEntity } from '../converters'; + +export async function fetchVulnerabilityFindings({ + instance, + jobState, + logger, +}: IntegrationStepExecutionContext) { + const client = createGitlabClient(instance.config, logger); + + await jobState.iterateEntities( + { _type: Entities.PROJECT._type }, + async (projectEntity) => { + const project = getRawData(projectEntity) as GitLabProject; + + await client.iterateProjectVulnerabilities( + project.id, + async (finding) => { + await jobState.addEntity(createVulnerabilityFindingEntity(finding)); + }, + ); + }, + ); +} + +export const findingSteps: IntegrationStep[] = [ + { + id: Steps.FINDINGS, + name: 'Fetch Vulnerability Findings', + entities: [Entities.FINDING], + relationships: [], + dependsOn: [Steps.PROJECTS], + executionHandler: fetchVulnerabilityFindings, + }, +]; diff --git a/src/steps/index.ts b/src/steps/index.ts index ae17077..6baf458 100644 --- a/src/steps/index.ts +++ b/src/steps/index.ts @@ -17,6 +17,7 @@ import { mergeRequestSteps } from './merge-requests'; import { projectSteps } from './projects'; import { userSteps } from './users'; import { commitSteps } from './commits'; +import { findingSteps } from './findings'; const integrationSteps: Step< IntegrationStepExecutionContext @@ -25,6 +26,7 @@ const integrationSteps: Step< groupStep, ...projectSteps, ...userSteps, + ...findingSteps, projectUserStep, accountGroupStep, accountProjectStep, From 50caf32fb9dbc8e46ffad9b7f2f9e592e15910cb Mon Sep 17 00:00:00 2001 From: Gaston Yelmini Date: Tue, 13 Jun 2023 11:52:35 -0300 Subject: [PATCH 2/6] Update test config --- src/steps/findings.test.ts | 12 ++---------- test/recording.ts | 17 +++++++++++++++++ 2 files changed, 19 insertions(+), 10 deletions(-) diff --git a/src/steps/findings.test.ts b/src/steps/findings.test.ts index 77f66d7..54e3577 100644 --- a/src/steps/findings.test.ts +++ b/src/steps/findings.test.ts @@ -2,11 +2,10 @@ import { executeStepWithDependencies, Recording, setupRecording, - StepTestConfig, } from '@jupiterone/integration-sdk-testing'; import { Steps } from '../constants'; -import { invocationConfig } from '..'; +import { getStepTestConfigForStep } from '../../test'; describe(Steps.FINDINGS, () => { let recording: Recording; @@ -22,14 +21,7 @@ describe(Steps.FINDINGS, () => { directory: __dirname, }); - const stepTestConfig: StepTestConfig = { - stepId: Steps.FINDINGS, - instanceConfig: { - baseUrl: process.env.BASE_URL || 'https://gitlab.com', - personalToken: process.env.PERSONAL_TOKEN || 'string-value', - }, - invocationConfig: invocationConfig as any, - }; + const stepTestConfig = getStepTestConfigForStep(Steps.FINDINGS); const result = await executeStepWithDependencies(stepTestConfig); expect(result).toMatchStepMetadata(stepTestConfig); diff --git a/test/recording.ts b/test/recording.ts index caf9c42..2c80952 100644 --- a/test/recording.ts +++ b/test/recording.ts @@ -2,11 +2,18 @@ import { mutations, Recording, setupRecording as sdkSetupRecording, + StepTestConfig, } from '@jupiterone/integration-sdk-testing'; +import { invocationConfig } from '../src'; export { Recording } from '@jupiterone/integration-sdk-testing'; type SetupParameters = Parameters[0]; +const configFromEnv = { + baseUrl: process.env.BASE_URL || 'https://gitlab.com', + personalToken: process.env.PERSONAL_TOKEN || 'string-value', +}; + /** * This function is a wrapper around the SDK's setup recording function * that redacts the 'private-token' header. @@ -24,3 +31,13 @@ export function setupRecording({ ...overrides, }); } + +export function getStepTestConfigForStep(stepId: string): StepTestConfig { + return { + stepId, + instanceConfig: configFromEnv, + invocationConfig: { + ...invocationConfig, + } as any, + }; +} From ac27cb844e4290b1638133bb3fe86f4488750d74 Mon Sep 17 00:00:00 2001 From: Gaston Yelmini Date: Tue, 13 Jun 2023 11:54:10 -0300 Subject: [PATCH 3/6] Fix typo --- src/converters/index.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/converters/index.ts b/src/converters/index.ts index 48f2fc0..256e53e 100644 --- a/src/converters/index.ts +++ b/src/converters/index.ts @@ -211,7 +211,7 @@ export function createVulnerabilityFindingEntity( ): Entity { const key = createFindingIdentifier(finding.id); - // For more Finding data model class required fields please visit: https://github.com/JupiterOne/data-model/blob/main/src/schemas/Finding.json. + // For more Finding data model class required fields info please visit: https://github.com/JupiterOne/data-model/blob/main/src/schemas/Finding.json. return createIntegrationEntity({ entityData: { source: finding, From 73b1f236115e002662a677911fee3105f953fbbe Mon Sep 17 00:00:00 2001 From: Gaston Yelmini Date: Tue, 13 Jun 2023 12:01:57 -0300 Subject: [PATCH 4/6] Add project-finding relationship --- docs/jupiterone.md | 1 + src/constants.ts | 6 ++++++ src/steps/findings.ts | 16 +++++++++++++--- 3 files changed, 20 insertions(+), 3 deletions(-) diff --git a/docs/jupiterone.md b/docs/jupiterone.md index 0a76e05..55b3b23 100644 --- a/docs/jupiterone.md +++ b/docs/jupiterone.md @@ -102,6 +102,7 @@ The following relationships are created: | `gitlab_group` | **HAS** | `gitlab_project` | | `gitlab_group` | **HAS** | `gitlab_user` | | `gitlab_merge_request` | **HAS** | `gitlab_commit` | +| `gitlab_project` | **HAS** | `gitlab_finding` | | `gitlab_project` | **HAS** | `gitlab_merge_request` | | `gitlab_project` | **HAS** | `gitlab_user` | | `gitlab_user` | **APPROVED** | `gitlab_merge_request` | diff --git a/src/constants.ts b/src/constants.ts index a890b39..1c4d2f4 100644 --- a/src/constants.ts +++ b/src/constants.ts @@ -94,6 +94,12 @@ export const Relationships = { _class: RelationshipClass.HAS, targetType: Entities.PROJECT._type, }, + PROJECT_HAS_FINDING: { + _type: 'gitlab_project_has_finding', + sourceType: Entities.PROJECT._type, + _class: RelationshipClass.HAS, + targetType: Entities.FINDING._type, + }, PROJECT_HAS_PR: { _type: 'gitlab_project_has_merge_request', sourceType: Entities.PROJECT._type, diff --git a/src/steps/findings.ts b/src/steps/findings.ts index d3a8e40..86a1a0b 100644 --- a/src/steps/findings.ts +++ b/src/steps/findings.ts @@ -1,10 +1,12 @@ import { IntegrationStep, IntegrationStepExecutionContext, + RelationshipClass, + createDirectRelationship, getRawData, } from '@jupiterone/integration-sdk-core'; -import { Entities, Steps } from '../constants'; +import { Entities, Relationships, Steps } from '../constants'; import { createGitlabClient } from '../provider'; import { GitlabIntegrationConfig } from '../types'; import { GitLabProject } from '../provider/types'; @@ -25,7 +27,15 @@ export async function fetchVulnerabilityFindings({ await client.iterateProjectVulnerabilities( project.id, async (finding) => { - await jobState.addEntity(createVulnerabilityFindingEntity(finding)); + const findingEntity = createVulnerabilityFindingEntity(finding); + await jobState.addEntity(findingEntity); + await jobState.addRelationship( + createDirectRelationship({ + _class: RelationshipClass.HAS, + from: projectEntity, + to: findingEntity, + }), + ); }, ); }, @@ -37,7 +47,7 @@ export const findingSteps: IntegrationStep[] = [ id: Steps.FINDINGS, name: 'Fetch Vulnerability Findings', entities: [Entities.FINDING], - relationships: [], + relationships: [Relationships.PROJECT_HAS_FINDING], dependsOn: [Steps.PROJECTS], executionHandler: fetchVulnerabilityFindings, }, From b7fc713435282a30b3a46ff91c979fa9652f8cab Mon Sep 17 00:00:00 2001 From: Gaston Yelmini Date: Tue, 13 Jun 2023 14:39:57 -0300 Subject: [PATCH 5/6] Run promises in parallel --- src/steps/findings.ts | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/src/steps/findings.ts b/src/steps/findings.ts index 86a1a0b..a910f4b 100644 --- a/src/steps/findings.ts +++ b/src/steps/findings.ts @@ -28,14 +28,17 @@ export async function fetchVulnerabilityFindings({ project.id, async (finding) => { const findingEntity = createVulnerabilityFindingEntity(finding); - await jobState.addEntity(findingEntity); - await jobState.addRelationship( - createDirectRelationship({ - _class: RelationshipClass.HAS, - from: projectEntity, - to: findingEntity, - }), - ); + + await Promise.all([ + jobState.addEntity(findingEntity), + jobState.addRelationship( + createDirectRelationship({ + _class: RelationshipClass.HAS, + from: projectEntity, + to: findingEntity, + }), + ), + ]); }, ); }, From 9ac1214f660ecf40442cd1414461aae97f0d0bab Mon Sep 17 00:00:00 2001 From: Gaston Yelmini Date: Wed, 14 Jun 2023 10:26:49 -0300 Subject: [PATCH 6/6] Fix exposed token --- .../recording.har | 240 ++++++++---------- src/steps/findings.test.ts | 3 +- 2 files changed, 103 insertions(+), 140 deletions(-) diff --git a/src/steps/__recordings__/fetch-vulnerability-findings_3065310133/recording.har b/src/steps/__recordings__/fetch-vulnerability-findings_3065310133/recording.har index a7707b7..89ded94 100644 --- a/src/steps/__recordings__/fetch-vulnerability-findings_3065310133/recording.har +++ b/src/steps/__recordings__/fetch-vulnerability-findings_3065310133/recording.har @@ -18,7 +18,7 @@ { "_fromType": "array", "name": "private-token", - "value": "glpat-QihpZ7LzBWRBP_EW-VSs" + "value": "[REDACTED]" }, { "_fromType": "array", @@ -63,10 +63,9 @@ "response": { "bodySize": 532, "content": { - "encoding": "base64", "mimeType": "application/json", "size": 532, - "text": "[\"H4sIAAAAAAAAA4WSQY8TMQyF/wryOd12StlWOe+JCxdOIGR5Ek/H2zQJiTMVQvx31Bm67KpCHOP4vfh7ztefIB5s1z3uusPj3sCFe2wlgIVRNVe7Xh9FA/UPLp3Xx5JaruvnlkW5pMgrzxMYiHRmsPBxqX+K/O6JJw4pnzkqGMikI1i403murkhWSREsgIFJqvQSRH+AhVxkImUwUEcqjBfREecRMCR3AjtQqGyg8PcmhVEvCQdymgpS05GjiqPF+0/nq45jIceYuUjyYHcHA7mkZ3aKrvCswnBlAAt+YeECBqhpQs9TyhU5Uh/Yg40tBAO19ctwdwZnkqgkcXbgM0mo6KW+UV+TkhTvL8Lw6iUtja+xDdSCYl8ouhFzScpuAd0aoImUyrLExeIaEFdFco7rndvQQsD/bXBu+tcaZ2D2SAoWtpttt9rsVpv95+17+6Gzm93Dodt/mb9B4agof9k8ZXTxzXEZ8iUWKif2OKSCngPPsaYXwUVOcqO6hX2j+/XtN2oGyrvcAgAA\"]" + "text": "[{\"id\":11641867,\"web_url\":\"https://gitlab.com/groups/jupiterone-dev\",\"name\":\"JupiterOne Development\",\"path\":\"jupiterone-dev\",\"description\":\"\",\"visibility\":\"private\",\"share_with_group_lock\":false,\"require_two_factor_authentication\":false,\"two_factor_grace_period\":48,\"project_creation_level\":\"developer\",\"auto_devops_enabled\":null,\"subgroup_creation_level\":\"maintainer\",\"emails_disabled\":null,\"mentions_disabled\":null,\"lfs_enabled\":true,\"default_branch_protection\":2,\"avatar_url\":null,\"request_access_enabled\":true,\"full_name\":\"JupiterOne Development\",\"full_path\":\"jupiterone-dev\",\"created_at\":\"2021-04-07T23:51:04.817Z\",\"parent_id\":null,\"ldap_cn\":null,\"ldap_access\":null,\"marked_for_deletion_on\":null,\"wiki_access_level\":\"enabled\"}]" }, "cookies": [ { @@ -82,16 +81,12 @@ "headers": [ { "name": "date", - "value": "Tue, 13 Jun 2023 13:41:18 GMT" + "value": "Wed, 14 Jun 2023 13:25:56 GMT" }, { "name": "content-type", "value": "application/json" }, - { - "name": "transfer-encoding", - "value": "chunked" - }, { "name": "connection", "value": "close" @@ -126,7 +121,7 @@ }, { "name": "x-gitlab-meta", - "value": "{\"correlation_id\":\"719344c2efefd3f0e7fb9e683025b404\",\"version\":\"1\"}" + "value": "{\"correlation_id\":\"264dd77e2eb832ee7b8413e11b5fd21c\",\"version\":\"1\"}" }, { "name": "x-next-page", @@ -146,11 +141,11 @@ }, { "name": "x-request-id", - "value": "719344c2efefd3f0e7fb9e683025b404" + "value": "264dd77e2eb832ee7b8413e11b5fd21c" }, { "name": "x-runtime", - "value": "0.077100" + "value": "0.131158" }, { "name": "x-total", @@ -170,19 +165,19 @@ }, { "name": "ratelimit-observed", - "value": "4" + "value": "1" }, { "name": "ratelimit-remaining", - "value": "1996" + "value": "1999" }, { "name": "ratelimit-reset", - "value": "1686663738" + "value": "1686749215" }, { "name": "ratelimit-resettime", - "value": "Tue, 13 Jun 2023 13:42:18 GMT" + "value": "Wed, 14 Jun 2023 13:26:55 GMT" }, { "name": "ratelimit-limit", @@ -190,7 +185,7 @@ }, { "name": "gitlab-lb", - "value": "fe-16-lb-gprd" + "value": "fe-05-lb-gprd" }, { "name": "gitlab-sv", @@ -202,7 +197,7 @@ }, { "name": "report-to", - "value": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=rrjU3%2Bq2x3CwjlpcZjDZv2aQfHUHsouS84uN1CXgHLKeVyUcOy3yekH3ysi8ePCEhCM5c7lk5%2B3cTnWJs3kS0I7NmTxlNwMunS0v8QUuZl1xaf%2BTDe5mZJ2u5nM%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}" + "value": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=Vw6BChjxg5XP13yDrh0szXNVck2u1cqSuAxf7JNm9qEUqBOCevkHBmt28yfG6wDaWiZ%2Fx0wC%2FKSQw8VuhVk1LKCL9J5uZFsArwafop1qaUss%2BdWeDXo6KYxM6ZQ%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}" }, { "name": "nel", @@ -219,11 +214,7 @@ }, { "name": "cf-ray", - "value": "7d6ac017af820901-EZE" - }, - { - "name": "content-encoding", - "value": "gzip" + "value": "7d72e6eef87c08f1-EZE" } ], "headersSize": 1764, @@ -232,8 +223,8 @@ "status": 200, "statusText": "OK" }, - "startedDateTime": "2023-06-13T13:41:18.518Z", - "time": 386, + "startedDateTime": "2023-06-14T13:25:55.410Z", + "time": 447, "timings": { "blocked": -1, "connect": -1, @@ -241,7 +232,7 @@ "receive": 0, "send": 0, "ssl": -1, - "wait": 386 + "wait": 447 } }, { @@ -255,7 +246,7 @@ { "_fromType": "array", "name": "private-token", - "value": "glpat-QihpZ7LzBWRBP_EW-VSs" + "value": "[REDACTED]" }, { "_fromType": "array", @@ -300,10 +291,9 @@ "response": { "bodySize": 2903, "content": { - "encoding": "base64", "mimeType": "application/json", "size": 2903, - "text": "[\"H4sIAAAAAAAAA+2aW2/sthGA/8qCj632Iu3NFhAgRnOQoEkR4NRN28QBwaVGWnopkiYp2Zvi/PeCoqSVtRd7bfelZ99skTMk58bhZ//2H8QSFM8Wy+toNpsGKAFDNVOWSYFiUXAeIEFyQDH6nhgrxeCXggvQZMU4swzM4BaMRX4SfmR2jd1PRhHqZP5aKGZB/yxg8B2UwKXKQdjBeHBamSJ2jWKUVZOG5fNJQ7ubtL/ivV9RChgmUI5Pq6AaiIUEE4tiFE2i6XCyGIbRbTiLZ9fxbDKKrha/ImeUlBTc4pUmgrqd5YQJFCBLMsyZsSj+7fcAWakYNf5nY9a40BxbiTUo6Q7D7LcZs5ysRlTm8ev3OcqY2+vaWtVT6T6ZeDzeqR2frfYRVk7re7WhAGkgSQ4foWw8HK+4XI2dlcefP91897dPozxBAUql3hhMZSEsiicBIiWxRPslfawa9/tuAifGYkItK5ndvujmThz5tAjDxSy8WizbHDgcz7uIfX5GFKANE4lzvpaFcgcoOMfH5iqiQVjsFvaH2T/eSW9Vi5iendGXAFEpLGECNNaQMWP1FrOcZICVhpQ9oRg130dvdT7mTGyMs5sBnh7eH1FsXM7GSst7oNaMm6KDAsSMKcCcJzauhQKUg84Aa3gowNhztfSEXRwrWWf62VtysoZZqbfjVoOLwhXwc1XVQgGCEsTZp6qFnG3yFejzjeKlAkR5YSxoTLI37KIn/MXFON2QDAwGQVYcEhRbXUCAIFd2W9e1lHADASKarlnpptQfSmZYFXdbFCOlWUksVP4ykpeAZWGTqponLE1xwgwtjGFSmFbBLg/gSTFN3CWHleSMbl3kUpKAqC6R0BWbdoe19AZAYYHicBIgyRPQ2K6JQDG6niTNBaghA5dPoz89+4KdbHudwpPFuhC9cjTdlaNpuPzVGcsHeN9UzwO2P/rINqz/7V6u9uYZwZSCffkDtaIvCbpkFHACZnNyjCSJBuNiplJK7bCOkD8/Ly3DE6Vl2MTSsDLG8FsmqMyZyDqVykUpEdhf5viZeTATzdZqYxJKwRjMXfVGcetkn/Y+dY/P6Zn+6Dx3TzGRHZ9Qeeno6KpgPDmhvvXd0RmqyrHe8C5liCB8axk9oeFAHBzfD9BCVxesSDCVueKMCArH19fAgZhT3gBRMi2Fu11P2RmILTTglJPsxDQmUk2M1QWtZh93rxQuAE7sKieMG1db6qivm4410ZC4nBag9zKKp/tJ5kJV6uqqX0ZX02V4HSCWK6lt97avv9itgt4nY4ktXGYJKZxBpQKB6wjfdT+dXh6vbe7OggJUqORw0zuPo2k8jUZX4cR1Q5Thpu/NmMUJKNe2RJNqJJX6kejEfeVy69y0d0aG7+UKW7kBgQ2VCnC/olKGDSiiq+1Q4u/bVppwLh/dQhusmALOBJiq+S0EZgLX3VJdUhq5KnWq/Rrr9GburkjB0jWqKzgnrq5goi1LyU5Qg7GaUYsLA9odnAlIcEk0c3ve3SGNk6tzuVfR53A6u7qehWmoxL/mD/O/qD/yH27MP+k2clb082szdK4dJizokrS+rpq3YyFECisxdTnFsQKRuNrS2mS/dGDLcpCFRfF0MZnU4gmUUpk9H3THvDO7lnNVgIlCFsYHBJUiZVnTwbpCU6w4o87TrevqbKheZr4l9U8iKfi2dqqvoyxtD4FNQSlAsrNzd6IU2GxcyUtagcZsTZ2vU7Znt0NLEs67zQEm2lX0qoXYWUVDLkvARhaaQt0MYpK6XqZS1CygNHMGynq3jmuGD1/bOdi1dC8CryZA5qEgZo1l/eJun5o=\",\"Mk2rMphKtwNS2DWma6Ab46xRKC5JsrN4kWVgqrCiMs+ZxTkYQ7LWSn7tesxCrlwStNXL7+DIaFVUGgv0B13wUC6NO3kK2nVPCW56+Tp0ldKyJNzgFaRSQ2O/SYByprXUrc3hyYIWhFeHlZr94ROFcmIMSxn1v1ZtsY+9nOgNJK5C4AQ4VMOuqNVnPjC6YxrOU0yDv196nno2dvalt9dPtSOpJjk8uiesT4i6XveN2msyDg/vKmI/of241YSJ/cFjCeHvkybCFDGmWyKq+W2qWs2yzDX1lWehcwXUEl8C/3qO5stofn0d9aAS+gmIFoO1fBxYOSgMDL5n9ieycr+ZQrn7bbCVhR4YmdpHomGQdNARZykM6JZyGKH2We41ejXns6iedF3cuPs69F3ma2lTT6aPl8LhZDacLG+jaTwP43AxisLwCF5yz6YPBUzdrb2HKB3Qcw5C6lnoTGbUld5BImerV2OiQ6vU5XQ8HJutsZA3L9mxFxw3gTy+0XYliU5G9ypDr4RNx5x+gU2jV4fJW+hS47Qz6VLr63fRpVbLR9ClVtn76VKr6k10qZV+G13qGOU9dKlVc6FLr6FLvv5cdepPNP+q6FK3lgyb4LngpAtO+r/ESVeLaD5fXL2Ik5AP+Jaf7KOllAlm1tVGD+ClMDrIl+6KyWRK1SAhlgz981lJ880dCuNwGMbL6A4NEqa/uavejnd+PnzUi8CvPlZe62HWNRtG89sKdMXRdLRYTI+zrvmFdR1mXU+Lf8xm67/flA8/3iewvJGhZRfWdWFdF9Z1YV1fNesK+6xrx6iqv2a6Cn4+oOqK1uWo/+lFNNUVeIFLzUezxeu5FFJbu5bCcyDUpVR7I+cyq3bP7wFWfSXn0Kqu0c5EVa3oGznVuf/ONLm+DcN4HsXz5ehqfiFMLxGmrmvfgZfCt+Gl8EPwUviReCn8OLwUvgsvhe/DS+HH4KXwgpfegpfmo9nV7KvCS20hadhSeGFLF7b0VbOl/+2/Kh3odC745ix882Bvbs2nzz+srv8twvLBrn/85emCby745oJvLvjmK8M3v/8XWNVZtwE3AAA=\"]" + "text": "[{\"id\":46792443,\"description\":null,\"name\":\"Gaston Vulnerabilities Test\",\"name_with_namespace\":\"JupiterOne Development / Gaston Vulnerabilities Test\",\"path\":\"gaston-vulnerabilities-test\",\"path_with_namespace\":\"jupiterone-dev/gaston-vulnerabilities-test\",\"created_at\":\"2023-06-12T14:49:40.286Z\",\"default_branch\":\"main\",\"tag_list\":[],\"topics\":[],\"ssh_url_to_repo\":\"git@gitlab.com:jupiterone-dev/gaston-vulnerabilities-test.git\",\"http_url_to_repo\":\"https://gitlab.com/jupiterone-dev/gaston-vulnerabilities-test.git\",\"web_url\":\"https://gitlab.com/jupiterone-dev/gaston-vulnerabilities-test\",\"readme_url\":\"https://gitlab.com/jupiterone-dev/gaston-vulnerabilities-test/-/blob/main/README.md\",\"forks_count\":0,\"avatar_url\":null,\"star_count\":0,\"last_activity_at\":\"2023-06-12T14:49:40.286Z\",\"namespace\":{\"id\":11641867,\"name\":\"JupiterOne Development\",\"path\":\"jupiterone-dev\",\"kind\":\"group\",\"full_path\":\"jupiterone-dev\",\"parent_id\":null,\"avatar_url\":null,\"web_url\":\"https://gitlab.com/groups/jupiterone-dev\"},\"container_registry_image_prefix\":\"registry.gitlab.com/jupiterone-dev/gaston-vulnerabilities-test\",\"_links\":{\"self\":\"https://gitlab.com/api/v4/projects/46792443\",\"issues\":\"https://gitlab.com/api/v4/projects/46792443/issues\",\"merge_requests\":\"https://gitlab.com/api/v4/projects/46792443/merge_requests\",\"repo_branches\":\"https://gitlab.com/api/v4/projects/46792443/repository/branches\",\"labels\":\"https://gitlab.com/api/v4/projects/46792443/labels\",\"events\":\"https://gitlab.com/api/v4/projects/46792443/events\",\"members\":\"https://gitlab.com/api/v4/projects/46792443/members\",\"cluster_agents\":\"https://gitlab.com/api/v4/projects/46792443/cluster_agents\"},\"packages_enabled\":true,\"empty_repo\":false,\"archived\":false,\"visibility\":\"private\",\"resolve_outdated_diff_discussions\":false,\"container_expiration_policy\":{\"cadence\":\"1d\",\"enabled\":false,\"keep_n\":10,\"older_than\":\"90d\",\"name_regex\":\".*\",\"name_regex_keep\":null,\"next_run_at\":\"2023-06-13T14:49:40.317Z\"},\"issues_enabled\":true,\"merge_requests_enabled\":true,\"wiki_enabled\":true,\"jobs_enabled\":true,\"snippets_enabled\":true,\"container_registry_enabled\":true,\"service_desk_enabled\":true,\"service_desk_address\":\"contact-project+jupiterone-dev-gaston-vulnerabilities-test-46792443-issue-@incoming.gitlab.com\",\"can_create_merge_request_in\":true,\"issues_access_level\":\"enabled\",\"repository_access_level\":\"enabled\",\"merge_requests_access_level\":\"enabled\",\"forking_access_level\":\"enabled\",\"wiki_access_level\":\"enabled\",\"builds_access_level\":\"enabled\",\"snippets_access_level\":\"enabled\",\"pages_access_level\":\"private\",\"analytics_access_level\":\"enabled\",\"container_registry_access_level\":\"enabled\",\"security_and_compliance_access_level\":\"private\",\"releases_access_level\":\"enabled\",\"environments_access_level\":\"enabled\",\"feature_flags_access_level\":\"enabled\",\"infrastructure_access_level\":\"enabled\",\"monitor_access_level\":\"enabled\",\"emails_disabled\":null,\"shared_runners_enabled\":true,\"lfs_enabled\":true,\"creator_id\":7283719,\"import_url\":null,\"import_type\":null,\"import_status\":\"none\",\"open_issues_count\":0,\"description_html\":\"\",\"updated_at\":\"2023-06-12T15:23:32.810Z\",\"ci_default_git_depth\":20,\"ci_forward_deployment_enabled\":true,\"ci_job_token_scope_enabled\":false,\"ci_separated_caches\":true,\"ci_allow_fork_pipelines_to_run_in_parent_project\":true,\"build_git_strategy\":\"fetch\",\"keep_latest_artifact\":true,\"restrict_user_defined_variables\":false,\"runners_token\":\"GR1348941f1pnX5q5CpzmHAsWcy2Z\",\"runner_token_expiration_interval\":null,\"group_runners_enabled\":true,\"auto_cancel_pending_pipelines\":\"enabled\",\"build_timeout\":3600,\"auto_devops_enabled\":false,\"auto_devops_deploy_strategy\":\"continuous\",\"ci_config_path\":\"\",\"public_jobs\":true,\"shared_with_groups\":[],\"only_allow_merge_if_pipeline_succeeds\":false,\"allow_merge_on_skipped_pipeline\":null,\"request_access_enabled\":true,\"only_allow_merge_if_all_discussions_are_resolved\":false,\"remove_source_branch_after_merge\":true,\"printing_merge_request_link_enabled\":true,\"merge_method\":\"merge\",\"squash_option\":\"default_off\",\"enforce_auth_checks_on_uploads\":true,\"suggestion_commit_message\":null,\"merge_commit_template\":null,\"squash_commit_template\":null,\"issue_branch_template\":null,\"autoclose_referenced_issues\":true,\"approvals_before_merge\":0,\"mirror\":false,\"external_authorization_classification_label\":\"\",\"marked_for_deletion_at\":null,\"marked_for_deletion_on\":null,\"requirements_enabled\":true,\"requirements_access_level\":\"enabled\",\"security_and_compliance_enabled\":true,\"compliance_frameworks\":[],\"issues_template\":null,\"merge_requests_template\":null,\"merge_pipelines_enabled\":false,\"merge_trains_enabled\":false,\"only_allow_merge_if_all_status_checks_passed\":false,\"allow_pipeline_trigger_approve_deployment\":false},{\"id\":25725992,\"description\":\"Learn how to use GitLab to support your software development life cycle.\",\"name\":\"Learn GitLab\",\"name_with_namespace\":\"JupiterOne Development / Learn GitLab\",\"path\":\"learn-gitlab\",\"path_with_namespace\":\"jupiterone-dev/learn-gitlab\",\"created_at\":\"2021-04-07T23:51:16.211Z\",\"default_branch\":\"master\",\"tag_list\":[],\"topics\":[],\"ssh_url_to_repo\":\"git@gitlab.com:jupiterone-dev/learn-gitlab.git\",\"http_url_to_repo\":\"https://gitlab.com/jupiterone-dev/learn-gitlab.git\",\"web_url\":\"https://gitlab.com/jupiterone-dev/learn-gitlab\",\"readme_url\":\"https://gitlab.com/jupiterone-dev/learn-gitlab/-/blob/master/README.md\",\"forks_count\":0,\"avatar_url\":\"https://gitlab.com/uploads/-/system/project/avatar/25725992/Artboard.jpg\",\"star_count\":0,\"last_activity_at\":\"2021-04-07T23:51:16.211Z\",\"namespace\":{\"id\":11641867,\"name\":\"JupiterOne Development\",\"path\":\"jupiterone-dev\",\"kind\":\"group\",\"full_path\":\"jupiterone-dev\",\"parent_id\":null,\"avatar_url\":null,\"web_url\":\"https://gitlab.com/groups/jupiterone-dev\"},\"container_registry_image_prefix\":\"registry.gitlab.com/jupiterone-dev/learn-gitlab\",\"_links\":{\"self\":\"https://gitlab.com/api/v4/projects/25725992\",\"issues\":\"https://gitlab.com/api/v4/projects/25725992/issues\",\"merge_requests\":\"https://gitlab.com/api/v4/projects/25725992/merge_requests\",\"repo_branches\":\"https://gitlab.com/api/v4/projects/25725992/repository/branches\",\"labels\":\"https://gitlab.com/api/v4/projects/25725992/labels\",\"events\":\"https://gitlab.com/api/v4/projects/25725992/events\",\"members\":\"https://gitlab.com/api/v4/projects/25725992/members\",\"cluster_agents\":\"https://gitlab.com/api/v4/projects/25725992/cluster_agents\"},\"packages_enabled\":true,\"empty_repo\":false,\"archived\":false,\"visibility\":\"private\",\"resolve_outdated_diff_discussions\":false,\"container_expiration_policy\":{\"cadence\":\"1d\",\"enabled\":false,\"keep_n\":10,\"older_than\":\"90d\",\"name_regex\":\".*\",\"name_regex_keep\":null,\"next_run_at\":\"2021-04-08T23:51:16.225Z\"},\"issues_enabled\":true,\"merge_requests_enabled\":true,\"wiki_enabled\":true,\"jobs_enabled\":true,\"snippets_enabled\":true,\"container_registry_enabled\":true,\"service_desk_enabled\":true,\"service_desk_address\":\"contact-project+jupiterone-dev-learn-gitlab-25725992-issue-@incoming.gitlab.com\",\"can_create_merge_request_in\":true,\"issues_access_level\":\"enabled\",\"repository_access_level\":\"enabled\",\"merge_requests_access_level\":\"enabled\",\"forking_access_level\":\"enabled\",\"wiki_access_level\":\"enabled\",\"builds_access_level\":\"enabled\",\"snippets_access_level\":\"enabled\",\"pages_access_level\":\"private\",\"analytics_access_level\":\"enabled\",\"container_registry_access_level\":\"enabled\",\"security_and_compliance_access_level\":\"private\",\"releases_access_level\":\"enabled\",\"environments_access_level\":\"enabled\",\"feature_flags_access_level\":\"enabled\",\"infrastructure_access_level\":\"enabled\",\"monitor_access_level\":\"enabled\",\"emails_disabled\":null,\"shared_runners_enabled\":true,\"lfs_enabled\":true,\"creator_id\":8625568,\"import_url\":null,\"import_type\":\"gitlab_project\",\"import_status\":\"finished\",\"open_issues_count\":12,\"description_html\":\"\\u003cp data-sourcepos=\\\"1:1-1:72\\\" dir=\\\"auto\\\"\\u003eLearn how to use GitLab to support your software development life cycle.\\u003c/p\\u003e\",\"updated_at\":\"2023-04-25T23:32:23.663Z\",\"ci_default_git_depth\":50,\"ci_forward_deployment_enabled\":true,\"ci_job_token_scope_enabled\":false,\"ci_separated_caches\":true,\"ci_allow_fork_pipelines_to_run_in_parent_project\":true,\"build_git_strategy\":\"fetch\",\"keep_latest_artifact\":true,\"restrict_user_defined_variables\":false,\"runners_token\":\"GR1348941x6U44hSAvqKjde7Ao1ti\",\"runner_token_expiration_interval\":null,\"group_runners_enabled\":true,\"auto_cancel_pending_pipelines\":\"enabled\",\"build_timeout\":3600,\"auto_devops_enabled\":false,\"auto_devops_deploy_strategy\":\"continuous\",\"ci_config_path\":\"\",\"public_jobs\":true,\"shared_with_groups\":[],\"only_allow_merge_if_pipeline_succeeds\":false,\"allow_merge_on_skipped_pipeline\":null,\"request_access_enabled\":true,\"only_allow_merge_if_all_discussions_are_resolved\":false,\"remove_source_branch_after_merge\":true,\"printing_merge_request_link_enabled\":true,\"merge_method\":\"merge\",\"squash_option\":\"default_off\",\"enforce_auth_checks_on_uploads\":true,\"suggestion_commit_message\":null,\"merge_commit_template\":null,\"squash_commit_template\":null,\"issue_branch_template\":null,\"autoclose_referenced_issues\":true,\"approvals_before_merge\":0,\"mirror\":false,\"external_authorization_classification_label\":\"\",\"marked_for_deletion_at\":null,\"marked_for_deletion_on\":null,\"requirements_enabled\":true,\"requirements_access_level\":\"enabled\",\"security_and_compliance_enabled\":true,\"compliance_frameworks\":[],\"issues_template\":null,\"merge_requests_template\":null,\"merge_pipelines_enabled\":false,\"merge_trains_enabled\":false,\"only_allow_merge_if_all_status_checks_passed\":false,\"allow_pipeline_trigger_approve_deployment\":false},{\"id\":25725991,\"description\":\"\",\"name\":\"test-proj\",\"name_with_namespace\":\"JupiterOne Development / test-proj\",\"path\":\"test-proj\",\"path_with_namespace\":\"jupiterone-dev/test-proj\",\"created_at\":\"2021-04-07T23:51:15.461Z\",\"default_branch\":\"master\",\"tag_list\":[\"python\",\"web\"],\"topics\":[\"python\",\"web\"],\"ssh_url_to_repo\":\"git@gitlab.com:jupiterone-dev/test-proj.git\",\"http_url_to_repo\":\"https://gitlab.com/jupiterone-dev/test-proj.git\",\"web_url\":\"https://gitlab.com/jupiterone-dev/test-proj\",\"readme_url\":\"https://gitlab.com/jupiterone-dev/test-proj/-/blob/master/README.md\",\"forks_count\":0,\"avatar_url\":null,\"star_count\":0,\"last_activity_at\":\"2023-06-09T11:52:57.851Z\",\"namespace\":{\"id\":11641867,\"name\":\"JupiterOne Development\",\"path\":\"jupiterone-dev\",\"kind\":\"group\",\"full_path\":\"jupiterone-dev\",\"parent_id\":null,\"avatar_url\":null,\"web_url\":\"https://gitlab.com/groups/jupiterone-dev\"},\"container_registry_image_prefix\":\"registry.gitlab.com/jupiterone-dev/test-proj\",\"_links\":{\"self\":\"https://gitlab.com/api/v4/projects/25725991\",\"issues\":\"https://gitlab.com/api/v4/projects/25725991/issues\",\"merge_requests\":\"https://gitlab.com/api/v4/projects/25725991/merge_requests\",\"repo_branches\":\"https://gitlab.com/api/v4/projects/25725991/repository/branches\",\"labels\":\"https://gitlab.com/api/v4/projects/25725991/labels\",\"events\":\"https://gitlab.com/api/v4/projects/25725991/events\",\"members\":\"https://gitlab.com/api/v4/projects/25725991/members\",\"cluster_agents\":\"https://gitlab.com/api/v4/projects/25725991/cluster_agents\"},\"packages_enabled\":true,\"empty_repo\":false,\"archived\":false,\"visibility\":\"private\",\"resolve_outdated_diff_discussions\":false,\"container_expiration_policy\":{\"cadence\":\"1d\",\"enabled\":false,\"keep_n\":10,\"older_than\":\"90d\",\"name_regex\":\".*\",\"name_regex_keep\":null,\"next_run_at\":\"2021-04-08T23:51:15.484Z\"},\"issues_enabled\":true,\"merge_requests_enabled\":true,\"wiki_enabled\":true,\"jobs_enabled\":true,\"snippets_enabled\":true,\"container_registry_enabled\":true,\"service_desk_enabled\":true,\"service_desk_address\":\"contact-project+jupiterone-dev-test-proj-25725991-issue-@incoming.gitlab.com\",\"can_create_merge_request_in\":true,\"issues_access_level\":\"enabled\",\"repository_access_level\":\"enabled\",\"merge_requests_access_level\":\"enabled\",\"forking_access_level\":\"enabled\",\"wiki_access_level\":\"enabled\",\"builds_access_level\":\"enabled\",\"snippets_access_level\":\"enabled\",\"pages_access_level\":\"private\",\"analytics_access_level\":\"enabled\",\"container_registry_access_level\":\"enabled\",\"security_and_compliance_access_level\":\"private\",\"releases_access_level\":\"enabled\",\"environments_access_level\":\"enabled\",\"feature_flags_access_level\":\"enabled\",\"infrastructure_access_level\":\"enabled\",\"monitor_access_level\":\"enabled\",\"emails_disabled\":null,\"shared_runners_enabled\":true,\"lfs_enabled\":true,\"creator_id\":8625568,\"import_url\":null,\"import_type\":null,\"import_status\":\"none\",\"open_issues_count\":0,\"description_html\":\"\",\"updated_at\":\"2023-06-09T11:52:57.851Z\",\"ci_default_git_depth\":50,\"ci_forward_deployment_enabled\":true,\"ci_job_token_scope_enabled\":false,\"ci_separated_caches\":true,\"ci_allow_fork_pipelines_to_run_in_parent_project\":true,\"build_git_strategy\":\"fetch\",\"keep_latest_artifact\":true,\"restrict_user_defined_variables\":false,\"runners_token\":\"GR1348941qtATsERHb9Yn1vqthKVx\",\"runner_token_expiration_interval\":null,\"group_runners_enabled\":true,\"auto_cancel_pending_pipelines\":\"enabled\",\"build_timeout\":3600,\"auto_devops_enabled\":false,\"auto_devops_deploy_strategy\":\"continuous\",\"ci_config_path\":\"\",\"public_jobs\":true,\"shared_with_groups\":[],\"only_allow_merge_if_pipeline_succeeds\":false,\"allow_merge_on_skipped_pipeline\":null,\"request_access_enabled\":true,\"only_allow_merge_if_all_discussions_are_resolved\":false,\"remove_source_branch_after_merge\":true,\"printing_merge_request_link_enabled\":true,\"merge_method\":\"merge\",\"squash_option\":\"default_off\",\"enforce_auth_checks_on_uploads\":true,\"suggestion_commit_message\":null,\"merge_commit_template\":null,\"squash_commit_template\":null,\"issue_branch_template\":null,\"autoclose_referenced_issues\":true,\"approvals_before_merge\":0,\"mirror\":false,\"external_authorization_classification_label\":\"\",\"marked_for_deletion_at\":null,\"marked_for_deletion_on\":null,\"requirements_enabled\":true,\"requirements_access_level\":\"enabled\",\"security_and_compliance_enabled\":true,\"compliance_frameworks\":[],\"issues_template\":null,\"merge_requests_template\":null,\"merge_pipelines_enabled\":false,\"merge_trains_enabled\":false,\"only_allow_merge_if_all_status_checks_passed\":false,\"allow_pipeline_trigger_approve_deployment\":false}]" }, "cookies": [ { @@ -319,16 +309,12 @@ "headers": [ { "name": "date", - "value": "Tue, 13 Jun 2023 13:41:19 GMT" + "value": "Wed, 14 Jun 2023 13:25:56 GMT" }, { "name": "content-type", "value": "application/json" }, - { - "name": "transfer-encoding", - "value": "chunked" - }, { "name": "connection", "value": "close" @@ -363,7 +349,7 @@ }, { "name": "x-gitlab-meta", - "value": "{\"correlation_id\":\"7a122129c209f3a38ddbaa7baaefb500\",\"version\":\"1\"}" + "value": "{\"correlation_id\":\"50e6a493b1fd0be25d20c35dde9ee962\",\"version\":\"1\"}" }, { "name": "x-next-page", @@ -383,11 +369,11 @@ }, { "name": "x-request-id", - "value": "7a122129c209f3a38ddbaa7baaefb500" + "value": "50e6a493b1fd0be25d20c35dde9ee962" }, { "name": "x-runtime", - "value": "0.187912" + "value": "0.321193" }, { "name": "x-total", @@ -407,19 +393,19 @@ }, { "name": "ratelimit-observed", - "value": "5" + "value": "2" }, { "name": "ratelimit-remaining", - "value": "1995" + "value": "1998" }, { "name": "ratelimit-reset", - "value": "1686663739" + "value": "1686749216" }, { "name": "ratelimit-resettime", - "value": "Tue, 13 Jun 2023 13:42:19 GMT" + "value": "Wed, 14 Jun 2023 13:26:56 GMT" }, { "name": "ratelimit-limit", @@ -427,7 +413,7 @@ }, { "name": "gitlab-lb", - "value": "fe-32-lb-gprd" + "value": "fe-08-lb-gprd" }, { "name": "gitlab-sv", @@ -439,7 +425,7 @@ }, { "name": "report-to", - "value": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=auCSl4eYUb%2F%2BhYQK%2Bs3aHP%2FshvJZBhIoMwJz%2BkrTNV0jeSLHaaIzx%2FhFw2Qf2Ke4GkHJLZPmGomeMtqiIi7oPfnV9DwAVqTSrG4v1d3t2FSiMJuqEhQVOdJE7Lc%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}" + "value": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=TpNbazL%2FXGOWqub0gXqa%2Bv299hotVg6cLMdCnph9dpBTkjNiP%2FGNGz7BeobYUzKEX2A9lstGyro%2FcBfnG02aNS%2BDFRt9FBcTvxIrUft1hY0M8nwQbcCwOt7u14E%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}" }, { "name": "nel", @@ -456,21 +442,17 @@ }, { "name": "cf-ray", - "value": "7d6ac01a18a808e5-EZE" - }, - { - "name": "content-encoding", - "value": "gzip" + "value": "7d72e6f1aba11870-EZE" } ], - "headersSize": 2182, + "headersSize": 2180, "httpVersion": "HTTP/1.1", "redirectURL": "", "status": 200, "statusText": "OK" }, - "startedDateTime": "2023-06-13T13:41:18.921Z", - "time": 522, + "startedDateTime": "2023-06-14T13:25:55.872Z", + "time": 659, "timings": { "blocked": -1, "connect": -1, @@ -478,7 +460,7 @@ "receive": 0, "send": 0, "ssl": -1, - "wait": 522 + "wait": 659 } }, { @@ -492,7 +474,7 @@ { "_fromType": "array", "name": "private-token", - "value": "glpat-QihpZ7LzBWRBP_EW-VSs" + "value": "[REDACTED]" }, { "_fromType": "array", @@ -539,12 +521,11 @@ "url": "https://gitlab.com/api/v4/projects?owned=true&page=1&per_page=100" }, "response": { - "bodySize": 2958, + "bodySize": 2951, "content": { - "encoding": "base64", "mimeType": "application/json", - "size": 2958, - "text": "[\"H4sIAAAAAAAAA+2a62/rthXA/xWDHzf5IfkZAQUarBct1g4F7rJua1MQNHUkM6ZIhqScuBf53weKkqzIj8RJ+mXX3xKR55A8Lx7+kt++IJageDKbX0WTyThACRiqmbJMChSLgvMACZIDitH3xFgper8UXIAmS8aZZWB6N2As8pPwA7Mr7H4yilAn8/dCMQv6ZwG972ADXKochO0Ne6eVKWJXKEZZOam/eT6pb3eT9le88ytKAf0ENsPTKqgGYiHBxKIYRaNo3B/N+mF0E07iyVU8GQ2ixexX5IySkoJbvNREULeznDCBAmRJhjkzFsW//R4gKxWjxv9szAoXmmMrsQYl3WGY/TZjlpPlgMo8fv0+Bxlze11Zqzoq3ScTD4c7tcOz1T7A0ml9rzYUIA0kyeEjlA37wyWXy6Gz8vDzp+vv/vFpkCcoQKnUa4OpLIRF8ShAZEMs0X5JH6vG/b6bwImxmFDLNsxuX3RzK458WoThbBIuZvMmBw7H8y5in58RBWjNROKcr2Wh3AEKzvGxuYpoEBa7hf1h9o930lvlIqZjZ/QUICqFJUyAxhoyZqzeYpaTDLDSkLJHFKP6++CtzsecibVxdjPA08P7I4oNN5Oh0vIOqDXDuuigADFjCjDniQ0roQDloDPAGu4LMPZcLR1hF8dKVpl+9pacrGFW6u2w0eCicAn8XFWVUIBgA+LsU1VCzjb5EvT5RvFSAaK8MBY0JtkbdtERfnIxTtckA4NBkCWHBMVWFxAgyJU=\",\"3VZ1LSXcQICIpiu2cVOqDxtmWBl3WxQjpdmGWCj9ZSTfAJaFTcpqnrA0xQkztDCGSWEaBbs8gEfFNHGXHFaSM7p1kUtJAqK8REJXbJodVtJrAIUFisNRgCRPQGO7IgLF6GqU1BeghgxcPg3+8uwLdrLNdQqPFutCdMrReFeOxuH8V2csH+BdUz0P2O7oA1uz7rc7udybZwRTCvblD9SKriToDaOAEzDrk2MkSTQYFzOlUmr7VYT89Xlp6Z8oLf06lvqlMfrfMkFlzkTWqlQuSonA/jLHz8yDmai3VhmTUArGYO6qN4obJ/u096l7fE7H9EfnuXuKiez4hNJLR0eXBePJCfWN747OUGWOdYZ3KUME4VvL6AkNB+Lg+H6AFrq8YEWCqcwVZ0RQOL6+Bg7EnPIGiA3TUrjb9ZSdgdhCA045yU5MYyLVxFhd0HL2cfdK4QLgxK5ywrhxtaWK+qrpWBENictpAXovo3i6n2QuVKUur/p5tBjPw6sAsVxJbdu3ffXFbhV0PhlLbOEyS0jhDCoVCFxF+K77afXyeGVzdxYUoEIlh5veaRyN43E0WIQj1w1Rhuu+N2MWJ6Bc2xKNypFU6geiE/eVy61z094ZGb6TS2zlGgQ2VCrA3YpKGTagiC63Q4m/bxtpwrl8cAutsWIKOBNgyua3EJgJXHVLVUmp5crUKfdrrNObubsiBUtXqKrgnLi6gom2LCU7QQ3GakYtLgxod3AmIMEbopnb8+4OqZ1cnsu9ij6H48niahKmoRL/md5P/6b+yH+4Nv+m28hZ0c+vzNC6dpiwoDek8XXZvB0LIVJYianLKY4ViMTVlsYm+6UDW5aDLCyKx7PRqBJPYCOV2fNBe8w7s205VwWYKGRhfEBQKVKW1R2sKzTFkjPqPN24rsqG8mXmW1L/JJKCbyun+jrK0uYQ2BSUAiQ7O7cnSoHN2pW8pBGozVbX+SplO3Y7tCThvN0cYKJdRS9biJ1VNORyA9jIQlOomkFMUtfLlIrqBZRmzkBZ59ZxzfDhazsHu5LuReDVBMjcF8SssKxe3M1TU6ZpWQZT6XZACrvCdAV0bZw1CsUlSXYWL7IMTBlWVOY5szgHY0jWWMmvXY1ZyJVLgqZ6+R0cGS2LSm2B7qALHsqlcSdPQbvuKcF1L1+FrlJabgg3eAmp1FDbbxSgnGktdWNzeLSgBeHlYaVmf/hEoZwYw1JG/a9lW+xjLyd6DYmrEDgBDuWwK2rVmQ+M7piG8xTT4O+XjqeejZ196e31U81IqkkOD+4J6xOiqtddo3aajMPDu4rYTWg/bjVhYn/wWEL4+6SOMEWMaZeIcn6TqlazLHNNfelZaF0BjYQCnbO6+f6Cqhpd2fJ5xau/fUHPLT0dBUhI23K8/z5+enoK/Os8ms6j6dVV1IFW6CcgWvRW8qFnZa8w0Pue2Z/I0v1mCuXuz95WFrpnZGofiIZe0kJTnKXQo1vKYYCaZ7/X6NWcz7o60lXx5O5r33exr6VZHZkuvgr7o0l/NL+JxvE0jMPZIArDI/jKPcs+FGC1t/YeYnVAzzmIqmOhM5lUW3oHoZytXo2hDq1Slethf2i2xkJev5SHXnBYB/LwWtulJDoZ3KkMvRJmHXP6BWYNXh0mb6FXtdPOpFeNr99FrxotH0GvGmXvp1eNqjfRq0b6bfSqZZT30KtGzYVevYZe+fqzaNWfaPpV0at2LenXwXPBVRdc9X+JqxazaDqdLV7EVcgHfMNn9tFVygQzq3KjB/BVGB3kV7fFaDSmqpcQS/r+ea6k+eYWhXHYD+N5dIt6CdPf3JZv01s/Hz7qReBXHyqv9Q==\",\"MEub9KPpTQnS4mg8mM3Gx1na9MLSDrO0x9m/JpPVP6839z/eJTC/lqFlF5Z2YWkXlnZhaReW9ieytLDL0nYMrPxrrFv9fADWFq3KXffTi+irLfAC95oOJrPXcy+ktnYlhedMqE3B9kbOZWLNnt8DxLpKzqFhbaOdicIa0TdysHP/HWt0dROG8TSKp/PBYnohWC8RrLZr34Gvwrfhq/BD8FX4kfgq/Dh8Fb4LX4Xvw1fhx+Cr8IKv3oKvpoPJYvJV4aumkNTsKrywqwu7+qrZ1Z/7r1YHOp0LHjoLD93b6xvz6fMPy6v/inBzb1c//vJ4wUMXPHTBQxc8dMFDH4qHfv8fkRODNyE4AAA=\"]" + "size": 2951, + "text": "[{\"id\":46792443,\"description\":null,\"name\":\"Gaston Vulnerabilities Test\",\"name_with_namespace\":\"JupiterOne Development / Gaston Vulnerabilities Test\",\"path\":\"gaston-vulnerabilities-test\",\"path_with_namespace\":\"jupiterone-dev/gaston-vulnerabilities-test\",\"created_at\":\"2023-06-12T14:49:40.286Z\",\"default_branch\":\"main\",\"tag_list\":[],\"topics\":[],\"ssh_url_to_repo\":\"git@gitlab.com:jupiterone-dev/gaston-vulnerabilities-test.git\",\"http_url_to_repo\":\"https://gitlab.com/jupiterone-dev/gaston-vulnerabilities-test.git\",\"web_url\":\"https://gitlab.com/jupiterone-dev/gaston-vulnerabilities-test\",\"readme_url\":\"https://gitlab.com/jupiterone-dev/gaston-vulnerabilities-test/-/blob/main/README.md\",\"forks_count\":0,\"avatar_url\":null,\"star_count\":0,\"last_activity_at\":\"2023-06-12T14:49:40.286Z\",\"namespace\":{\"id\":11641867,\"name\":\"JupiterOne Development\",\"path\":\"jupiterone-dev\",\"kind\":\"group\",\"full_path\":\"jupiterone-dev\",\"parent_id\":null,\"avatar_url\":null,\"web_url\":\"https://gitlab.com/groups/jupiterone-dev\"},\"container_registry_image_prefix\":\"registry.gitlab.com/jupiterone-dev/gaston-vulnerabilities-test\",\"_links\":{\"self\":\"https://gitlab.com/api/v4/projects/46792443\",\"issues\":\"https://gitlab.com/api/v4/projects/46792443/issues\",\"merge_requests\":\"https://gitlab.com/api/v4/projects/46792443/merge_requests\",\"repo_branches\":\"https://gitlab.com/api/v4/projects/46792443/repository/branches\",\"labels\":\"https://gitlab.com/api/v4/projects/46792443/labels\",\"events\":\"https://gitlab.com/api/v4/projects/46792443/events\",\"members\":\"https://gitlab.com/api/v4/projects/46792443/members\",\"cluster_agents\":\"https://gitlab.com/api/v4/projects/46792443/cluster_agents\"},\"packages_enabled\":true,\"empty_repo\":false,\"archived\":false,\"visibility\":\"private\",\"resolve_outdated_diff_discussions\":false,\"container_expiration_policy\":{\"cadence\":\"1d\",\"enabled\":false,\"keep_n\":10,\"older_than\":\"90d\",\"name_regex\":\".*\",\"name_regex_keep\":null,\"next_run_at\":\"2023-06-13T14:49:40.317Z\"},\"issues_enabled\":true,\"merge_requests_enabled\":true,\"wiki_enabled\":true,\"jobs_enabled\":true,\"snippets_enabled\":true,\"container_registry_enabled\":true,\"service_desk_enabled\":true,\"service_desk_address\":\"contact-project+jupiterone-dev-gaston-vulnerabilities-test-46792443-issue-@incoming.gitlab.com\",\"can_create_merge_request_in\":true,\"issues_access_level\":\"enabled\",\"repository_access_level\":\"enabled\",\"merge_requests_access_level\":\"enabled\",\"forking_access_level\":\"enabled\",\"wiki_access_level\":\"enabled\",\"builds_access_level\":\"enabled\",\"snippets_access_level\":\"enabled\",\"pages_access_level\":\"private\",\"analytics_access_level\":\"enabled\",\"container_registry_access_level\":\"enabled\",\"security_and_compliance_access_level\":\"private\",\"releases_access_level\":\"enabled\",\"environments_access_level\":\"enabled\",\"feature_flags_access_level\":\"enabled\",\"infrastructure_access_level\":\"enabled\",\"monitor_access_level\":\"enabled\",\"emails_disabled\":null,\"shared_runners_enabled\":true,\"lfs_enabled\":true,\"creator_id\":7283719,\"import_url\":null,\"import_type\":null,\"import_status\":\"none\",\"open_issues_count\":0,\"description_html\":\"\",\"updated_at\":\"2023-06-12T15:23:32.810Z\",\"ci_default_git_depth\":20,\"ci_forward_deployment_enabled\":true,\"ci_job_token_scope_enabled\":false,\"ci_separated_caches\":true,\"ci_allow_fork_pipelines_to_run_in_parent_project\":true,\"build_git_strategy\":\"fetch\",\"keep_latest_artifact\":true,\"restrict_user_defined_variables\":false,\"runners_token\":\"GR1348941f1pnX5q5CpzmHAsWcy2Z\",\"runner_token_expiration_interval\":null,\"group_runners_enabled\":true,\"auto_cancel_pending_pipelines\":\"enabled\",\"build_timeout\":3600,\"auto_devops_enabled\":false,\"auto_devops_deploy_strategy\":\"continuous\",\"ci_config_path\":\"\",\"public_jobs\":true,\"shared_with_groups\":[],\"only_allow_merge_if_pipeline_succeeds\":false,\"allow_merge_on_skipped_pipeline\":null,\"request_access_enabled\":true,\"only_allow_merge_if_all_discussions_are_resolved\":false,\"remove_source_branch_after_merge\":true,\"printing_merge_request_link_enabled\":true,\"merge_method\":\"merge\",\"squash_option\":\"default_off\",\"enforce_auth_checks_on_uploads\":true,\"suggestion_commit_message\":null,\"merge_commit_template\":null,\"squash_commit_template\":null,\"issue_branch_template\":null,\"autoclose_referenced_issues\":true,\"approvals_before_merge\":0,\"mirror\":false,\"external_authorization_classification_label\":\"\",\"marked_for_deletion_at\":null,\"marked_for_deletion_on\":null,\"requirements_enabled\":true,\"requirements_access_level\":\"enabled\",\"security_and_compliance_enabled\":true,\"compliance_frameworks\":[],\"issues_template\":null,\"merge_requests_template\":null,\"merge_pipelines_enabled\":false,\"merge_trains_enabled\":false,\"only_allow_merge_if_all_status_checks_passed\":false,\"allow_pipeline_trigger_approve_deployment\":false,\"permissions\":{\"project_access\":null,\"group_access\":{\"access_level\":50,\"notification_level\":3}}},{\"id\":25725992,\"description\":\"Learn how to use GitLab to support your software development life cycle.\",\"name\":\"Learn GitLab\",\"name_with_namespace\":\"JupiterOne Development / Learn GitLab\",\"path\":\"learn-gitlab\",\"path_with_namespace\":\"jupiterone-dev/learn-gitlab\",\"created_at\":\"2021-04-07T23:51:16.211Z\",\"default_branch\":\"master\",\"tag_list\":[],\"topics\":[],\"ssh_url_to_repo\":\"git@gitlab.com:jupiterone-dev/learn-gitlab.git\",\"http_url_to_repo\":\"https://gitlab.com/jupiterone-dev/learn-gitlab.git\",\"web_url\":\"https://gitlab.com/jupiterone-dev/learn-gitlab\",\"readme_url\":\"https://gitlab.com/jupiterone-dev/learn-gitlab/-/blob/master/README.md\",\"forks_count\":0,\"avatar_url\":\"https://gitlab.com/uploads/-/system/project/avatar/25725992/Artboard.jpg\",\"star_count\":0,\"last_activity_at\":\"2021-04-07T23:51:16.211Z\",\"namespace\":{\"id\":11641867,\"name\":\"JupiterOne Development\",\"path\":\"jupiterone-dev\",\"kind\":\"group\",\"full_path\":\"jupiterone-dev\",\"parent_id\":null,\"avatar_url\":null,\"web_url\":\"https://gitlab.com/groups/jupiterone-dev\"},\"container_registry_image_prefix\":\"registry.gitlab.com/jupiterone-dev/learn-gitlab\",\"_links\":{\"self\":\"https://gitlab.com/api/v4/projects/25725992\",\"issues\":\"https://gitlab.com/api/v4/projects/25725992/issues\",\"merge_requests\":\"https://gitlab.com/api/v4/projects/25725992/merge_requests\",\"repo_branches\":\"https://gitlab.com/api/v4/projects/25725992/repository/branches\",\"labels\":\"https://gitlab.com/api/v4/projects/25725992/labels\",\"events\":\"https://gitlab.com/api/v4/projects/25725992/events\",\"members\":\"https://gitlab.com/api/v4/projects/25725992/members\",\"cluster_agents\":\"https://gitlab.com/api/v4/projects/25725992/cluster_agents\"},\"packages_enabled\":true,\"empty_repo\":false,\"archived\":false,\"visibility\":\"private\",\"resolve_outdated_diff_discussions\":false,\"container_expiration_policy\":{\"cadence\":\"1d\",\"enabled\":false,\"keep_n\":10,\"older_than\":\"90d\",\"name_regex\":\".*\",\"name_regex_keep\":null,\"next_run_at\":\"2021-04-08T23:51:16.225Z\"},\"issues_enabled\":true,\"merge_requests_enabled\":true,\"wiki_enabled\":true,\"jobs_enabled\":true,\"snippets_enabled\":true,\"container_registry_enabled\":true,\"service_desk_enabled\":true,\"service_desk_address\":\"contact-project+jupiterone-dev-learn-gitlab-25725992-issue-@incoming.gitlab.com\",\"can_create_merge_request_in\":true,\"issues_access_level\":\"enabled\",\"repository_access_level\":\"enabled\",\"merge_requests_access_level\":\"enabled\",\"forking_access_level\":\"enabled\",\"wiki_access_level\":\"enabled\",\"builds_access_level\":\"enabled\",\"snippets_access_level\":\"enabled\",\"pages_access_level\":\"private\",\"analytics_access_level\":\"enabled\",\"container_registry_access_level\":\"enabled\",\"security_and_compliance_access_level\":\"private\",\"releases_access_level\":\"enabled\",\"environments_access_level\":\"enabled\",\"feature_flags_access_level\":\"enabled\",\"infrastructure_access_level\":\"enabled\",\"monitor_access_level\":\"enabled\",\"emails_disabled\":null,\"shared_runners_enabled\":true,\"lfs_enabled\":true,\"creator_id\":8625568,\"import_url\":null,\"import_type\":\"gitlab_project\",\"import_status\":\"finished\",\"open_issues_count\":12,\"description_html\":\"\\u003cp data-sourcepos=\\\"1:1-1:72\\\" dir=\\\"auto\\\"\\u003eLearn how to use GitLab to support your software development life cycle.\\u003c/p\\u003e\",\"updated_at\":\"2023-04-25T23:32:23.663Z\",\"ci_default_git_depth\":50,\"ci_forward_deployment_enabled\":true,\"ci_job_token_scope_enabled\":false,\"ci_separated_caches\":true,\"ci_allow_fork_pipelines_to_run_in_parent_project\":true,\"build_git_strategy\":\"fetch\",\"keep_latest_artifact\":true,\"restrict_user_defined_variables\":false,\"runners_token\":\"GR1348941x6U44hSAvqKjde7Ao1ti\",\"runner_token_expiration_interval\":null,\"group_runners_enabled\":true,\"auto_cancel_pending_pipelines\":\"enabled\",\"build_timeout\":3600,\"auto_devops_enabled\":false,\"auto_devops_deploy_strategy\":\"continuous\",\"ci_config_path\":\"\",\"public_jobs\":true,\"shared_with_groups\":[],\"only_allow_merge_if_pipeline_succeeds\":false,\"allow_merge_on_skipped_pipeline\":null,\"request_access_enabled\":true,\"only_allow_merge_if_all_discussions_are_resolved\":false,\"remove_source_branch_after_merge\":true,\"printing_merge_request_link_enabled\":true,\"merge_method\":\"merge\",\"squash_option\":\"default_off\",\"enforce_auth_checks_on_uploads\":true,\"suggestion_commit_message\":null,\"merge_commit_template\":null,\"squash_commit_template\":null,\"issue_branch_template\":null,\"autoclose_referenced_issues\":true,\"approvals_before_merge\":0,\"mirror\":false,\"external_authorization_classification_label\":\"\",\"marked_for_deletion_at\":null,\"marked_for_deletion_on\":null,\"requirements_enabled\":true,\"requirements_access_level\":\"enabled\",\"security_and_compliance_enabled\":true,\"compliance_frameworks\":[],\"issues_template\":null,\"merge_requests_template\":null,\"merge_pipelines_enabled\":false,\"merge_trains_enabled\":false,\"only_allow_merge_if_all_status_checks_passed\":false,\"allow_pipeline_trigger_approve_deployment\":false,\"permissions\":{\"project_access\":null,\"group_access\":{\"access_level\":50,\"notification_level\":3}}},{\"id\":25725991,\"description\":\"\",\"name\":\"test-proj\",\"name_with_namespace\":\"JupiterOne Development / test-proj\",\"path\":\"test-proj\",\"path_with_namespace\":\"jupiterone-dev/test-proj\",\"created_at\":\"2021-04-07T23:51:15.461Z\",\"default_branch\":\"master\",\"tag_list\":[\"python\",\"web\"],\"topics\":[\"python\",\"web\"],\"ssh_url_to_repo\":\"git@gitlab.com:jupiterone-dev/test-proj.git\",\"http_url_to_repo\":\"https://gitlab.com/jupiterone-dev/test-proj.git\",\"web_url\":\"https://gitlab.com/jupiterone-dev/test-proj\",\"readme_url\":\"https://gitlab.com/jupiterone-dev/test-proj/-/blob/master/README.md\",\"forks_count\":0,\"avatar_url\":null,\"star_count\":0,\"last_activity_at\":\"2023-06-09T11:52:57.851Z\",\"namespace\":{\"id\":11641867,\"name\":\"JupiterOne Development\",\"path\":\"jupiterone-dev\",\"kind\":\"group\",\"full_path\":\"jupiterone-dev\",\"parent_id\":null,\"avatar_url\":null,\"web_url\":\"https://gitlab.com/groups/jupiterone-dev\"},\"container_registry_image_prefix\":\"registry.gitlab.com/jupiterone-dev/test-proj\",\"_links\":{\"self\":\"https://gitlab.com/api/v4/projects/25725991\",\"issues\":\"https://gitlab.com/api/v4/projects/25725991/issues\",\"merge_requests\":\"https://gitlab.com/api/v4/projects/25725991/merge_requests\",\"repo_branches\":\"https://gitlab.com/api/v4/projects/25725991/repository/branches\",\"labels\":\"https://gitlab.com/api/v4/projects/25725991/labels\",\"events\":\"https://gitlab.com/api/v4/projects/25725991/events\",\"members\":\"https://gitlab.com/api/v4/projects/25725991/members\",\"cluster_agents\":\"https://gitlab.com/api/v4/projects/25725991/cluster_agents\"},\"packages_enabled\":true,\"empty_repo\":false,\"archived\":false,\"visibility\":\"private\",\"resolve_outdated_diff_discussions\":false,\"container_expiration_policy\":{\"cadence\":\"1d\",\"enabled\":false,\"keep_n\":10,\"older_than\":\"90d\",\"name_regex\":\".*\",\"name_regex_keep\":null,\"next_run_at\":\"2021-04-08T23:51:15.484Z\"},\"issues_enabled\":true,\"merge_requests_enabled\":true,\"wiki_enabled\":true,\"jobs_enabled\":true,\"snippets_enabled\":true,\"container_registry_enabled\":true,\"service_desk_enabled\":true,\"service_desk_address\":\"contact-project+jupiterone-dev-test-proj-25725991-issue-@incoming.gitlab.com\",\"can_create_merge_request_in\":true,\"issues_access_level\":\"enabled\",\"repository_access_level\":\"enabled\",\"merge_requests_access_level\":\"enabled\",\"forking_access_level\":\"enabled\",\"wiki_access_level\":\"enabled\",\"builds_access_level\":\"enabled\",\"snippets_access_level\":\"enabled\",\"pages_access_level\":\"private\",\"analytics_access_level\":\"enabled\",\"container_registry_access_level\":\"enabled\",\"security_and_compliance_access_level\":\"private\",\"releases_access_level\":\"enabled\",\"environments_access_level\":\"enabled\",\"feature_flags_access_level\":\"enabled\",\"infrastructure_access_level\":\"enabled\",\"monitor_access_level\":\"enabled\",\"emails_disabled\":null,\"shared_runners_enabled\":true,\"lfs_enabled\":true,\"creator_id\":8625568,\"import_url\":null,\"import_type\":null,\"import_status\":\"none\",\"open_issues_count\":0,\"description_html\":\"\",\"updated_at\":\"2023-06-09T11:52:57.851Z\",\"ci_default_git_depth\":50,\"ci_forward_deployment_enabled\":true,\"ci_job_token_scope_enabled\":false,\"ci_separated_caches\":true,\"ci_allow_fork_pipelines_to_run_in_parent_project\":true,\"build_git_strategy\":\"fetch\",\"keep_latest_artifact\":true,\"restrict_user_defined_variables\":false,\"runners_token\":\"GR1348941qtATsERHb9Yn1vqthKVx\",\"runner_token_expiration_interval\":null,\"group_runners_enabled\":true,\"auto_cancel_pending_pipelines\":\"enabled\",\"build_timeout\":3600,\"auto_devops_enabled\":false,\"auto_devops_deploy_strategy\":\"continuous\",\"ci_config_path\":\"\",\"public_jobs\":true,\"shared_with_groups\":[],\"only_allow_merge_if_pipeline_succeeds\":false,\"allow_merge_on_skipped_pipeline\":null,\"request_access_enabled\":true,\"only_allow_merge_if_all_discussions_are_resolved\":false,\"remove_source_branch_after_merge\":true,\"printing_merge_request_link_enabled\":true,\"merge_method\":\"merge\",\"squash_option\":\"default_off\",\"enforce_auth_checks_on_uploads\":true,\"suggestion_commit_message\":null,\"merge_commit_template\":null,\"squash_commit_template\":null,\"issue_branch_template\":null,\"autoclose_referenced_issues\":true,\"approvals_before_merge\":0,\"mirror\":false,\"external_authorization_classification_label\":\"\",\"marked_for_deletion_at\":null,\"marked_for_deletion_on\":null,\"requirements_enabled\":true,\"requirements_access_level\":\"enabled\",\"security_and_compliance_enabled\":true,\"compliance_frameworks\":[],\"issues_template\":null,\"merge_requests_template\":null,\"merge_pipelines_enabled\":false,\"merge_trains_enabled\":false,\"only_allow_merge_if_all_status_checks_passed\":false,\"allow_pipeline_trigger_approve_deployment\":false,\"permissions\":{\"project_access\":null,\"group_access\":{\"access_level\":50,\"notification_level\":3}}}]" }, "cookies": [ { @@ -560,16 +541,12 @@ "headers": [ { "name": "date", - "value": "Tue, 13 Jun 2023 13:41:20 GMT" + "value": "Wed, 14 Jun 2023 13:25:57 GMT" }, { "name": "content-type", "value": "application/json" }, - { - "name": "transfer-encoding", - "value": "chunked" - }, { "name": "connection", "value": "close" @@ -604,7 +581,7 @@ }, { "name": "x-gitlab-meta", - "value": "{\"correlation_id\":\"df94b61c25ee46470102e98858e458e2\",\"version\":\"1\"}" + "value": "{\"correlation_id\":\"6a0e2b851f9e7e43c02a63c83ebfda62\",\"version\":\"1\"}" }, { "name": "x-next-page", @@ -624,11 +601,11 @@ }, { "name": "x-request-id", - "value": "df94b61c25ee46470102e98858e458e2" + "value": "6a0e2b851f9e7e43c02a63c83ebfda62" }, { "name": "x-runtime", - "value": "0.288138" + "value": "0.169705" }, { "name": "x-total", @@ -648,19 +625,19 @@ }, { "name": "ratelimit-observed", - "value": "6" + "value": "3" }, { "name": "ratelimit-remaining", - "value": "1994" + "value": "1997" }, { "name": "ratelimit-reset", - "value": "1686663740" + "value": "1686749217" }, { "name": "ratelimit-resettime", - "value": "Tue, 13 Jun 2023 13:42:20 GMT" + "value": "Wed, 14 Jun 2023 13:26:57 GMT" }, { "name": "ratelimit-limit", @@ -668,7 +645,7 @@ }, { "name": "gitlab-lb", - "value": "fe-19-lb-gprd" + "value": "fe-12-lb-gprd" }, { "name": "gitlab-sv", @@ -680,7 +657,7 @@ }, { "name": "report-to", - "value": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=nsIbqIlOCHV2HE6nAChve0A%2B13XSjCrWe8GD6PJqekugveUobk077Q%2ByOmJ3%2F3q6mX5z4tTv2D8Or%2BTdv7%2Bu%2FJF1rCPSrCfE1JHZ8O5PikS7dmwpIBpTSEzI0N8%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}" + "value": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=RIBXE0RdPcLspSsOTux4Th1aAQJkf4esg2C6ntwZLeUScAzJyxZXmjJcSn4du8BTWVFjr%2BRMNtm8jUCXOGYRnkbNQh49ycxN6p4ifgU2FwkM7SAOismqHlLn4SY%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}" }, { "name": "nel", @@ -697,21 +674,17 @@ }, { "name": "cf-ray", - "value": "7d6ac01d6bf408b8-EZE" - }, - { - "name": "content-encoding", - "value": "gzip" + "value": "7d72e6f5c84508c0-EZE" } ], - "headersSize": 2144, + "headersSize": 2134, "httpVersion": "HTTP/1.1", "redirectURL": "", "status": 200, "statusText": "OK" }, - "startedDateTime": "2023-06-13T13:41:19.451Z", - "time": 682, + "startedDateTime": "2023-06-14T13:25:56.538Z", + "time": 499, "timings": { "blocked": -1, "connect": -1, @@ -719,7 +692,7 @@ "receive": 0, "send": 0, "ssl": -1, - "wait": 682 + "wait": 499 } }, { @@ -733,7 +706,7 @@ { "_fromType": "array", "name": "private-token", - "value": "glpat-QihpZ7LzBWRBP_EW-VSs" + "value": "[REDACTED]" }, { "_fromType": "array", @@ -780,12 +753,11 @@ "url": "https://gitlab.com/api/v4/projects/46792443/vulnerability_findings?severity=medium%2Chigh%2Ccritical&page=1&per_page=100" }, "response": { - "bodySize": 3447, + "bodySize": 3451, "content": { - "encoding": "base64", "mimeType": "application/json", - "size": 3447, - "text": "[\"H4sIAAAAAAAAA+1Z73LbNhJ/FQz7oclEFP/LEjP54HPcJG3a6Cq37qTOcEBiKSIhAR4ASnYznrmHuCe8J7lZkFRkJ05at9frtf5iScD+w2J3sfvzj28dzpx0lvjhbBEE8XziKGilMpm5aMFJHUa1cSaOoA3+OlotU3LKa1ZQxchjrqAwfAPOxNGwAcXNhZM6DTDeNc7EKaQoOQNRIGsn3gi5FUhaUCFAOelbB84NKEHrDI1wfqKtkucX79S9OD1cLclLYOTQGFq8IUvcJ/deHi7vOxNnA4JJ5aTOE26e09y5nDiozvCSg9JO+uOeguE4Lw+tiGxZd2sunjFncs2GwPeT5OccuFO1kzqVMa1OPW/NTdXl00I23nCK3Wdey9zbhn6wcP3ADWKPyUJ7gxP0tGHO5eR9Q49Oj9+zbbaI9iw7PXb7hauWFFuYNtwomEq19hg11GNQcsENl0J7s0U0rUxTO5evJk6r5GsoTFZysQbVKi6MvfJoQSOABGZ5nPssCpMkL6FcJDM/mC98WrK5f+AvUHVnDQvn5UEQ5oEbzoLCTZIkceksDN15zBZ+EMVlHpcYDwqogew1VzTjWneQWdNFV9cTp6S1hqyVmlsHp/b3jmfT1QIUzXnNzUVWArCcFm8GKS01lZM63uuu5QaUFOAy2Hhrqo0U7j4rB+0a0MZzvQ9LdD6lsQG1hkzBPzrQ5nfVzLhuuNa0/o21DkGA6YiXGc8OFmEcR7tAe2LFku+viiUnYAtD2dW3MWjkHHR82TO+EEAewwZq2TYgDPHIx5UrKHUfQ7/IGciGxeKdR3fuGIKxj6vrq1fv/vquNnh5RlGh+1xz0h9fjaJqLt4MC1el7G0w0IXiLfJifkth0AcrKDosrGQpa15ckHtHq+V9wjWhglDGgJGaXoAisiR6JDUVNaSCutXESMLAQGEIFYw03PA1NUAKUIZyQbDaaOSltsDqKXkmirpjXKzJvbwzREhDat5wA4wYeZ8cKak1WXEDZNVbi5Q/rFb3J1YDFhzCBUYUl+Kd2JMKNIw/CVVAOg2MlFIRfDkuTIWCSiWbXoSpoDRovUZVDEpagI0JqQjj2iied1aDLElD6y1VMCVHqyVpldxwBppQosFYtxgqGJbvpycnS1IBZaB07yNa13JLtpBbLXIr7A66rKjRRtqiOGBEy04VvaeK4WKsgFzJrUYmXcmuZiSHXqb1FqklZUSKnrSlayD//ue/SCE3oJDA+h7VfEk3tPfmhBytVhPy9OTr56RUtAE9IaUURk8Ib+ga6QUj0OTAGM1rIDJHV2uiu6IiVFtRaHYNyHNoX6sfJoR2jEvLi86RpOQ16KlzJegy+y6kzlnn+1HR2ntw+4O3Uj86c4I0cIN0FoRnDmFcPTpzaGfkWc8AdwF7F7D/7YDtQ9Nr+4hzJs5YPt/udUGp52232+k2sh3Qybfe0WoZerbL+jjRB2gKKninwTZ2n2mgqqgeDf58MEbvg9YG+geYe0J3JHR7QivsGvW1HlJXtIWRzdO03lD7LLzPxPrnEjvJtZTrujd1C7lXdoJRjEBaa28nq9DtZ70ZGTqdg86MzGi25QyyDVUczEUmy0zBEEG2Uaxl0RuQvnWGxx47B6po039twFSS9d8rqc3wro9Wvg7cdeFyYWCtrCB8o91NNO2KqZrSttWtNGg5PssKcIKge2+olnU3PIvHQncK+gC9kJ3CXCAa1AbUxIYR7y3drdmQzmlNRYE/wRRTLEatQqfVF8QOKetO9QmAGWgqIEMxc8di5g7FrE9GLJyw2Y02mOxdbVytCvK5kAI+f4jlg5QSMwvLBBs=\",\"BwdNgJsK1JjI42Qxpus9qQhaqo1UGiuUAlvRbAsPbILVBNcwI+sLzGbK6otxO+1T0N1JwFxUjUv72oY27Sy5p+9/gtzWk0aKtfXI3hGs85m0hpW0rrEL6ovQzg8Tgp0VF2sPzsfybCpo0PUoTdMGMPvp6CEq+oo6tW2d7Y0w2IbiZzN8HHxoUYGLF6RkjVMgrTtcF9ItcMsmyUD7VNo+cST5JWG4k7FUdN3QTyj6ToNyD9cg9tV9LX/idU29ZOqTe6dcMLnV5JsTEvhT/yE55WIWPyTn+Edt0sBPpv598gSKN9IL/cD3Az8gX3AFpTz37K5NxV2mPTk+eW/4+9kH9JTMpdFTc44G55Jd9G2sTT/dSqHhJvcPmfEcxNpUe6cN4sW+R27IoD2G99PmQ/wnOA+/YzJwbjxsVB6SoqJKg3nUmdKd77M+pgauXIOYkCAkX3aChH4YkSBJw3nqz8mTr0/2+Va2ZOxxPrEVlXyhrC1sn/Z7qvbPclgU0Br3WBQSY32f8gf3qJYdc08ULfq4hfP9KIlz/2CWQ1zGQeL7UR7Ny8SPymBRhGF0UMI1WXtucV+0fZHcj00teFle5VnKLb7f7t/2LT4+bxXovrwroFqKrK0UxXt3vpGGfCE7gfAIjjWdzgrJwEljP74WLWMZzPoKthuGuhZRJC7WWQNaYyMwblGtwexGHkN5rTHUOtV/jgn17XM814CG1NzmMTfQ9MFYKSh/fdwP0jGH0GG3ForNWEPb6XlTX5P6qh8zhw4qo2bviI9364TuWXMtPDBiXX/mBuHJGLfTMFo4l5fDyGkzCRtmYAO4No7yyXw2j8I4HpGFXv91iQdpEE/9ZPESq0nLbqSbp8FiOl8cIF3e8ZpZUCqOk4NFNFscJL3ua7ghF6V00reX77CmqxhDy1uouQC7PF8cRH6URPHEqalFCVKjOhhj0Ekd3RUFALMnLbnAVNNZS5WxE3cmuiZHYHEWX04cxN1GZMJe7xWgc/EJoPOjw8xTWxYJpskKzJ8L/Yzmt/bCHST6DhJN/DCPGAN3Ps8TN1lQ5s6LYObOKIUkXgRlGNI7SPQOEr2DRP/okOiE8B3CdDOYdIcl/SXAz2Th/4HAz7vQ/AvDnFfQv2nTYw22wwHhfrfqe6pTyL0xJi3E+QxhE9YVOJkNQZuNBNnyQ0Cm7aAqoEZXAEaD4qCnckt1a5XtbXk3CMyOkCZbIdHQad0Gi91GxXRoKrlEiBNHMCg83UKhbwJbEfB0kYKXAzI4ZbD5iBW4kyiJyYGtKwjPdEYqfhVFvUHZJwDkEqgZ4eOR9Xbg8Z8Sk70NFDtBUlpUHDZAZGt4Q+sx+8mAQqTk7CY46syxpe6oUrIBEiYPJiPkRsLogU3MFS2p4uTgwYSc7QEwHxY0MsdTv+d+JnBcAUOOz9taKlAk8B/0/3lCaaeQf8WNe7RaXrUkiK8onz24BjnfoaS/B0r6m0Gj0f8Y2Tw+oes9vlPvzGFu/bjdPv97/tO3L5suLl/T1xsRfXV6eB60b86c2+Kin0I7w3mcx3O/CPIoXvizwg9ZMWclPcipP08Wi1+JXL746jpkGfr+/zdk+RvilL8LOBkFB3fg5C8DJ1/9B5BnQDaHKQAA\"]" + "size": 3451, + "text": "[{\"id\":6502691148,\"report_type\":\"dast\",\"name\":\"CSP: Wildcard Directive\",\"severity\":\"medium\",\"confidence\":\"unknown\",\"scanner\":{\"external_id\":\"zaproxy\",\"name\":\"OWASP Zed Attack Proxy (ZAP)\",\"vendor\":\"GitLab\"},\"identifiers\":[{\"external_type\":\"ZAProxy_PluginId\",\"external_id\":\"10055\",\"name\":\"CSP: Wildcard Directive\",\"url\":\"https://github.com/zaproxy/zaproxy/blob/w2019-01-14/docs/scanners.md\"},{\"external_type\":\"CWE\",\"external_id\":\"693\",\"name\":\"CWE-693\",\"url\":\"https://cwe.mitre.org/data/definitions/693.html\"}],\"project_fingerprint\":\"da39a3ee5e6b4b0d3255bfef95601890afd80709\",\"uuid\":\"28f712b1-261c-5555-a622-84d90134fb4f\",\"create_jira_issue_url\":null,\"false_positive\":false,\"create_vulnerability_feedback_issue_path\":\"/jupiterone-dev/gaston-vulnerabilities-test/-/vulnerability_feedback\",\"create_vulnerability_feedback_merge_request_path\":\"/jupiterone-dev/gaston-vulnerabilities-test/-/vulnerability_feedback\",\"create_vulnerability_feedback_dismissal_path\":\"/jupiterone-dev/gaston-vulnerabilities-test/-/vulnerability_feedback\",\"project\":{\"id\":46792443,\"name\":\"Gaston Vulnerabilities Test\",\"full_path\":\"/jupiterone-dev/gaston-vulnerabilities-test\",\"full_name\":\"JupiterOne Development / Gaston Vulnerabilities Test\",\"refs_url\":\"/jupiterone-dev/gaston-vulnerabilities-test/refs\"},\"dismissal_feedback\":null,\"issue_feedback\":null,\"merge_request_feedback\":null,\"state_transitions\":[],\"issue_links\":[],\"merge_request_links\":[],\"description\":\"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.\",\"description_html\":\"\\u003cp data-sourcepos=\\\"1:1-1:612\\\" dir=\\\"auto\\\"\\u003eContent Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.\\u003c/p\\u003e\",\"links\":[{\"url\":\"http://www.w3.org/TR/CSP2/\"},{\"url\":\"http://www.w3.org/TR/CSP/\"},{\"url\":\"http://caniuse.com/#search=content+security+policy\"},{\"url\":\"http://content-security-policy.com/\"},{\"url\":\"https://github.com/shapesecurity/salvation\"},{\"url\":\"https://developers.google.com/web/fundamentals/security/csp#policy_applies_to_a_wide_variety_of_resources\"}],\"location\":{\"path\":\"\",\"param\":\"\",\"method\":\"\",\"hostname\":\"https://j1-gc-integration-dev-v3.uc.r.appspot.com\"},\"remediations\":[],\"solution\":\"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.\",\"evidence\":\"default-src 'none'; The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action The directive(s): frame-ancestors, form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.\",\"request\":{\"headers\":[{\"name\":\"Cache-Control\",\"value\":\"no-cache\"},{\"name\":\"Host\",\"value\":\"j1-gc-integration-dev-v3.uc.r.appspot.com\"},{\"name\":\"Pragma\",\"value\":\"no-cache\"},{\"name\":\"User-Agent\",\"value\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\"}],\"method\":\"GET\",\"url\":\"https://j1-gc-integration-dev-v3.uc.r.appspot.com/robots.txt\",\"body\":null},\"response\":{\"headers\":[{\"name\":\"Content-Length\",\"value\":\"149\"},{\"name\":\"Content-Security-Policy\",\"value\":\"default-src 'none'\"},{\"name\":\"Content-Type\",\"value\":\"text/html; charset=utf-8\"},{\"name\":\"Date\",\"value\":\"Mon, 12 Jun 2023 15:28:08 GMT\"},{\"name\":\"Server\",\"value\":\"Google Frontend\"},{\"name\":\"Vary\",\"value\":\"Accept-Encoding\"},{\"name\":\"X-Cloud-Trace-Context\",\"value\":\"4b076be4f415003b38f503f19c2237fe\"},{\"name\":\"X-Content-Type-Options\",\"value\":\"nosniff\"},{\"name\":\"X-Powered-By\",\"value\":\"Express\"}],\"reason_phrase\":\"Not Found\",\"status_code\":404,\"body\":null},\"evidence_source\":null,\"supporting_messages\":null,\"assets\":[],\"details\":{\"urls\":{\"name\":\"URLs\",\"type\":\"list\",\"items\":[{\"href\":\"https://j1-gc-integration-dev-v3.uc.r.appspot.com/robots.txt\",\"type\":\"url\"},{\"href\":\"https://j1-gc-integration-dev-v3.uc.r.appspot.com/sitemap.xml\",\"type\":\"url\"}]},\"discovered_at\":{\"name\":\"Discovered at\",\"type\":\"text\",\"value\":\"2023-06-12T15:28:08.239\"}},\"state\":\"detected\",\"scan\":{\"id\":58683244,\"created_at\":\"2023-06-12T15:27:14.059Z\",\"updated_at\":\"2023-06-12T15:28:19.897Z\",\"build_id\":4457936975,\"scan_type\":\"dast\",\"info\":{},\"project_id\":46792443,\"pipeline_id\":897303534,\"latest\":true,\"status\":\"succeeded\",\"findings_partition_number\":64},\"blob_path\":\"\"},{\"id\":6502691149,\"report_type\":\"dast\",\"name\":\"Content Security Policy (CSP) Header Not Set\",\"severity\":\"medium\",\"confidence\":\"unknown\",\"scanner\":{\"external_id\":\"zaproxy\",\"name\":\"OWASP Zed Attack Proxy (ZAP)\",\"vendor\":\"GitLab\"},\"identifiers\":[{\"external_type\":\"ZAProxy_PluginId\",\"external_id\":\"10038\",\"name\":\"Content Security Policy (CSP) Header Not Set\",\"url\":\"https://github.com/zaproxy/zaproxy/blob/w2019-01-14/docs/scanners.md\"},{\"external_type\":\"CWE\",\"external_id\":\"693\",\"name\":\"CWE-693\",\"url\":\"https://cwe.mitre.org/data/definitions/693.html\"}],\"project_fingerprint\":\"da39a3ee5e6b4b0d3255bfef95601890afd80709\",\"uuid\":\"502b3dde-88b5-59ad-8c16-6aae5491f22a\",\"create_jira_issue_url\":null,\"false_positive\":false,\"create_vulnerability_feedback_issue_path\":\"/jupiterone-dev/gaston-vulnerabilities-test/-/vulnerability_feedback\",\"create_vulnerability_feedback_merge_request_path\":\"/jupiterone-dev/gaston-vulnerabilities-test/-/vulnerability_feedback\",\"create_vulnerability_feedback_dismissal_path\":\"/jupiterone-dev/gaston-vulnerabilities-test/-/vulnerability_feedback\",\"project\":{\"id\":46792443,\"name\":\"Gaston Vulnerabilities Test\",\"full_path\":\"/jupiterone-dev/gaston-vulnerabilities-test\",\"full_name\":\"JupiterOne Development / Gaston Vulnerabilities Test\",\"refs_url\":\"/jupiterone-dev/gaston-vulnerabilities-test/refs\"},\"dismissal_feedback\":null,\"issue_feedback\":null,\"merge_request_feedback\":null,\"state_transitions\":[],\"issue_links\":[],\"merge_request_links\":[],\"description\":\"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.\",\"description_html\":\"\\u003cp data-sourcepos=\\\"1:1-1:590\\\" dir=\\\"auto\\\"\\u003eContent Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.\\u003c/p\\u003e\",\"links\":[{\"url\":\"https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy\"},{\"url\":\"https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\"},{\"url\":\"http://www.w3.org/TR/CSP/\"},{\"url\":\"http://w3c.github.io/webappsec/specs/content-security-policy/csp-specification.dev.html\"},{\"url\":\"http://www.html5rocks.com/en/tutorials/security/content-security-policy/\"},{\"url\":\"http://caniuse.com/#feat=contentsecuritypolicy\"},{\"url\":\"http://content-security-policy.com/\"}],\"location\":{\"path\":\"\",\"param\":\"\",\"method\":\"\",\"hostname\":\"https://j1-gc-integration-dev-v3.uc.r.appspot.com\"},\"remediations\":[],\"solution\":\"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header, to achieve optimal browser support: \\\"Content-Security-Policy\\\" for Chrome 25+, Firefox 23+ and Safari 7+, \\\"X-Content-Security-Policy\\\" for Firefox 4.0+ and Internet Explorer 10+, and \\\"X-WebKit-CSP\\\" for Chrome 14+ and Safari 6+.\",\"evidence\":\"\",\"request\":{\"headers\":[{\"name\":\"Cache-Control\",\"value\":\"no-cache\"},{\"name\":\"Host\",\"value\":\"j1-gc-integration-dev-v3.uc.r.appspot.com\"},{\"name\":\"Pragma\",\"value\":\"no-cache\"},{\"name\":\"User-Agent\",\"value\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\"}],\"method\":\"GET\",\"url\":\"https://j1-gc-integration-dev-v3.uc.r.appspot.com\",\"body\":null},\"response\":{\"headers\":[{\"name\":\"Content-Length\",\"value\":\"13\"},{\"name\":\"Content-Type\",\"value\":\"text/html; charset=utf-8\"},{\"name\":\"Date\",\"value\":\"Mon, 12 Jun 2023 15:28:08 GMT\"},{\"name\":\"ETag\",\"value\":\"W/\\\"d-lDpwLQbzRZmu4fjajvn3KWAx1pk\\\"\"},{\"name\":\"Server\",\"value\":\"Google Frontend\"},{\"name\":\"X-Cloud-Trace-Context\",\"value\":\"284b480c1b34906c02dc8dfa7ba08599\"},{\"name\":\"X-Powered-By\",\"value\":\"Express\"}],\"reason_phrase\":\"OK\",\"status_code\":200,\"body\":null},\"evidence_source\":null,\"supporting_messages\":null,\"assets\":[],\"details\":{\"urls\":{\"name\":\"URLs\",\"type\":\"list\",\"items\":[{\"href\":\"https://j1-gc-integration-dev-v3.uc.r.appspot.com\",\"type\":\"url\"},{\"href\":\"https://j1-gc-integration-dev-v3.uc.r.appspot.com/\",\"type\":\"url\"}]},\"discovered_at\":{\"name\":\"Discovered at\",\"type\":\"text\",\"value\":\"2023-06-12T15:28:08.317\"}},\"state\":\"detected\",\"scan\":{\"id\":58683244,\"created_at\":\"2023-06-12T15:27:14.059Z\",\"updated_at\":\"2023-06-12T15:28:19.897Z\",\"build_id\":4457936975,\"scan_type\":\"dast\",\"info\":{},\"project_id\":46792443,\"pipeline_id\":897303534,\"latest\":true,\"status\":\"succeeded\",\"findings_partition_number\":64},\"blob_path\":\"\"}]" }, "cookies": [ { @@ -801,16 +773,12 @@ "headers": [ { "name": "date", - "value": "Tue, 13 Jun 2023 13:41:20 GMT" + "value": "Wed, 14 Jun 2023 13:25:57 GMT" }, { "name": "content-type", "value": "application/json" }, - { - "name": "transfer-encoding", - "value": "chunked" - }, { "name": "connection", "value": "close" @@ -845,7 +813,7 @@ }, { "name": "x-gitlab-meta", - "value": "{\"correlation_id\":\"9ec93dc8e8da1d26173296a136110534\",\"version\":\"1\"}" + "value": "{\"correlation_id\":\"44c39d059de6b8a7727810d6c93dca09\",\"version\":\"1\"}" }, { "name": "x-next-page", @@ -865,11 +833,11 @@ }, { "name": "x-request-id", - "value": "9ec93dc8e8da1d26173296a136110534" + "value": "44c39d059de6b8a7727810d6c93dca09" }, { "name": "x-runtime", - "value": "0.310541" + "value": "0.264318" }, { "name": "x-total", @@ -889,19 +857,19 @@ }, { "name": "ratelimit-observed", - "value": "7" + "value": "3" }, { "name": "ratelimit-remaining", - "value": "1993" + "value": "1997" }, { "name": "ratelimit-reset", - "value": "1686663740" + "value": "1686749217" }, { "name": "ratelimit-resettime", - "value": "Tue, 13 Jun 2023 13:42:20 GMT" + "value": "Wed, 14 Jun 2023 13:26:57 GMT" }, { "name": "ratelimit-limit", @@ -909,7 +877,7 @@ }, { "name": "gitlab-lb", - "value": "fe-21-lb-gprd" + "value": "fe-30-lb-gprd" }, { "name": "gitlab-sv", @@ -921,7 +889,7 @@ }, { "name": "report-to", - "value": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=O6PWhufLNGUC6YPFQ9lOFBDoTYQPArJQwgWzrpV%2BW3XYa9StX4ApX2eYPoXAlnoeKk6H%2BYNV52Rb0YdyKOBKosrCXQBhOjeiCdAbkBxNBVitmVf2zBxKk7n%2Fe4I%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}" + "value": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=ITnY90Z%2Buwd7Q%2BHuUzeauR%2B%2FNxq2JYtNg4CRpDfIk%2FY1Lxg4S2P5%2BAwVFPNvlWu0%2BFW6bAytL8VE9D5np%2FHDNo1wxecDSdfr3oDCKdfCaJ1I%2Fj%2B9a3GkADp5nKw%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}" }, { "name": "nel", @@ -938,21 +906,17 @@ }, { "name": "cf-ray", - "value": "7d6ac021bb8b0901-EZE" - }, - { - "name": "content-encoding", - "value": "gzip" + "value": "7d72e6f919071870-EZE" } ], - "headersSize": 2780, + "headersSize": 2794, "httpVersion": "HTTP/1.1", "redirectURL": "", "status": 200, "statusText": "OK" }, - "startedDateTime": "2023-06-13T13:41:20.147Z", - "time": 702, + "startedDateTime": "2023-06-14T13:25:57.042Z", + "time": 589, "timings": { "blocked": -1, "connect": -1, @@ -960,7 +924,7 @@ "receive": 0, "send": 0, "ssl": -1, - "wait": 702 + "wait": 589 } }, { @@ -974,7 +938,7 @@ { "_fromType": "array", "name": "private-token", - "value": "glpat-QihpZ7LzBWRBP_EW-VSs" + "value": "[REDACTED]" }, { "_fromType": "array", @@ -1041,7 +1005,7 @@ "headers": [ { "name": "date", - "value": "Tue, 13 Jun 2023 13:41:21 GMT" + "value": "Wed, 14 Jun 2023 13:25:58 GMT" }, { "name": "content-type", @@ -1085,7 +1049,7 @@ }, { "name": "x-gitlab-meta", - "value": "{\"correlation_id\":\"b4c80e083136fe72c92c31c400e5de6d\",\"version\":\"1\"}" + "value": "{\"correlation_id\":\"f00d0d690c7ddf53c7b94b33595e5c1a\",\"version\":\"1\"}" }, { "name": "x-next-page", @@ -1105,11 +1069,11 @@ }, { "name": "x-request-id", - "value": "b4c80e083136fe72c92c31c400e5de6d" + "value": "f00d0d690c7ddf53c7b94b33595e5c1a" }, { "name": "x-runtime", - "value": "0.069433" + "value": "0.164662" }, { "name": "x-total", @@ -1129,19 +1093,19 @@ }, { "name": "ratelimit-observed", - "value": "8" + "value": "2" }, { "name": "ratelimit-remaining", - "value": "1992" + "value": "1998" }, { "name": "ratelimit-reset", - "value": "1686663741" + "value": "1686749218" }, { "name": "ratelimit-resettime", - "value": "Tue, 13 Jun 2023 13:42:21 GMT" + "value": "Wed, 14 Jun 2023 13:26:58 GMT" }, { "name": "ratelimit-limit", @@ -1149,7 +1113,7 @@ }, { "name": "gitlab-lb", - "value": "fe-39-lb-gprd" + "value": "fe-20-lb-gprd" }, { "name": "gitlab-sv", @@ -1165,7 +1129,7 @@ }, { "name": "report-to", - "value": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=BYPcQSwZdwnkJg7gPO4Lu03dRxeSXuZUuU9h8rmfiifinrzn%2FkkkFd6iXM8khDOnlZ6SbjX17YHq7mOrWCUKRkKX4WmK6GQflLl6KIisK7hPYc3V0vh%2F3dlKfaE%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}" + "value": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=6l1UT6q091%2FSOtkzB97U15HWjhMh4Pmnng1d49H1jV6s6NCWlfMKcwKo7yyZIP7fC2OPGpUWPta%2Bqrmp8BqG7bx6oEY8CQV5XzM%2B3cfCQjrXLDW%2FpnlymScoPfg%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}" }, { "name": "nel", @@ -1182,17 +1146,17 @@ }, { "name": "cf-ray", - "value": "7d6ac0263c9908dd-EZE" + "value": "7d72e6fc997208d9-EZE" } ], - "headersSize": 2767, + "headersSize": 2771, "httpVersion": "HTTP/1.1", "redirectURL": "", "status": 200, "statusText": "OK" }, - "startedDateTime": "2023-06-13T13:41:20.868Z", - "time": 337, + "startedDateTime": "2023-06-14T13:25:57.644Z", + "time": 473, "timings": { "blocked": -1, "connect": -1, @@ -1200,7 +1164,7 @@ "receive": 0, "send": 0, "ssl": -1, - "wait": 337 + "wait": 473 } }, { @@ -1214,7 +1178,7 @@ { "_fromType": "array", "name": "private-token", - "value": "glpat-QihpZ7LzBWRBP_EW-VSs" + "value": "[REDACTED]" }, { "_fromType": "array", @@ -1281,7 +1245,7 @@ "headers": [ { "name": "date", - "value": "Tue, 13 Jun 2023 13:41:21 GMT" + "value": "Wed, 14 Jun 2023 13:25:58 GMT" }, { "name": "content-type", @@ -1325,7 +1289,7 @@ }, { "name": "x-gitlab-meta", - "value": "{\"correlation_id\":\"34aff84f9a5f56e8f59d47c82afd1ca7\",\"version\":\"1\"}" + "value": "{\"correlation_id\":\"0b22f4cfc741d591c90df8c05513813b\",\"version\":\"1\"}" }, { "name": "x-next-page", @@ -1345,11 +1309,11 @@ }, { "name": "x-request-id", - "value": "34aff84f9a5f56e8f59d47c82afd1ca7" + "value": "0b22f4cfc741d591c90df8c05513813b" }, { "name": "x-runtime", - "value": "0.064545" + "value": "0.199489" }, { "name": "x-total", @@ -1369,19 +1333,19 @@ }, { "name": "ratelimit-observed", - "value": "9" + "value": "3" }, { "name": "ratelimit-remaining", - "value": "1991" + "value": "1997" }, { "name": "ratelimit-reset", - "value": "1686663741" + "value": "1686749218" }, { "name": "ratelimit-resettime", - "value": "Tue, 13 Jun 2023 13:42:21 GMT" + "value": "Wed, 14 Jun 2023 13:26:58 GMT" }, { "name": "ratelimit-limit", @@ -1389,7 +1353,7 @@ }, { "name": "gitlab-lb", - "value": "fe-11-lb-gprd" + "value": "fe-09-lb-gprd" }, { "name": "gitlab-sv", @@ -1405,7 +1369,7 @@ }, { "name": "report-to", - "value": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=gsdNTozMsFw4EXaieA6zslKHKDsNcyQCHrpqotKczaoiKI9fhTLNnxuEnCyUjusMV3R86frLh5rsaRPtZsXQHF8%2BI8s4GiDWAVUpzWqFIP5inl%2Bx90ogoV7m70U%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}" + "value": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=StFh4zJUEMLtsmUceu3SWgZjUH6Yuu4p63clsR%2BRB8pJeD60z3N5LKUFGYtbI4TzOgFwZRsfjQNUTK6R5c2jVcKG%2FSQtI6uXI8EUEFzOEA0xoYarkT9K4ZtqPQo%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}" }, { "name": "nel", @@ -1422,7 +1386,7 @@ }, { "name": "cf-ray", - "value": "7d6ac0286c8208bc-EZE" + "value": "7d72e6ffb81108e9-EZE" } ], "headersSize": 2767, @@ -1431,8 +1395,8 @@ "status": 200, "statusText": "OK" }, - "startedDateTime": "2023-06-13T13:41:21.211Z", - "time": 346, + "startedDateTime": "2023-06-14T13:25:58.123Z", + "time": 513, "timings": { "blocked": -1, "connect": -1, @@ -1440,7 +1404,7 @@ "receive": 0, "send": 0, "ssl": -1, - "wait": 346 + "wait": 513 } } ], diff --git a/src/steps/findings.test.ts b/src/steps/findings.test.ts index 54e3577..f560457 100644 --- a/src/steps/findings.test.ts +++ b/src/steps/findings.test.ts @@ -1,11 +1,10 @@ import { executeStepWithDependencies, Recording, - setupRecording, } from '@jupiterone/integration-sdk-testing'; import { Steps } from '../constants'; -import { getStepTestConfigForStep } from '../../test'; +import { getStepTestConfigForStep, setupRecording } from '../../test'; describe(Steps.FINDINGS, () => { let recording: Recording;