semgrep-sast

Passed Started 1 year ago by
1Running with gitlab-runner 15.6.1 (133d7e76)
2  on edelquality docker runner without Docker in docker mode ZcvQMEgp
 3  Resolving secrets  
  00:00
 4  Preparing the "docker" executor  
  00:03
5Using Docker executor with image registry.gitlab.com/security-products/semgrep:4 ...
6Pulling docker image registry.gitlab.com/security-products/semgrep:4 ...
7Using docker image sha256:2649c090e6ddd224675b71d4b10cea7042617bbc6eeb54e59f0769f674dc1343 for registry.gitlab.com/security-products/semgrep:4 with digest registry.gitlab.com/security-products/semgrep@sha256:e1333d2d2736f9c227c117f53f10ab91ef651786b6d43e126b0282bc07d8f4b4 ...
 8  Preparing environment  
  00:00
9Running on runner-zcvqmegp-project-162-concurrent-1 via edelquality...
 10  Getting source from Git repository  
  00:03
11Fetching changes with git depth set to 20...
12Reinitialized existing Git repository in /tmp/builds/ZcvQMEgp/1/edelivery/smp/.git/
13Checking out 1f95b38b as bugfix/EDELIVERY-13126-improve-domismp-code-quality...
14Removing gl-secret-detection-report.json
15Removing smp-aggregator/target/
16Removing smp-server-library/target/
17Removing smp-webapp/target/
18Skipping Git submodules setup
 19  Downloading artifacts  
  00:02
20Downloading artifacts for build-maven-job (446004)...
21Downloading artifacts from coordinator... ok        id=446004 responseStatus=200 OK token=64_vzTTN
 22  Executing "step_script" stage of the job script  
  00:40
23Using docker image sha256:2649c090e6ddd224675b71d4b10cea7042617bbc6eeb54e59f0769f674dc1343 for registry.gitlab.com/security-products/semgrep:4 with digest registry.gitlab.com/security-products/semgrep@sha256:e1333d2d2736f9c227c117f53f10ab91ef651786b6d43e126b0282bc07d8f4b4 ...
24$ /analyzer run
25[INFO] [Semgrep] [2024-04-11T09:35:23Z] ▶ GitLab Semgrep analyzer v4.13.4
26[INFO] [Semgrep] [2024-04-11T09:35:23Z] ▶ Detecting project
27[INFO] [Semgrep] [2024-04-11T09:35:23Z] ▶ Analyzer will attempt to analyze all projects in the repository
28[INFO] [Semgrep] [2024-04-11T09:35:23Z] ▶ Running analyzer
29[WARN] [Semgrep] [2024-04-11T09:35:23Z] ▶ /tmp/builds/ZcvQMEgp/1/edelivery/smp/.gitlab/sast-ruleset.toml not found, ruleset support will be disabled.
30[INFO] [Semgrep] [2024-04-11T09:35:59Z] ▶ Creating report
31[WARN] [Semgrep] [2024-04-11T09:35:59Z] ▶ .gitlab/sast-ruleset.toml not found, ruleset support will be disabled.
32[WARN] [Semgrep] [2024-04-11T09:35:59Z] ▶ tool notification warning: Timeout Timeout when running find_sec_bugs.OGNL_INJECTION-1 on smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/CredentialsAlertService.java:
33 
34[WARN] [Semgrep] [2024-04-11T09:35:59Z] ▶ tool notification warning: Timeout Timeout when running find_sec_bugs.OGNL_INJECTION-1 on smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UIUserService.java:
35 
36[WARN] [Semgrep] [2024-04-11T09:35:59Z] ▶ tool notification warning: Timeout Timeout when running find_sec_bugs.OGNL_INJECTION-1 on smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/CredentialService.java:
37 
38[WARN] [Semgrep] [2024-04-11T09:35:59Z] ▶ tool notification warning: Timeout Timeout when running find_sec_bugs.OGNL_INJECTION-1 on smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/sml/SmlConnector.java:
39 
40[INFO] [2024-04-11T09:36:00Z] ▶ /tmp/builds/ZcvQMEgp/1/edelivery/smp/gl-sast-report-post.json written
41████████████████████████████████████████████████
42███  ████  █████  ██  █    █      ██    ██    ██
43██    ██    ████  ██  █ ██████  ████ ████████ ██
44█            ███  ██  █    ███  ████ ███  ███ ██
45██          ████  ██  █ ██████  ████ ████████ ██
46████      ███████    ██    ███  ████    ██    ██
47██████  ████████████████████████████████████████
48████████████████████████████████████████████████
49[//vet import --src /tmp/builds/ZcvQMEgp/1/edelivery/smp --store /tmp/builds/ZcvQMEgp/1/edelivery/smp/vetstore --file-ext .go]
50[INFO] [VET] [2024-04-11T09:36:00Z] ▶ GitLab VET analyzer v0.18.3
51[INFO] [VET] [2024-04-11T09:36:00Z] ▶ Vet Import Process Starting...
52[INFO] [VET] [2024-04-11T09:36:00Z] ▶ 
53Import time 0.077230 seconds
54[INFO] [VET] [2024-04-11T09:36:00Z] ▶ VET import complete
55[INFO] [VET] [2024-04-11T09:36:00Z] ▶ GitLab VET analyzer v0.18.3
56████████████████████████████████████████████████
57███  ████  █████  ██  █    █      ██    ██    ██
58██    ██    ████  ██  █ ██████  ████ ████████ ██
59█            ███  ██  █    ███  ████ ███  ███ ██
60██          ████  ██  █ ██████  ████ ████████ ██
61████      ███████    ██    ███  ████    ██    ██
62██████  ████████████████████████████████████████
63████████████████████████████████████████████████
64[//vet verify --reportIn /tmp/builds/ZcvQMEgp/1/edelivery/smp/gl-sast-report.json --reportOut /tmp/builds/ZcvQMEgp/1/edelivery/smp/gl-sast-report-post.json --store /tmp/builds/ZcvQMEgp/1/edelivery/smp/vetstore --config /verify/semgrep.toml]
65[INFO] [VET] [2024-04-11T09:36:00Z] ▶ Augment report
66[INFO] [VET] [2024-04-11T09:36:00Z] ▶ Report augmented within 0.009023 seconds
67[INFO] [VET] [2024-04-11T09:36:00Z] ▶ /tmp/builds/ZcvQMEgp/1/edelivery/smp/gl-sast-report-post.json written
 68  Uploading artifacts for successful job  
  00:02
69Uploading artifacts...
70gl-sast-report.json: found 1 matching files and directories 
71Uploading artifacts as "sast" to coordinator... 201 Created  id=446006 responseStatus=201 Created token=64_vzTTN
 72  Cleaning up project directory and file based variables  
  00:01
73Job succeeded