diff --git a/CMakeLists.txt b/CMakeLists.txt
index 7cba398a..b41694b9 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -19,7 +19,7 @@ cmake_minimum_required(VERSION 3.15)
project(csdiff CXX)
enable_testing()
-# C/C++ sources
+# source code
add_subdirectory(src)
# regression tests
diff --git a/make-srpm.sh b/make-srpm.sh
index 1a696c67..0363a768 100755
--- a/make-srpm.sh
+++ b/make-srpm.sh
@@ -202,6 +202,7 @@ make version.cc
%doc README
%license COPYING
%{_bindir}/csdiff
+%{_bindir}/csfilter-kfp
%{_bindir}/csgrep
%{_bindir}/cshtml
%{_bindir}/cslinker
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index e8ea9c18..174de791 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -82,6 +82,11 @@ install(TARGETS
cstrans-df-run
DESTINATION ${CMAKE_INSTALL_BINDIR})
+# install the csfilter-kfp script
+install(PROGRAMS
+ csfilter-kfp
+ DESTINATION ${CMAKE_INSTALL_BINDIR})
+
# optionally build statically linked csgrep-static
option(CSGREP_STATIC "Set to ON to build the csgrep-static executable" OFF)
if(CSGREP_STATIC)
diff --git a/src/csfilter-kfp b/src/csfilter-kfp
new file mode 100755
index 00000000..bc2a8363
--- /dev/null
+++ b/src/csfilter-kfp
@@ -0,0 +1,233 @@
+#!/usr/bin/env python3
+
+# Copyright (C) 2024 Red Hat, Inc.
+#
+# This file is part of csdiff.
+#
+# csdiff is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# any later version.
+#
+# csdiff is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with csdiff. If not, see .
+
+import argparse
+import os
+import re
+import subprocess
+import sys
+
+
+# if neither --kfp-dir nor --kfp-git-url is specified, use the known-false-positives RPM pacakge
+DEFAULT_KFP_DIR = "/usr/share/csmock/known-false-positives.d"
+DEFAULT_KFP_JSON = "/usr/share/csmock/known-false-positives.js"
+
+
+def construct_init_cmd(args):
+ # make bash exit on error
+ cmd = 'set -e\n'
+
+ # make bash propagate exit code from piped commands
+ cmd += 'set -o pipefail\n'
+
+ # make bash expand empty globs
+ cmd += 'shopt -s nullglob\n'
+
+ # create a temporary directory with an automatic destructor
+ cmd += 'export td=$(mktemp -d /tmp/tmp-csfilter-kfp.XXXXXXXXXX)\n'
+ cmd += 'trap "rm -fr \'${td}\'" EXIT\n'
+
+ if args.verbose:
+ # run shell in XTRACE mode
+ cmd += 'set -x\n'
+
+ return cmd
+
+
+def construct_git_cmd(kfp_git_url):
+ # split kfp_git_url into the clone URL and (optional) revision
+ m = re.match("^(.*)#([0-9a-f]+)", kfp_git_url)
+ if m:
+ # checkout a specific revision
+ return f"git clone {m.group(1)} ${{td}}/kfp\n" \
+ f"(cd ${{td}}/kfp && git reset -q --hard {m.group(2)})\n"
+ else:
+ # shallow clone of the default branch
+ return f"git clone --depth 1 {kfp_git_url} ${{td}}/kfp\n"
+
+
+def construct_prep_cmd(args):
+ # check which KFP will be used
+ have_kfp_json = False
+ if args.kfp_git_url:
+ # clone git repo
+ cmd = construct_git_cmd(args.kfp_git_url)
+ elif args.kfp_dir:
+ # symlink a directory
+ cmd = f'ln -s "{args.kfp_dir}" "${{td}}/kfp"\n'
+ elif os.path.isfile(DEFAULT_KFP_JSON):
+ # create symlinks to the known-false-positives RPM package installed on the system
+ cmd = f'ln -s "{DEFAULT_KFP_DIR}" "${{td}}/kfp"\n' \
+ f'ln -s "{DEFAULT_KFP_JSON}" "${{td}}/kfp.json"\n'
+ have_kfp_json = True
+ else:
+ raise RuntimeError("no source of KFP specified, please use --kfp-dir or --kfp-git-url" \
+ " (or install the known-false-positives RPM pacakge)")
+
+ if not have_kfp_json:
+ # create all-in-one kfp.json file from files in ${td}/kfp
+ cmd += 'touch "${td}/empty.err"\n'
+ cmd += '(cd "${td}/kfp" && csgrep --mode=json --remove-duplicates ${td}/empty.err'
+ cmd += ' */ignore.err */true-positives-ignore.err >"${td}/kfp.json")\n'
+
+ return cmd
+
+
+def construct_path_filter(args):
+ if args.project_nvr is None:
+ # TODO: read project_nvr from scan properties if available
+ return ' cat\n'
+
+ # cut off the `-version-release` or `-version` suffix to obtain package name where `version` can be
+ # a number optionally prefixed by `v` or a full-size SHA1 hash encoded in lowercase as, for example,
+ # in `project-koku-koku-cbe5e5c3355c1e140aa1cca7377aebe09d8d8466`
+ proj = re.sub("-(([v]?[0-9][^-]*)|([0-9a-f]{40}))(-[0-9][^-]*)?$", "", args.project_nvr)
+
+ # validate the resulting project name
+ if not re.match("^[A-Za-z0-9-_]+$", proj):
+ raise RuntimeError(f"invalid project name: {proj}")
+
+ # generate a script that will construct the filter at run-time
+ cmd = f' ep="${{td}}/kfp/{proj}/exclude-paths.txt"\n'
+ cmd += ' re=\n'
+ cmd += ' while read line; do\n'
+ cmd += ' re="${re}|(${line})"\n'
+ cmd += ' done < <(grep -Esv "^(#|\\\\$)" "$ep")\n'
+ cmd += ' if test -n "$re"; then\n'
+ cmd += ' csgrep --mode=json --invert-match --path="${re#|}"\n'
+ cmd += ' else\n'
+ cmd += ' cat\n'
+ cmd += ' fi\n'
+ return cmd
+
+
+def construct_filter_cmd(args):
+ # set shell options and create a temporary diretory ${td}
+ cmd = construct_init_cmd(args)
+
+ # prepare the KFP data from the specified source
+ cmd += construct_prep_cmd(args)
+
+ # read the whole input into a JSON file
+ cmd += 'csgrep --mode=json'
+ if args.input_file:
+ cmd += f' {args.input_file}'
+ cmd += ' >"${td}/input.json"\n'
+
+ # define path-based filter
+ path_filter = construct_path_filter(args)
+ cmd += f'path_filter() {{\n{path_filter}}}\n'
+
+ # exclude individual findings
+ cmd += 'csdiff --show-internal "${td}/kfp.json" "${td}/input.json"'
+
+ # exclude paths in the scan results
+ cmd += ' | path_filter >${td}/output.json\n'
+
+ if args.record_excluded:
+ # record excluded findings to the specified file
+ cmd += 'csdiff "${td}/output.json" "${td}/input.json"'
+ cmd += f' >"{args.record_excluded}"\n'
+
+ if not args.json_output:
+ # export plain-text format
+ cmd += 'csgrep "${td}/output.json"\n'
+ return cmd
+
+ # export JSON format
+ cmd += 'csgrep --mode=json "${td}/output.json"'
+
+ # optionally record the source of known-false-positives
+ if args.kfp_dir:
+ cmd += f' --set-scan-prop="known-false-positives-dir:{args.kfp_dir}"'
+ elif args.kfp_git_url:
+ cmd += f' --set-scan-prop="known-false-positives-git-url:{args.kfp_git_url}"'
+ cmd += '\n'
+
+ return cmd
+
+
+def main():
+ # initialize argument parser
+ parser = argparse.ArgumentParser()
+
+ parser.add_argument(
+ "input_file", nargs="?",
+ help="optional name of the input file (standard input is used by default)")
+
+ # source of known-false-positives
+ kfp_source = parser.add_mutually_exclusive_group()
+ kfp_source.add_argument(
+ "--kfp-dir",
+ help="known false positives file")
+ kfp_source.add_argument(
+ "--kfp-git-url",
+ help="known false positives git URL (optionally taking a revision delimited by #)")
+
+ parser.add_argument(
+ "--project-nvr",
+ help="Name-Version-Release (NVR) of the scanned project, used to match path exclusions")
+
+ parser.add_argument(
+ "--record-excluded",
+ help="file to store all excluded findings to")
+
+ parser.add_argument(
+ "--json-output", action="store_true", default=(not os.isatty(sys.stdout.fileno())),
+ help="produce JSON output (default if stdout is not connected to a terminal)")
+
+ parser.add_argument(
+ "-v", "--verbose", action="store_true",
+ help="run shell in XTRACE mode while executing the filtering script")
+
+ parser.add_argument(
+ "-n", "--dry-run", action="store_true",
+ help="do not execute anything, only print the shell script that would be executed")
+
+ # parse command-line arguments
+ args = parser.parse_args()
+
+ # if --kfp-dir is used, check that a directory was given
+ if args.kfp_dir:
+ if not os.path.isdir(args.kfp_dir):
+ parser.error(f"'{args.kfp_dir}' given to --kfp-dir is not a directory")
+
+ # get rid of relative paths
+ args.kfp_dir = os.path.realpath(args.kfp_dir)
+
+ # construct the command to filter
+ try:
+ cmd = construct_filter_cmd(args)
+ except RuntimeError as e:
+ parser.error(e)
+
+ if args.dry_run:
+ # print the command and exit successfully
+ print(cmd, end='')
+ sys.exit(0)
+
+ # run the command
+ try:
+ subprocess.run(cmd, shell=True, check=True)
+ except subprocess.CalledProcessError as e:
+ sys.exit(e.returncode)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 41a12f9e..e68a5447 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -29,8 +29,8 @@ set(jsfilter "sed -e 's|\"version\": \"[^\"]*\"|\"version\": \"\"|g'")
macro(add_test_wrap test_name cmd)
add_test("${test_name}" bash -c "${cmd}")
- set_tests_properties(${test_name} PROPERTIES
- ENVIRONMENT "PROJECT_ROOT=${CMAKE_SOURCE_DIR}")
+ set_tests_properties(${test_name} PROPERTIES ENVIRONMENT
+ "PATH=${CMAKE_BINARY_DIR}/src:$ENV{PATH};PROJECT_ROOT=${CMAKE_SOURCE_DIR}")
set_tests_properties(${test_name} PROPERTIES COST ${test_cost})
math(EXPR test_cost "${test_cost} - 1")
@@ -45,6 +45,7 @@ endmacro()
set(test_cost 1048576)
add_subdirectory(csdiff)
+add_subdirectory(csfilter-kfp)
add_subdirectory(csgrep)
add_subdirectory(cshtml)
add_subdirectory(cslinker)
diff --git a/tests/csfilter-kfp/0001-args.txt b/tests/csfilter-kfp/0001-args.txt
new file mode 100644
index 00000000..4be709ad
--- /dev/null
+++ b/tests/csfilter-kfp/0001-args.txt
@@ -0,0 +1 @@
+--kfp-dir "$PROJECT_ROOT/tests/csfilter-kfp/0001-kfp" --project-nvr project-koku-koku-cbe5e5c3355c1e140aa1cca7377aebe09d8d8466
diff --git a/tests/csfilter-kfp/0001-kfp/project-koku-koku/exclude-paths.txt b/tests/csfilter-kfp/0001-kfp/project-koku-koku/exclude-paths.txt
new file mode 100644
index 00000000..cdbb7d11
--- /dev/null
+++ b/tests/csfilter-kfp/0001-kfp/project-koku-koku/exclude-paths.txt
@@ -0,0 +1,5 @@
+.*/test/.*
+.*/tests/.*
+.*testing/.*
+.*/[^/]*test_[^/]*\.py$
+.*docker-compose.*
diff --git a/tests/csfilter-kfp/0001-kfp/project-koku-koku/ignore.err b/tests/csfilter-kfp/0001-kfp/project-koku-koku/ignore.err
new file mode 100644
index 00000000..e44be332
--- /dev/null
+++ b/tests/csfilter-kfp/0001-kfp/project-koku-koku/ignore.err
@@ -0,0 +1,34 @@
+Error: SNYK_CODE_WARNING (CWE-89):
+project-koku-koku-5c7647f/koku/masu/api/db_performance/dbp_views.py:483:24: error[python/Sqli]: Unsanitized input from the HTTP request body flows into execute, where it is used in an SQL query. This may result in an SQL Injection vulnerability.
+# 481| with DBPerformanceStats(get_identity_username(request), CONFIGURATOR) as dbp:
+# 482| try:
+# 483|-> data = dbp.explain_sql(query_params["sql_statement"])
+# 484| except ProgrammingError as e:
+# 485| data = {"query_plan": f"{type(e).__name__}: {str(e)}"}
+# dbp.explain_sql parses and sanitizes the inputted query params. The query is then run through a read-only db connection.
+
+Error: IDENTIFIER_TYPO (CWE-688):
+project-koku-koku-30de2cf/koku/api/settings/tags/mapping/utils.py:96: identifier_typo: Using "provider__uuid" appears to be a typo:
+* Identifier "provider__uuid" is only known to be referenced here, or in copies of this code.
+* Identifier "provider_uuid" is referenced elsewhere at least 216 times.
+project-koku-koku-30de2cf/koku/api/settings/tags/mapping/utils.py:96: remediation: Should identifier "provider__uuid" be replaced by "provider_uuid"?
+project-koku-koku-30de2cf/dev/scripts/trino_query.py:11: identifier_use: Example 1: Using identifier "provider_uuid" (2 total uses in this function).
+project-koku-koku-30de2cf/koku/api/provider/models.py:224: identifier_use: Example 2: Using identifier "provider_uuid".
+project-koku-koku-30de2cf/koku/api/report/ocp/query_handler.py:147: identifier_use: Example 3: Using identifier "provider_uuid".
+project-koku-koku-30de2cf/koku/api/test_utils.py:303: identifier_use: Example 4: Using identifier "provider_uuid".
+project-koku-koku-30de2cf/koku/cost_models/cost_model_manager.py:123: identifier_use: Example 5: Using identifier "provider_uuid".
+# 94| provider_uuids = (
+# 95| OCPUsageReportPeriod.objects.filter(cluster_id__in=clusters, report_period_start=start_date)
+# 96|-> .values_list("provider__uuid", flat=True)
+# 97| .distinct()
+# 98| )
+# This is Django syntax to query through a foreign key.
+
+Error: SNYK_CODE_WARNING (CWE-89):
+project-koku-koku-cf77b7a/koku/masu/api/trino.py:56:13: error[python/Sqli]: Unsanitized input from the HTTP request body flows into execute, where it is used in an SQL query. This may result in an SQL Injection vulnerability.
+# 54| ) as conn:
+# 55| cur = conn.cursor()
+# 56|-> cur.execute(query)
+# 57| cols = [des[0] for des in cur.description]
+# 58| rows = cur.fetchall()
+# this trino connection has been converted to a READONLY connection
diff --git a/tests/csfilter-kfp/0001-stdin.txt b/tests/csfilter-kfp/0001-stdin.txt
new file mode 100644
index 00000000..478dc75d
--- /dev/null
+++ b/tests/csfilter-kfp/0001-stdin.txt
@@ -0,0 +1,37681 @@
+{
+ "scan": {
+ "analyzer-version-clang": "18.1.4",
+ "analyzer-version-coverity": "2023.12.0",
+ "analyzer-version-cppcheck": "2.9",
+ "analyzer-version-gcc": "14.1.1",
+ "analyzer-version-gcc-analyzer": "14.1.1",
+ "analyzer-version-shellcheck": "0.10.0",
+ "analyzer-version-snyk-code": "1.1233.0",
+ "analyzer-version-unicontrol": "0.0.2",
+ "cov-compilation-unit-count": 672,
+ "cov-compilation-unit-ratio": 100,
+ "cov-lines-processed": 119962,
+ "cov-time-elapsed-analysis": "00:01:01",
+ "enabled-plugins": "clang, coverity, cppcheck, gcc, shellcheck, snyk, unicontrol",
+ "exit-code": 0,
+ "host": "osh-worker-001.osh-001.prod.iad2.dc.redhat.com",
+ "known-false-positives": "/usr/share/csmock/known-false-positives.js",
+ "known-false-positives-rpm": "known-false-positives-2.1.0.20240515.103302.g38b39b1-1.el9.noarch",
+ "mock-config": "fedora-rawhide-x86_64",
+ "project-name": "project-koku-koku-cbe5e5c3355c1e140aa1cca7377aebe09d8d8466",
+ "snyk-scanned-files-coverage": 100,
+ "snyk-scanned-files-success": 946,
+ "snyk-scanned-files-total": 946,
+ "store-results-to": "/tmp/tmp96vqv_hc/project-koku-koku-cbe5e5c3355c1e140aa1cca7377aebe09d8d8466.tar.xz",
+ "time-created": "2024-05-16 13:35:39",
+ "time-finished": "2024-05-16 13:39:12",
+ "tool": "csmock",
+ "tool-args": "'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'coverity,gcc,shellcheck,unicontrol,cppcheck,snyk,clang' '-o' '/tmp/tmp96vqv_hc/project-koku-koku-cbe5e5c3355c1e140aa1cca7377aebe09d8d8466.tar.xz' '--keep-going' '--use-host-cppcheck' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--shell-cmd=:' '/tmp/tmp96vqv_hc/project-koku-koku-cbe5e5c3355c1e140aa1cca7377aebe09d8d8466.tar.gz'",
+ "tool-version": "csmock-3.5.3.20240429.105215.geea8e1b.internal-1.el9"
+ },
+ "defects": [
+ {
+ "checker": "FORWARD_NULL",
+ "cwe": 476,
+ "function": "test_real_exception",
+ "language": "python",
+ "tool": "coverity",
+ "hash_v1": "5bd4a29a8ae537b7fcc03a1444728d28d8033846",
+ "key_event_idx": 2,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/koku/test_database_exc.py",
+ "line": 29,
+ "column": 13,
+ "event": "assign_null",
+ "message": "Assigning: \"eexc\" = \"None\".",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/koku/test_database_exc.py",
+ "line": 33,
+ "column": 21,
+ "event": "path",
+ "message": "Falling through to end of try statement.",
+ "verbosity_level": 2
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/koku/test_database_exc.py",
+ "line": 38,
+ "column": 13,
+ "event": "property_access",
+ "message": "Accessing a property of null-like value \"eexc\".",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 36| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 37| self.assertEqual(type(eexc), dbex.ExtendedDBException)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 38|-> self.assertEqual(eexc.query, sql)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 39| self.assertEqual(DivisionByZero, eexc.db_exception_type)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 40| self.assertTrue(eexc.formatted_tb)",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "FORWARD_NULL",
+ "cwe": 476,
+ "function": "remove",
+ "language": "python",
+ "tool": "coverity",
+ "hash_v1": "b9a6d3c35953a1f45554d436d40fa5ae4b797de7",
+ "key_event_idx": 11,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/provider/provider_manager.py",
+ "line": 356,
+ "column": 9,
+ "event": "path",
+ "message": "Condition \"current_user === None\", taking true branch.",
+ "verbosity_level": 2
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/provider/provider_manager.py",
+ "line": 356,
+ "column": 9,
+ "event": "null_check",
+ "message": "Comparing \"current_user\" to a null-like value implies that \"current_user\" might be null-like.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/provider/provider_manager.py",
+ "line": 356,
+ "column": 9,
+ "event": "path",
+ "message": "Condition \"request\", taking true branch.",
+ "verbosity_level": 2
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/provider/provider_manager.py",
+ "line": 356,
+ "column": 9,
+ "event": "path",
+ "message": "Condition \"request.user\", taking false branch.",
+ "verbosity_level": 2
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/provider/provider_manager.py",
+ "line": 358,
+ "column": 9,
+ "event": "path",
+ "message": "Condition \"self.sources_model\", taking true branch.",
+ "verbosity_level": 2
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/provider/provider_manager.py",
+ "line": 358,
+ "column": 9,
+ "event": "path",
+ "message": "Condition \"!from_sources\", taking false branch.",
+ "verbosity_level": 2
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/provider/provider_manager.py",
+ "line": 361,
+ "column": 9,
+ "event": "path",
+ "message": "Condition \"from_sources\", taking true branch.",
+ "verbosity_level": 2
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/provider/provider_manager.py",
+ "line": 361,
+ "column": 9,
+ "event": "path",
+ "message": "Condition \"self.get_is_provider_processing()\", taking true branch.",
+ "verbosity_level": 2
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/provider/provider_manager.py",
+ "line": 363,
+ "column": 13,
+ "event": "path",
+ "message": "Condition \"retry_count !== None\", taking true branch.",
+ "verbosity_level": 2
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/provider/provider_manager.py",
+ "line": 363,
+ "column": 13,
+ "event": "path",
+ "message": "Condition \"retry_count < settings.MAX_SOURCE_DELETE_RETRIES\", taking false branch.",
+ "verbosity_level": 2
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/provider/provider_manager.py",
+ "line": 366,
+ "column": 9,
+ "event": "path",
+ "message": "Condition \"!self.is_removable_by_user(current_user)\", taking true branch.",
+ "verbosity_level": 2
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/provider/provider_manager.py",
+ "line": 367,
+ "column": 13,
+ "event": "property_access",
+ "message": "Accessing a property of null-like value \"current_user\".",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 365| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 366| if not self.is_removable_by_user(current_user):",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 367|-> err_msg = f\"User {current_user.username} does not have permission to delete provider {str(self.model)}\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 368| raise ProviderManagerAuthorizationError(err_msg)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 369| ",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "FORWARD_NULL",
+ "cwe": 476,
+ "function": "remove",
+ "language": "python",
+ "tool": "coverity",
+ "hash_v1": "1ce452567c457f586f9b3cae76f52e1618313974",
+ "key_event_idx": 11,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/provider/provider_manager.py",
+ "line": 356,
+ "column": 9,
+ "event": "path",
+ "message": "Condition \"current_user === None\", taking true branch.",
+ "verbosity_level": 2
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/provider/provider_manager.py",
+ "line": 356,
+ "column": 9,
+ "event": "null_check",
+ "message": "Comparing \"current_user\" to a null-like value implies that \"current_user\" might be null-like.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/provider/provider_manager.py",
+ "line": 356,
+ "column": 9,
+ "event": "path",
+ "message": "Condition \"request\", taking true branch.",
+ "verbosity_level": 2
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/provider/provider_manager.py",
+ "line": 356,
+ "column": 9,
+ "event": "path",
+ "message": "Condition \"request.user\", taking false branch.",
+ "verbosity_level": 2
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/provider/provider_manager.py",
+ "line": 358,
+ "column": 9,
+ "event": "path",
+ "message": "Condition \"self.sources_model\", taking true branch.",
+ "verbosity_level": 2
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/provider/provider_manager.py",
+ "line": 358,
+ "column": 9,
+ "event": "path",
+ "message": "Condition \"!from_sources\", taking false branch.",
+ "verbosity_level": 2
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/provider/provider_manager.py",
+ "line": 361,
+ "column": 9,
+ "event": "path",
+ "message": "Condition \"from_sources\", taking true branch.",
+ "verbosity_level": 2
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/provider/provider_manager.py",
+ "line": 361,
+ "column": 9,
+ "event": "path",
+ "message": "Condition \"self.get_is_provider_processing()\", taking true branch.",
+ "verbosity_level": 2
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/provider/provider_manager.py",
+ "line": 363,
+ "column": 13,
+ "event": "path",
+ "message": "Condition \"retry_count !== None\", taking true branch.",
+ "verbosity_level": 2
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/provider/provider_manager.py",
+ "line": 363,
+ "column": 13,
+ "event": "path",
+ "message": "Condition \"retry_count < settings.MAX_SOURCE_DELETE_RETRIES\", taking false branch.",
+ "verbosity_level": 2
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/provider/provider_manager.py",
+ "line": 366,
+ "column": 9,
+ "event": "path",
+ "message": "Condition \"!self.is_removable_by_user(current_user)\", taking false branch.",
+ "verbosity_level": 2
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/provider/provider_manager.py",
+ "line": 373,
+ "column": 13,
+ "event": "property_access",
+ "message": "Accessing a property of null-like value \"current_user\".",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 371| try:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 372| self.model.delete()",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 373|-> LOG.info(log_json(msg=\"provider removed\", provider_uuid=str(self.model.uuid), user=current_user.username))",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 374| except IntegrityError as err:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 375| LOG.warning(",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "FORWARD_NULL",
+ "cwe": 476,
+ "function": "__init__",
+ "language": "python",
+ "tool": "coverity",
+ "hash_v1": "c24d84919038f9518d2e7252343d71129b605ec7",
+ "key_event_idx": 6,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/forecast/forecast.py",
+ "line": 73,
+ "column": 1,
+ "event": "assign_undefined",
+ "message": "Assigning: \"filter_fields\" = \"undefined\".",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/forecast/forecast.py",
+ "line": 85,
+ "column": 9,
+ "event": "path",
+ "message": "Condition \"self.provider in {Provider.PROVIDER_AWS, Provider.OCP_AWS}\", taking true branch.",
+ "verbosity_level": 2
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/forecast/forecast.py",
+ "line": 86,
+ "column": 13,
+ "event": "path",
+ "message": "Condition \"query_params.get(\"cost_type\")\", taking true branch.",
+ "verbosity_level": 2
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/forecast/forecast.py",
+ "line": 87,
+ "column": 17,
+ "event": "path",
+ "message": "Falling through to end of if statement.",
+ "verbosity_level": 2
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/forecast/forecast.py",
+ "line": 95,
+ "column": 9,
+ "event": "path",
+ "message": "Condition \"access\", taking false branch.",
+ "verbosity_level": 2
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/forecast/forecast.py",
+ "line": 116,
+ "column": 9,
+ "event": "path",
+ "message": "Condition \"access_key != \"default\"\", taking true branch.",
+ "verbosity_level": 2
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/forecast/forecast.py",
+ "line": 117,
+ "column": 34,
+ "event": "property_access",
+ "message": "Accessing a property of null-like value \"filter_fields\".",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 115| # filter queries based on access",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 116| if access_key != \"default\":",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 117|-> for q_param, filt in filter_fields.items():",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 118| access = query_params.get_access(q_param, list())",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 119| if access:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "IDENTIFIER_TYPO",
+ "cwe": 688,
+ "function": "resummarize_current_month_by_tag_keys",
+ "language": "python",
+ "tool": "coverity",
+ "hash_v1": "637c9dbb54e40c326a57398eb4cd4add78dcf143",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/settings/tags/mapping/utils.py",
+ "line": 101,
+ "column": 30,
+ "event": "identifier_typo",
+ "message": "Using \"provider__uuid\" appears to be a typo:\n* Identifier \"provider__uuid\" is only known to be referenced here, or in copies of this code.\n* Identifier \"provider_uuid\" is referenced elsewhere at least 215 times.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/settings/tags/mapping/utils.py",
+ "line": 101,
+ "column": 30,
+ "event": "remediation",
+ "message": "Should identifier \"provider__uuid\" be replaced by \"provider_uuid\"?",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dev/scripts/trino_query.py",
+ "line": 11,
+ "column": 1,
+ "event": "identifier_use",
+ "message": "Example 1: Using identifier \"provider_uuid\" (2 total uses in this function).",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/provider/models.py",
+ "line": 224,
+ "column": 13,
+ "event": "identifier_use",
+ "message": "Example 2: Using identifier \"provider_uuid\".",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/report/ocp/query_handler.py",
+ "line": 147,
+ "column": 53,
+ "event": "identifier_use",
+ "message": "Example 3: Using identifier \"provider_uuid\".",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/test_utils.py",
+ "line": 303,
+ "column": 13,
+ "event": "identifier_use",
+ "message": "Example 4: Using identifier \"provider_uuid\".",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/cost_models/cost_model_manager.py",
+ "line": 123,
+ "column": 27,
+ "event": "identifier_use",
+ "message": "Example 5: Using identifier \"provider_uuid\".",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 99| provider_uuids = (",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 100| OCPUsageReportPeriod.objects.filter(cluster_id__in=clusters, report_period_start=start_date)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 101|-> .values_list(\"provider__uuid\", flat=True)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 102| .distinct()",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 103| )",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "c1696b63807a87a97681cfbd6df2aa0dd962fcd1",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 6,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 6,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 4| services:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 5| koku-base:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 6|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 7| build:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 8| context: .",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "434caede51d574a0cdd1543bb3e10290f074f79d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 20,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 20,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 18| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 19| koku-server:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 20|-> container_name: koku_server",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 21| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 22| working_dir: /koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "5e96fa8b78b68f292ea43e40ef091ae255bbfb1f",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 83,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 83,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 81| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 82| masu-server:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 83|-> container_name: masu_server",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 84| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 85| working_dir: /koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "796327de68c78a703873043209fc909d78d6ba77",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 152,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 152,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 150| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 151| koku-worker:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 152|-> hostname: koku-worker-1",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 153| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 154| working_dir: /koku/koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "b0db56f1eacdf53af27e1c594e96a21f5f4e0941",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 246,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 246,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 244| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 245| koku-listener:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 246|-> container_name: koku_listener",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 247| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 248| working_dir: /koku/",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "47d242262ac438b61c20f8847a6b23f769450339",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 297,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 297,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 295| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 296| subs-worker:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 297|-> container_name: subs_worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 298| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 299| working_dir: /koku/koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "e0a129da19a71d62c80d87d6ed2e6c560fa5fe6a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 351,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 351,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 349| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 350| sources-client:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 351|-> container_name: sources_client",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 352| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 353| restart: on-failure:25",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "62a3503dfb631436f951589a5ed695b15add0076",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 411,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 411,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 409| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 410| koku-beat:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 411|-> container_name: koku_beat",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 412| hostname: koku_beat",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 413| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "ac47ef45925f795ef09f45695217c6f658e6d28c",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 448,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 448,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 446| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 447| db:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 448|-> container_name: koku-db",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 449| image: koku-db:14",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 450| build:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "1f8b63442ea2facd6922838ae122faad3e676ef4",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 526,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 526,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 524| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 525| redis:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 526|-> container_name: koku_redis",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 527| image: redis:5.0.4",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 528| ports:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "707013ed9fb01f8b621897c13b81eb0cd3d5a1d4",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 532,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 532,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 530| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 531| pushgateway:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 532|-> container_name: koku-pushgateway",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 533| image: prom/pushgateway",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 534| ports:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "e2c3b03c6b3f1a8c2a71ec9d3c7a0e914554b030",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 538,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 538,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 536| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 537| pgadmin:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 538|-> container_name: pgAdmin",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 539| image: dpage/pgadmin4",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 540| environment:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "bdd40eaf3c82560a3ab16e47f802e4943d9c2c6d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 549,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 549,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 547| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 548| grafana:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 549|-> container_name: koku_grafana",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 550| build:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 551| context: grafana",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "7d8def65e1679223cff0e06b607ecc27bd48340a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 559,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 559,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 557| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 558| unleash:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 559|-> container_name: koku-unleash",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 560| image: unleashorg/unleash-server:5.6.9",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 561| environment:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "bfcc15b5ce2ea67e2e03da6a59618f907b4f5e33",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 580,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 580,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 578| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 579| minio:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 580|-> container_name: koku-minio",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 581| image: minio/minio:RELEASE.2023-09-20T22-49-55Z",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 582| environment:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "e8103dc024ed5b2cc3a87bb3e76eab38147ba202",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 597,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 597,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 595| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 596| create-parquet-bucket:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 597|-> image: minio/mc:latest",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 598| depends_on:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 599| - minio",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "95c65331e70cfcb3d4043d77b0bc706ff38eab0f",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 616,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 616,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 614| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 615| hive-metastore:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 616|-> container_name: hive-metastore",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 617| image: quay.io/samdoran/ubi-hive:3.1.3-metastore-036",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 618| ports:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "3b994c79f89918feafba937e36d36d2e4ee66a87",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 639,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 639,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 637| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 638| trino:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 639|-> container_name: trino",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 640| image: quay.io/samdoran/ubi-trino:443-002",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 641| user: root",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "93afdbdfd072841262387c593e5bdd261b3eb727",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 5,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 5,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3| services:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 4| koku-base:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 5|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 6| build:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 7| context: ./../..",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "3aaa193abd7e22918653f5d313fae58fa2b88849",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 11,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 11,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 9| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 10| koku-server:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 11|-> container_name: koku_server",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 12| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 13| working_dir: /koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "558be8e841bd7605a662e54c2e8031ec3bc3907c",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 61,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 61,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 59| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 60| masu-server:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 61|-> container_name: masu_server",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 62| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 63| working_dir: /koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "4a2fcccc53a1f1388f7234ff7e77c198ae7dc682",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 106,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 106,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 104| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 105| redis:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 106|-> container_name: koku_redis",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 107| image: redis:5.0.4",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 108| ports:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "dcc8e179b597473d7a78a24354d6063a20d30063",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 112,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 112,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 110| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 111| db:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 112|-> container_name: koku_db",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 113| image: postgres:12",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 114| environment:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "cfc00a6ca01487a61ed68612ce49abf5f9305505",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 158,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 158,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 156| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 157| koku-rabbit:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 158|-> container_name: koku_rabbit",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 159| hostname: rabbit",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 160| image: rabbitmq:latest",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "b3c34045927700ece6479116a7ab782becbe6def",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 168,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 168,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 166| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 167| koku-worker:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 168|-> container_name: koku_worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 169| hostname: koku_worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 170| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "0096c81870a0d27ab4e9562240973685c5e9d782",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 230,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 230,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 228| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 229| koku-listener:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 230|-> container_name: koku_listener",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 231| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 232| working_dir: /koku/",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "ca91be9125bb9190f788fdd1c2210857528a6d97",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 278,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 278,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 276| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 277| koku-listener-2:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 278|-> container_name: koku_listener_2",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 279| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 280| working_dir: /koku/",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "136f63b69bf78da53114d5f2fc27a0364d4cf3a3",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 326,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 326,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 324| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 325| koku-listener-3:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 326|-> container_name: koku_listener_3",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 327| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 328| working_dir: /koku/",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "98449b70617d8fd99340b126720a24d411d33373",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 374,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 374,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 372| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 373| sources-client:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 374|-> container_name: sources_client",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 375| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 376| restart: on-failure:25",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "5ceaa4dc9957726924d1fe1b04f597c810de6221",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 5,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 5,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3| services:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 4| koku-base:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 5|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 6| build:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 7| context: ${KOKU_PATH}/",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a37345216b6de299411e19bfb866f0e3be6eb272",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 11,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 11,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 9| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 10| koku-server:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 11|-> container_name: koku_server",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 12| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 13| working_dir: /koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "2e5ca666611b887c3628edbfaed2f80e8d2e5db9",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 61,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 61,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 59| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 60| masu-server:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 61|-> container_name: masu_server",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 62| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 63| working_dir: /koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "91a83a835eb1a46ac999a249eaac2b585ac62078",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 106,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 106,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 104| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 105| redis:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 106|-> container_name: koku_redis",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 107| image: redis:5.0.4",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 108| ports:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "36e8510613be85365eab002839349f6e794abc87",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 112,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 112,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 110| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 111| db:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 112|-> container_name: koku_db",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 113| image: postgres:12",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 114| environment:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "7e678beecf40f219737ab09e6c6e662d175be91a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 158,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 158,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 156| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 157| koku-rabbit:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 158|-> container_name: koku_rabbit",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 159| hostname: rabbit",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 160| image: rabbitmq:latest",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "7f1f40708bdbcdd5d671a794e7481745adb5ceee",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 168,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 168,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 166| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 167| koku-worker-1:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 168|-> container_name: koku_worker_1",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 169| hostname: koku-worker-1-fsfsgr",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 170| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "6d1c4d8273c2a1c0a9019b56694830ed644b3689",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 230,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 230,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 228| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 229| koku-worker-2:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 230|-> container_name: koku_worker_2",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 231| hostname: koku-worker-2-nvnvn",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 232| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "538605c23554547eebc25b7a4ed7c51e4add2141",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 292,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 292,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 290| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 291| koku-worker-3:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 292|-> container_name: koku_worker_3",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 293| hostname: koku-worker-3-qqeet",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 294| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "e6c3fea7185fed9701f0fc39687466c54a5b625f",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 354,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 354,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 352| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 353| koku-worker-4:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 354|-> container_name: koku_worker_4",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 355| hostname: koku-worker-4-hjsdfo",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 356| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "aba6fdff08becbdf9d52204e66f663080e040612",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 416,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 416,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 414| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 415| koku-worker-5:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 416|-> container_name: koku_worker_5",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 417| hostname: koku-worker-5-jlhlgjl",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 418| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "22ebf921e5c40ad43225cd1caa0e853a2f3ff695",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 478,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 478,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 476| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 477| koku-worker-6:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 478|-> container_name: koku_worker_6",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 479| hostname: koku-worker-6-jlhlgjl",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 480| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "d931fbb175c8be0803460347ccdf22a1baa51167",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 540,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 540,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 538| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 539| koku-worker-7:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 540|-> container_name: koku_worker_7",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 541| hostname: koku-worker-7-jlhlgjl",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 542| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "c952a7a310705c2f483d5206e8d3ba2bc73a7817",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 602,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 602,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 600| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 601| koku-worker-8:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 602|-> container_name: koku_worker_8",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 603| hostname: koku-worker-8-jlhlgjl",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 604| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "6123efb7d0284f6a8b355d352df7cf48eec9e6e4",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 664,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 664,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 662| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 663| koku-worker-9:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 664|-> container_name: koku_worker_9",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 665| hostname: koku-worker-9-jlhlgjl",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 666| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "1411d2e6467bc84d541497f6c0c0092cb69fd14f",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 726,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 726,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 724| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 725| koku-worker-10:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 726|-> container_name: koku_worker_10",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 727| hostname: koku-worker-10-jlhlgjl",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 728| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "7e157d190edf54a35a3ebd50d2fc9dc72137179c",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 788,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 788,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 786| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 787| koku-listener:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 788|-> container_name: koku_listener",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 789| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 790| working_dir: /koku/",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "d73c968585091eab413874917fa62c01e783e6f5",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 836,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 836,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 834| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 835| sources-client:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 836|-> container_name: sources_client",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 837| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 838| restart: on-failure:25",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "e516661e00731007a3392c3b9091cf74a8a4c04a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 5,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 5,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3| services:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 4| koku-base:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 5|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 6| build:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 7| context: ./../..",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "46fb2f4b3a1d926950e6c86ff5164db4fb140531",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 11,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 11,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 9| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 10| koku-server:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 11|-> container_name: koku_server",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 12| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 13| working_dir: /koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "033ce9d293f70c2a9d1a0daeac83cf2f5b54c0f9",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 59,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 59,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 57| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 58| masu-server:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 59|-> container_name: masu_server",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 60| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 61| working_dir: /koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "099be7312881394c380d3fa7ce948cb4698ec3c5",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 109,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 109,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 107| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 108| redis:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 109|-> container_name: koku_redis",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 110| image: redis:5.0.4",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 111| ports:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "d718d51ec585f303cf11c54c97221f1a282d7dcb",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 115,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 115,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 113| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 114| db:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 115|-> container_name: koku_db",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 116| image: postgres:12",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 117| environment:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "25f0bc64ef20893975894e8ccdd9aa9a1d782d12",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 162,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 162,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 160| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 161| koku-worker-ocp:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 162|-> container_name: koku-worker-ocp",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 163| hostname: koku-worker-ocp",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 164| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "56371c66e62321e98576d4c4954d6273495ef845",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 218,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 218,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 216| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 217| koku-listener:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 218|-> container_name: koku_listener",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 219| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 220| working_dir: /koku/",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "2379d03354643fab17f0813300f1db8e979a01e6",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 263,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 263,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 261| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 262| sources-client:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 263|-> container_name: sources_client",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 264| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 265| restart: on-failure:25",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "bcb3b3548d4395a7b2f3b3147b5719851106afff",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 301,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 301,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 299| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 300| priority-worker:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 301|-> container_name: priority-worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 302| hostname: priority-worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 303| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "07e30b07a55a68aaa9c070416366ce1d3d269665",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 358,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 358,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 356| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 357| download-worker:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 358|-> container_name: download-worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 359| hostname: download-worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 360| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "03b7efb2b7adefb441d2d7905d6eba077382653a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 430,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 430,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 428| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 429| summary-worker:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 430|-> container_name: summary-worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 431| hostname: summary-worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 432| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "dbe5b522c77121434430c74f80b91ce75712178b",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 487,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 487,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 485| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 486| cost-model-worker:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 487|-> container_name: cost-model-worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 488| hostname: cost-model-worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 489| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "baf74dc98686d3c53134f5942fa0f479f0deb42d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 544,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 544,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 542| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 543| refresh-worker:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 544|-> container_name: refresh-worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 545| hostname: refresh-worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 546| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "112980ab50aa422680aec43fdef894b8a92e5e69",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 601,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 601,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 599| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 600| koku-beat:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 601|-> container_name: koku_beat",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 602| hostname: koku_beat",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 603| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "b7ba1f3919f5aa85eda4b0b67ad155f87f9d13a7",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 5,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 5,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3| services:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 4| koku-base:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 5|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 6| build:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 7| context: ./../..",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "b5eecbca9d0c76620abaec3dfef9238326688afe",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 11,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 11,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 9| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 10| koku-server:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 11|-> container_name: koku_server",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 12| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 13| working_dir: /koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "2a54bd9ebf09b80d1819843d1f2ab7ad04ce1e15",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 61,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 61,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 59| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 60| masu-server:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 61|-> container_name: masu_server",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 62| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 63| working_dir: /koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "635f598af49add703e4368ecedcb08ad72469672",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 105,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 105,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 103| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 104| redis:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 105|-> container_name: koku_redis",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 106| image: redis:5.0.4",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 107| ports:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "c2554c42c2af3104b4e19a6b6fafd2af2ffd5858",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 111,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 111,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 109| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 110| db:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 111|-> container_name: koku_db",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 112| image: postgres:12",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 113| environment:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "9ab2813bd72ce0ac075f20a89223e21bd769397b",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 157,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 157,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 155| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 156| koku-rabbit:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 157|-> container_name: koku_rabbit",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 158| hostname: rabbit",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 159| image: rabbitmq:latest",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "78e5bf0222c8dbf83eb54a70f6b2de476fc7502b",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 167,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 167,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 165| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 166| koku-worker-1:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 167|-> container_name: koku_worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 168| hostname: koku-worker-1-jljlkjfg",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 169| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "4421929b2067582f32019172e5834902d7838acd",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 229,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 229,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 227| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 228| koku-worker-2:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 229|-> container_name: koku_worker_2",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 230| hostname: koku-worker-2-wefwe",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 231| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "091708d8a560b4c5832776c3932c13e702c33688",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 291,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 291,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 289| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 290| koku-listener:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 291|-> container_name: koku_listener",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 292| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 293| working_dir: /koku/",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a9a7ef5dcc692f792c01d5c7d5be5a2682b5c582",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 339,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 339,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 337| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 338| koku-listener-2:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 339|-> container_name: koku_listener_2",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 340| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 341| working_dir: /koku/",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_filesystem_write",
+ "cwe": 552,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "fc53ded46e0665b1a83fa03bf8f96f0b921883fe",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 387,
+ "event": "Sigma main event",
+ "message": "The docker service container is configured to permit writing to the root filesystem. This makes some security attack vectors such as privilege escalation, denial-of-service or authorization bypass possible since the container instance's filesystem can be tampered with.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 387,
+ "event": "remediation",
+ "message": "Explicitly set the `read-only` attribute of the service to `true` to create a service container with a read-only filesystem.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 385| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 386| sources-client:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 387|-> container_name: sources_client",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 388| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 389| restart: on-failure:25",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_missing_cpu_limit",
+ "cwe": 400,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "bd065bc998507281439f97ad9f687963f5cad6a9",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 122,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container does not have a set CPU limit, allowing it to exhaust all CPU resources or cause excessive cloud usage bills.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 122,
+ "event": "remediation",
+ "message": "Each container defined in either the `containers` or `initContainers` blocks should have a `resources.limits.cpu` field to restrict CPU usage. Note that unlike the `requests.cpu` field that set the initial CPU allocated for a container, `limits.cpu` sets a hard limit for the maximum CPU that can be consumed by the container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 120| image: ${IMAGE}:${IMAGE_TAG}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 121| initContainers:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 122|-> - command:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 123| - /bin/bash",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 124| - -c",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_missing_memory_limit",
+ "cwe": 400,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "137c96387ea58449acfbfac505e69907f6d90d55",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 122,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container does not have a set memory limit, allowing it to exhaust all memory resources or cause excessive cloud usage bills.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 122,
+ "event": "remediation",
+ "message": "Each container defined in either the `containers` or `initContainers` blocks should have a `resources.limits.memory` field to restrict memory usage. Note that unlike the `requests.memory` field that sets the initial memory allocated for a container, `limits.memory` sets a hard limit for the maximum amount of memory that can be consumed by the container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 120| image: ${IMAGE}:${IMAGE_TAG}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 121| initContainers:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 122|-> - command:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 123| - /bin/bash",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 124| - -c",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "0af4f3a48c485b0f5115f5fb732259b04836806f",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 6,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 6,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 4| services:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 5| koku-base:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 6|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 7| build:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 8| context: .",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "acba403b51c03ce185e82b08b1ebd35134114a73",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 20,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 20,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 18| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 19| koku-server:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 20|-> container_name: koku_server",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 21| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 22| working_dir: /koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "090aa0a8589a0050db9fb514b5a4795f61edd74b",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 83,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 83,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 81| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 82| masu-server:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 83|-> container_name: masu_server",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 84| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 85| working_dir: /koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "2860d8201c2f7855857722d3ddb97ecbb03c0bc5",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 152,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 152,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 150| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 151| koku-worker:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 152|-> hostname: koku-worker-1",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 153| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 154| working_dir: /koku/koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "105570be614ab1272cee6e20bb10e8070801a029",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 246,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 246,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 244| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 245| koku-listener:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 246|-> container_name: koku_listener",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 247| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 248| working_dir: /koku/",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "6db2e3e5e1f02fe3717d63954199cdf5d8f7b803",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 297,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 297,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 295| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 296| subs-worker:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 297|-> container_name: subs_worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 298| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 299| working_dir: /koku/koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "afcd48dc23d3bcca89d3bcb49dc1c34b6ec656da",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 351,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 351,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 349| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 350| sources-client:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 351|-> container_name: sources_client",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 352| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 353| restart: on-failure:25",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "5572eda51f0b8138806728d6ea328b6895054c03",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 411,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 411,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 409| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 410| koku-beat:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 411|-> container_name: koku_beat",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 412| hostname: koku_beat",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 413| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "df914969729d12883eba3b947cde85f02f912bb1",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 448,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 448,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 446| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 447| db:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 448|-> container_name: koku-db",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 449| image: koku-db:14",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 450| build:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "fdbd4cf902cce5cea6ffacaae50ec87c1672b4f4",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 526,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 526,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 524| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 525| redis:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 526|-> container_name: koku_redis",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 527| image: redis:5.0.4",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 528| ports:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "92a739785e1160a1be174358bfd2e65923403ffd",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 532,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 532,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 530| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 531| pushgateway:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 532|-> container_name: koku-pushgateway",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 533| image: prom/pushgateway",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 534| ports:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "5819e429e22e05ab936b08fb6a3200222c3d080c",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 538,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 538,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 536| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 537| pgadmin:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 538|-> container_name: pgAdmin",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 539| image: dpage/pgadmin4",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 540| environment:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "d8059919e13dab34ee88f22527e861fadef76a45",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 549,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 549,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 547| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 548| grafana:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 549|-> container_name: koku_grafana",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 550| build:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 551| context: grafana",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "fc977c43a103b90a93055722f3e5679f0e819cfb",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 559,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 559,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 557| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 558| unleash:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 559|-> container_name: koku-unleash",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 560| image: unleashorg/unleash-server:5.6.9",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 561| environment:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a1b75ddccebf1ac785f00547e8423d310633b138",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 580,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 580,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 578| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 579| minio:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 580|-> container_name: koku-minio",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 581| image: minio/minio:RELEASE.2023-09-20T22-49-55Z",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 582| environment:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f2a408f96ff4580dfb46fa185a3f0f029164e5af",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 597,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 597,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 595| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 596| create-parquet-bucket:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 597|-> image: minio/mc:latest",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 598| depends_on:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 599| - minio",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "b6a85869a3da8408c8f052780b9f18fc8c5e4077",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 616,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 616,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 614| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 615| hive-metastore:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 616|-> container_name: hive-metastore",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 617| image: quay.io/samdoran/ubi-hive:3.1.3-metastore-036",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 618| ports:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "9363e30294e41b0847343f526c8423133e13a6f2",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 639,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 639,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 637| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 638| trino:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 639|-> container_name: trino",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 640| image: quay.io/samdoran/ubi-trino:443-002",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 641| user: root",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "e562b8a30bea7c2705510f8c21f85b6fdaa3abeb",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 5,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 5,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3| services:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 4| koku-base:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 5|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 6| build:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 7| context: ./../..",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "7095d0bf79b1c3a8e85a7ee13b7702e591ee2cb5",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 11,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 11,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 9| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 10| koku-server:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 11|-> container_name: koku_server",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 12| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 13| working_dir: /koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "28db8ff47a6b0805fcc3572b806973981b7277b6",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 61,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 61,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 59| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 60| masu-server:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 61|-> container_name: masu_server",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 62| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 63| working_dir: /koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "b2aed7d66d62425ac2e4b5b263118cf7100f515b",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 106,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 106,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 104| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 105| redis:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 106|-> container_name: koku_redis",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 107| image: redis:5.0.4",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 108| ports:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "50c95bb576f6a0051f39591c18ac575cb70dcfa8",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 112,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 112,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 110| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 111| db:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 112|-> container_name: koku_db",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 113| image: postgres:12",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 114| environment:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "b56d02913db7455554cb4430b95db27c3b1b6b7f",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 158,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 158,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 156| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 157| koku-rabbit:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 158|-> container_name: koku_rabbit",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 159| hostname: rabbit",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 160| image: rabbitmq:latest",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "d5fa732183ba36249bac7c7040d21426ac8760dc",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 168,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 168,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 166| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 167| koku-worker:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 168|-> container_name: koku_worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 169| hostname: koku_worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 170| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "ad0170a0cddbf8ec0a745caf744181f9f254b030",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 230,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 230,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 228| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 229| koku-listener:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 230|-> container_name: koku_listener",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 231| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 232| working_dir: /koku/",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "9f0825c96b5c6e1bd056d480886cb10d9beb7d71",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 278,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 278,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 276| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 277| koku-listener-2:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 278|-> container_name: koku_listener_2",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 279| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 280| working_dir: /koku/",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "8defaf76c43f1056ed1cbdf22a1e918a8e6c50f6",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 326,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 326,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 324| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 325| koku-listener-3:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 326|-> container_name: koku_listener_3",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 327| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 328| working_dir: /koku/",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "0aa66452d820ef2dcc8a73933ab5af3222f32ab1",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 374,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 374,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 372| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 373| sources-client:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 374|-> container_name: sources_client",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 375| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 376| restart: on-failure:25",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "7a9fb61f0c85d8aa0781b41062c612a8996d8375",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 5,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 5,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3| services:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 4| koku-base:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 5|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 6| build:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 7| context: ${KOKU_PATH}/",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "8fd494f12f426c6efb7437c61e48408559a74bbd",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 11,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 11,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 9| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 10| koku-server:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 11|-> container_name: koku_server",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 12| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 13| working_dir: /koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "8d15e0867257a09b38eeb3cdb7474a1773394b58",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 61,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 61,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 59| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 60| masu-server:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 61|-> container_name: masu_server",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 62| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 63| working_dir: /koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "b4d77740f6447c0452d1de5ce0e8e12d02dae39a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 106,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 106,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 104| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 105| redis:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 106|-> container_name: koku_redis",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 107| image: redis:5.0.4",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 108| ports:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "b786057b3bf15cca162145dc288e136ae83b9b86",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 112,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 112,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 110| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 111| db:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 112|-> container_name: koku_db",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 113| image: postgres:12",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 114| environment:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "7f8658101a1ed33cb07549d3f6e6699fc269bab0",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 158,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 158,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 156| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 157| koku-rabbit:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 158|-> container_name: koku_rabbit",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 159| hostname: rabbit",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 160| image: rabbitmq:latest",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "c255a746a299f0480682c73a51b507abd4ecfe55",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 168,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 168,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 166| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 167| koku-worker-1:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 168|-> container_name: koku_worker_1",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 169| hostname: koku-worker-1-fsfsgr",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 170| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "8363894267b9494bb3d15b7795238198836ee4fd",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 230,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 230,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 228| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 229| koku-worker-2:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 230|-> container_name: koku_worker_2",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 231| hostname: koku-worker-2-nvnvn",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 232| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "06f46692e1cd8e6abf016018179b396f220fc03b",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 292,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 292,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 290| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 291| koku-worker-3:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 292|-> container_name: koku_worker_3",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 293| hostname: koku-worker-3-qqeet",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 294| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "ec43fb049b9047a27bc99cfe21e0406fa923db74",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 354,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 354,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 352| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 353| koku-worker-4:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 354|-> container_name: koku_worker_4",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 355| hostname: koku-worker-4-hjsdfo",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 356| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "cf11faec8787c4511ba849a09d828bc4edb62b96",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 416,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 416,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 414| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 415| koku-worker-5:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 416|-> container_name: koku_worker_5",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 417| hostname: koku-worker-5-jlhlgjl",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 418| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "b78cb718e13497125bdec792075154fe829a2991",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 478,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 478,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 476| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 477| koku-worker-6:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 478|-> container_name: koku_worker_6",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 479| hostname: koku-worker-6-jlhlgjl",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 480| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "c110bceaa4512195d5ecc51a918e51ed4cf0da5a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 540,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 540,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 538| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 539| koku-worker-7:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 540|-> container_name: koku_worker_7",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 541| hostname: koku-worker-7-jlhlgjl",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 542| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "365e436546138cdd45dd81f90728bf582d7f0d73",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 602,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 602,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 600| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 601| koku-worker-8:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 602|-> container_name: koku_worker_8",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 603| hostname: koku-worker-8-jlhlgjl",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 604| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "464756596678f4fd7b30e45377880419098d53bf",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 664,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 664,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 662| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 663| koku-worker-9:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 664|-> container_name: koku_worker_9",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 665| hostname: koku-worker-9-jlhlgjl",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 666| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "21c49648d9fbdc2fffc528cb148619dec519ab85",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 726,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 726,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 724| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 725| koku-worker-10:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 726|-> container_name: koku_worker_10",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 727| hostname: koku-worker-10-jlhlgjl",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 728| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "1c7dcdefc3f5c05f051650ab16cf32fa4c6d29e7",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 788,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 788,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 786| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 787| koku-listener:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 788|-> container_name: koku_listener",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 789| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 790| working_dir: /koku/",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a777aa3848c84fe20d6adbeed7902c5f41b99a19",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 836,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 836,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 834| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 835| sources-client:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 836|-> container_name: sources_client",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 837| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 838| restart: on-failure:25",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8a427a4a927240e4d496db8a20c4d612b031ef6",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 5,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 5,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3| services:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 4| koku-base:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 5|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 6| build:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 7| context: ./../..",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "710a0510219f906e5d97002181cefcde22d40fe4",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 11,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 11,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 9| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 10| koku-server:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 11|-> container_name: koku_server",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 12| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 13| working_dir: /koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "b371efe5a51f2fd85a2dbb79f8d42d04a73a862f",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 59,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 59,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 57| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 58| masu-server:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 59|-> container_name: masu_server",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 60| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 61| working_dir: /koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "d229715bf7513d55c40c712caf1324b2036a00c2",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 109,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 109,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 107| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 108| redis:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 109|-> container_name: koku_redis",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 110| image: redis:5.0.4",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 111| ports:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "5e23acab426b5febe32a72b738faee972cdcbc59",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 115,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 115,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 113| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 114| db:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 115|-> container_name: koku_db",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 116| image: postgres:12",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 117| environment:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f23d1a72bbb45b7ed911f53838e14c80278b6e42",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 162,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 162,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 160| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 161| koku-worker-ocp:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 162|-> container_name: koku-worker-ocp",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 163| hostname: koku-worker-ocp",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 164| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "80e4b623fa252f930904dd9bf73f858b368a95f5",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 218,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 218,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 216| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 217| koku-listener:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 218|-> container_name: koku_listener",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 219| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 220| working_dir: /koku/",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "6fa6fbeedb59b62b23dad4bd983af5a595bd035e",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 263,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 263,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 261| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 262| sources-client:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 263|-> container_name: sources_client",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 264| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 265| restart: on-failure:25",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "719d722651e5da2960f6a19e85c8a6eb40d4630b",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 301,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 301,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 299| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 300| priority-worker:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 301|-> container_name: priority-worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 302| hostname: priority-worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 303| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "fd609f88f1f8446982ba316a022114b9b738365c",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 358,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 358,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 356| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 357| download-worker:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 358|-> container_name: download-worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 359| hostname: download-worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 360| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "1d009fd3237f0b1f19d0ef09cd714cd2cac68f5e",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 430,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 430,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 428| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 429| summary-worker:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 430|-> container_name: summary-worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 431| hostname: summary-worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 432| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "3b0fc3b1a1af2436ba1a00ec4fc145d929e6091e",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 487,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 487,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 485| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 486| cost-model-worker:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 487|-> container_name: cost-model-worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 488| hostname: cost-model-worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 489| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "dec9275ce3efec0b911e31cf27c44943d4007768",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 544,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 544,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 542| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 543| refresh-worker:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 544|-> container_name: refresh-worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 545| hostname: refresh-worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 546| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "4d142a32069758e70a36bcb25fbb1efed0054ee7",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 601,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 601,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 599| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 600| koku-beat:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 601|-> container_name: koku_beat",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 602| hostname: koku_beat",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 603| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "06d7022a6df4be39485bc47868daaaf018c02822",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 5,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 5,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3| services:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 4| koku-base:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 5|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 6| build:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 7| context: ./../..",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "35be618c52afb4b6c9aa71064a2040d4d76b4f6d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 11,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 11,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 9| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 10| koku-server:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 11|-> container_name: koku_server",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 12| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 13| working_dir: /koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f622edeae472f3fb89aa54384e801fba57fed67c",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 61,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 61,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 59| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 60| masu-server:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 61|-> container_name: masu_server",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 62| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 63| working_dir: /koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "9c8d4ad9ddfacd7472b115f5bcece1a16521af50",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 105,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 105,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 103| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 104| redis:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 105|-> container_name: koku_redis",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 106| image: redis:5.0.4",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 107| ports:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "d555bc024f555d6c0fc0e0966ffceebd7765b860",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 111,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 111,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 109| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 110| db:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 111|-> container_name: koku_db",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 112| image: postgres:12",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 113| environment:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "0a7a5c380d14ef86dbab3f74ea1bb54a55cbaa0f",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 157,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 157,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 155| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 156| koku-rabbit:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 157|-> container_name: koku_rabbit",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 158| hostname: rabbit",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 159| image: rabbitmq:latest",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "9bf7571eb81e27f96fb52805b375a9f4577b85e6",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 167,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 167,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 165| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 166| koku-worker-1:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 167|-> container_name: koku_worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 168| hostname: koku-worker-1-jljlkjfg",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 169| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "5d6c12d8ec0606829e87b711e8148c59170f19af",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 229,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 229,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 227| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 228| koku-worker-2:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 229|-> container_name: koku_worker_2",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 230| hostname: koku-worker-2-wefwe",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 231| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "83654c2a902ce7129ea49b197729dd5295ccd923",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 291,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 291,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 289| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 290| koku-listener:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 291|-> container_name: koku_listener",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 292| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 293| working_dir: /koku/",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "0a0e38a559f50013afe28b69d70aafb6c4da51bf",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 339,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 339,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 337| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 338| koku-listener-2:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 339|-> container_name: koku_listener_2",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 340| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 341| working_dir: /koku/",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_privilege_escalation_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "db4b5083843bab0e49a261ad77fb56d2fca54e5a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 387,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file sets the `no-new-privileges` attribute to `false` or omits it as the default value is `false`. This doesn't restrict the container from acquiring additional privileges via SUID or SGID bits. This allows privilege escalation, meaning a user can set the security context of the container and can perform root-level operations.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 387,
+ "event": "remediation",
+ "message": "Disable container privilege escalation by explicitly setting `no-new-privileges` to `true`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 385| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 386| sources-client:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 387|-> container_name: sources_client",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 388| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 389| restart: on-failure:25",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "167ef09a7bdc52cbe962deb16b51aad5a1405c7f",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 6,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 6,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 4| services:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 5| koku-base:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 6|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 7| build:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 8| context: .",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "772e521b01c3941eb54342064aaa70eeea5e7495",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 20,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 20,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 18| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 19| koku-server:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 20|-> container_name: koku_server",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 21| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 22| working_dir: /koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "06fbd222bdc49a503a29e21475317cee3ea23d46",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 83,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 83,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 81| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 82| masu-server:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 83|-> container_name: masu_server",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 84| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 85| working_dir: /koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "9a1d494ca55b1bea90fc7e5f77f29423317852a6",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 152,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 152,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 150| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 151| koku-worker:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 152|-> hostname: koku-worker-1",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 153| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 154| working_dir: /koku/koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "61afe7a06e6ceb04de0ea21208e9a23298b815a1",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 246,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 246,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 244| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 245| koku-listener:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 246|-> container_name: koku_listener",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 247| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 248| working_dir: /koku/",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a576bccbb18fc4787141dc73b48db928f03d3ee9",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 297,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 297,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 295| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 296| subs-worker:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 297|-> container_name: subs_worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 298| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 299| working_dir: /koku/koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "62bd7ee1ef6153fae5f9516e46b229a5cb0da651",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 351,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 351,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 349| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 350| sources-client:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 351|-> container_name: sources_client",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 352| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 353| restart: on-failure:25",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "c5fde80e329a299c68a4613bce22c03ad8e351ef",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 411,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 411,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 409| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 410| koku-beat:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 411|-> container_name: koku_beat",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 412| hostname: koku_beat",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 413| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "2e3faab1243c39bd92a12de314f9b0506e87009c",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 448,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 448,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 446| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 447| db:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 448|-> container_name: koku-db",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 449| image: koku-db:14",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 450| build:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f6f684b96bcbdadaa7823c5ba60cc2097315d0a2",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 526,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 526,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 524| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 525| redis:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 526|-> container_name: koku_redis",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 527| image: redis:5.0.4",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 528| ports:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "469a661ffa883e8cadc83cd638a70aa1e3608eb9",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 532,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 532,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 530| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 531| pushgateway:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 532|-> container_name: koku-pushgateway",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 533| image: prom/pushgateway",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 534| ports:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "c604180a9cfe34ec926ae85835c08664a070d78f",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 538,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 538,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 536| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 537| pgadmin:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 538|-> container_name: pgAdmin",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 539| image: dpage/pgadmin4",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 540| environment:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f4d365cc810b9310a972e36a46acf84805894c14",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 549,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 549,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 547| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 548| grafana:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 549|-> container_name: koku_grafana",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 550| build:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 551| context: grafana",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "d13a7f444df46ba0165a878f66655d0079a50ad7",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 559,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 559,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 557| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 558| unleash:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 559|-> container_name: koku-unleash",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 560| image: unleashorg/unleash-server:5.6.9",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 561| environment:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "d183edd708c39a82b18468b3a1a7e16c2be2932a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 580,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 580,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 578| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 579| minio:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 580|-> container_name: koku-minio",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 581| image: minio/minio:RELEASE.2023-09-20T22-49-55Z",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 582| environment:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "bea232ab8bccd643f831252f02c46dede01464c3",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 597,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 597,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 595| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 596| create-parquet-bucket:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 597|-> image: minio/mc:latest",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 598| depends_on:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 599| - minio",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "6d0757842cb5da03367ca11fd5e851f08215fd87",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 616,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 616,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 614| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 615| hive-metastore:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 616|-> container_name: hive-metastore",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 617| image: quay.io/samdoran/ubi-hive:3.1.3-metastore-036",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 618| ports:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "11fb97b00120b1489529700ee78bf2c0e57b0490",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 639,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 639,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 637| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 638| trino:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 639|-> container_name: trino",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 640| image: quay.io/samdoran/ubi-trino:443-002",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 641| user: root",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "af3f574431587b21b56a17028a2e54dbbba12ccf",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 5,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 5,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3| services:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 4| koku-base:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 5|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 6| build:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 7| context: ./../..",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "978438b28e05d82956bf06fb6959549831e308fe",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 11,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 11,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 9| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 10| koku-server:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 11|-> container_name: koku_server",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 12| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 13| working_dir: /koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "3c2b7dfe526b39764cdf1970a9e7219adc81b9e0",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 61,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 61,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 59| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 60| masu-server:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 61|-> container_name: masu_server",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 62| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 63| working_dir: /koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "c79cf6f7c187290f70162bdb9eda0942543d32df",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 106,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 106,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 104| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 105| redis:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 106|-> container_name: koku_redis",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 107| image: redis:5.0.4",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 108| ports:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "947c764a81cbfc28ff5b9e598fc4106cfc04a1ef",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 112,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 112,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 110| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 111| db:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 112|-> container_name: koku_db",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 113| image: postgres:12",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 114| environment:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "c20353e8ccca6bb00e098b384531c46b66c164d9",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 158,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 158,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 156| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 157| koku-rabbit:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 158|-> container_name: koku_rabbit",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 159| hostname: rabbit",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 160| image: rabbitmq:latest",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "d49b297345027fdb57fa9b6e3f70c58773548b9e",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 168,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 168,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 166| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 167| koku-worker:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 168|-> container_name: koku_worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 169| hostname: koku_worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 170| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "ea338aaba5982e4df202a07854a71b3752906997",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 230,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 230,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 228| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 229| koku-listener:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 230|-> container_name: koku_listener",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 231| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 232| working_dir: /koku/",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "74ff5e70137e023f9cb8b43a035436d744479317",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 278,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 278,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 276| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 277| koku-listener-2:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 278|-> container_name: koku_listener_2",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 279| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 280| working_dir: /koku/",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "1f4dbd1d7fa698070456671d1aff99ee4bc34e60",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 326,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 326,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 324| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 325| koku-listener-3:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 326|-> container_name: koku_listener_3",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 327| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 328| working_dir: /koku/",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "fee2876544bd0fc395493818c70a055d889bf2f4",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 374,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 374,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 372| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 373| sources-client:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 374|-> container_name: sources_client",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 375| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 376| restart: on-failure:25",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "27cfc755b3b978ba2ab4cca298c73ceff63f0c1f",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 5,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 5,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3| services:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 4| koku-base:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 5|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 6| build:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 7| context: ${KOKU_PATH}/",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "81bd277e17e462e130056b7d6c51ab5eec6e331e",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 11,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 11,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 9| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 10| koku-server:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 11|-> container_name: koku_server",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 12| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 13| working_dir: /koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "ca1658bec9a0e87f60474341838988787b398f1e",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 61,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 61,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 59| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 60| masu-server:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 61|-> container_name: masu_server",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 62| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 63| working_dir: /koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "d09d56c72d320080885e04b7ef6e4decd6abae1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 106,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 106,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 104| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 105| redis:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 106|-> container_name: koku_redis",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 107| image: redis:5.0.4",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 108| ports:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "78ab5aa8e09b13e157511702690652410a9c8bea",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 112,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 112,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 110| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 111| db:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 112|-> container_name: koku_db",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 113| image: postgres:12",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 114| environment:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a224fd46729af65969c7371de50223e1d56a2ebd",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 158,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 158,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 156| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 157| koku-rabbit:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 158|-> container_name: koku_rabbit",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 159| hostname: rabbit",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 160| image: rabbitmq:latest",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "d09c77d51238b3b60d77329459ab9af4ace80c56",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 168,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 168,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 166| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 167| koku-worker-1:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 168|-> container_name: koku_worker_1",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 169| hostname: koku-worker-1-fsfsgr",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 170| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f3f5d364248d58f88ecc45acf28d1d40dca22316",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 230,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 230,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 228| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 229| koku-worker-2:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 230|-> container_name: koku_worker_2",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 231| hostname: koku-worker-2-nvnvn",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 232| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "2d3a816560d11193f6b2b250aedab8859a5c3220",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 292,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 292,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 290| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 291| koku-worker-3:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 292|-> container_name: koku_worker_3",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 293| hostname: koku-worker-3-qqeet",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 294| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "428f9da1c9a78da57d6eb6586094af6301b78cc3",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 354,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 354,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 352| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 353| koku-worker-4:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 354|-> container_name: koku_worker_4",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 355| hostname: koku-worker-4-hjsdfo",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 356| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "5d23e5efd351a972c84341ac6f1f5ea8f72234b0",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 416,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 416,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 414| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 415| koku-worker-5:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 416|-> container_name: koku_worker_5",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 417| hostname: koku-worker-5-jlhlgjl",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 418| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "eb594a4dd82b0fb1fdf31c4ef0d3cec9cf8fc0f1",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 478,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 478,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 476| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 477| koku-worker-6:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 478|-> container_name: koku_worker_6",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 479| hostname: koku-worker-6-jlhlgjl",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 480| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "c8ec2363e725928dd19fbe0cc74851924e96db89",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 540,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 540,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 538| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 539| koku-worker-7:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 540|-> container_name: koku_worker_7",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 541| hostname: koku-worker-7-jlhlgjl",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 542| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "8a0def761e40bcab0699fc418155e5e321abefbd",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 602,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 602,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 600| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 601| koku-worker-8:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 602|-> container_name: koku_worker_8",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 603| hostname: koku-worker-8-jlhlgjl",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 604| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a9525f00166aa07f22a1b813daef5458b94bbc6e",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 664,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 664,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 662| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 663| koku-worker-9:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 664|-> container_name: koku_worker_9",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 665| hostname: koku-worker-9-jlhlgjl",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 666| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a4b8f3c80be37ea7b124eb92ea2665004df16b5b",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 726,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 726,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 724| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 725| koku-worker-10:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 726|-> container_name: koku_worker_10",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 727| hostname: koku-worker-10-jlhlgjl",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 728| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "5904dd8fdf817270d857a378398c0205b8520571",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 788,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 788,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 786| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 787| koku-listener:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 788|-> container_name: koku_listener",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 789| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 790| working_dir: /koku/",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "52582269b09dacb0c2d589e9744422844c2c80f8",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 836,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 836,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 834| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 835| sources-client:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 836|-> container_name: sources_client",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 837| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 838| restart: on-failure:25",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "737e47fcf9c2162798a9facfd7b12dbb5b76724d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 5,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 5,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3| services:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 4| koku-base:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 5|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 6| build:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 7| context: ./../..",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "54bf3d7d82dc4d7ac05a6ca51460333d091464d0",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 11,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 11,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 9| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 10| koku-server:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 11|-> container_name: koku_server",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 12| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 13| working_dir: /koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "cc11beabcb119241ee8ec9406ee5718747b4d349",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 59,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 59,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 57| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 58| masu-server:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 59|-> container_name: masu_server",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 60| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 61| working_dir: /koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "ea2dcc931ee16ca9b76194071a1f4825759de9f9",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 109,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 109,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 107| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 108| redis:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 109|-> container_name: koku_redis",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 110| image: redis:5.0.4",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 111| ports:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "6507c68845eedac3377540194c083e811de37e97",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 115,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 115,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 113| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 114| db:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 115|-> container_name: koku_db",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 116| image: postgres:12",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 117| environment:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "94b0e1cf61630f7dc26edbc10b9d3313290c1e4e",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 162,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 162,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 160| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 161| koku-worker-ocp:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 162|-> container_name: koku-worker-ocp",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 163| hostname: koku-worker-ocp",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 164| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "2a95f02bd509c686ac5034c7fc0a77be5677a0ed",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 218,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 218,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 216| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 217| koku-listener:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 218|-> container_name: koku_listener",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 219| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 220| working_dir: /koku/",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "4ae9b2a4e66a2267ed6e6cceb27e1e86a3999dab",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 263,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 263,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 261| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 262| sources-client:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 263|-> container_name: sources_client",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 264| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 265| restart: on-failure:25",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "ba9d5411a015d92787b3a37cfae2adb1dd279e9c",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 301,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 301,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 299| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 300| priority-worker:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 301|-> container_name: priority-worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 302| hostname: priority-worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 303| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "9f10d8b285c8d5d1c6eb677f954818010afe6300",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 358,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 358,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 356| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 357| download-worker:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 358|-> container_name: download-worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 359| hostname: download-worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 360| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "b5b38ce409e8c36a2e98e1facfb40d42fa937bc6",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 430,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 430,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 428| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 429| summary-worker:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 430|-> container_name: summary-worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 431| hostname: summary-worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 432| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "39a92cfb26bda7e284ab5ee1b75ff48be31e2d9a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 487,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 487,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 485| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 486| cost-model-worker:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 487|-> container_name: cost-model-worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 488| hostname: cost-model-worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 489| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "70e251d669b1a8002219188de6e83edb8f504e2e",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 544,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 544,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 542| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 543| refresh-worker:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 544|-> container_name: refresh-worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 545| hostname: refresh-worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 546| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f4826cb467559b850333cdb4253b8ec1c88fe207",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 601,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 601,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 599| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 600| koku-beat:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 601|-> container_name: koku_beat",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 602| hostname: koku_beat",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 603| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "38c8688b50e2e2c16a68896e6ba4b41c580ec1ae",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 5,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 5,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3| services:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 4| koku-base:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 5|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 6| build:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 7| context: ./../..",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "ec791103b70caf4d36c98380120e99929c139aa8",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 11,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 11,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 9| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 10| koku-server:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 11|-> container_name: koku_server",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 12| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 13| working_dir: /koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "caa7439d010bc41323637e9a2bd163beeb044996",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 61,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 61,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 59| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 60| masu-server:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 61|-> container_name: masu_server",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 62| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 63| working_dir: /koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "cef307e3eb48ef48729b984c83ff363bdf90e292",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 105,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 105,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 103| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 104| redis:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 105|-> container_name: koku_redis",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 106| image: redis:5.0.4",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 107| ports:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "83850b105184cabc062cc86be5910bc200b748a0",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 111,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 111,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 109| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 110| db:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 111|-> container_name: koku_db",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 112| image: postgres:12",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 113| environment:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "2b42bf62cc48dafc4afaa8cd3fb9e5aba04df064",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 157,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 157,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 155| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 156| koku-rabbit:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 157|-> container_name: koku_rabbit",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 158| hostname: rabbit",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 159| image: rabbitmq:latest",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "327550a1d239f90aee132ebae5cb2f668e909b96",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 167,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 167,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 165| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 166| koku-worker-1:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 167|-> container_name: koku_worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 168| hostname: koku-worker-1-jljlkjfg",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 169| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "242643630e6760c59cb8b6512f78d5fb06edfcaf",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 229,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 229,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 227| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 228| koku-worker-2:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 229|-> container_name: koku_worker_2",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 230| hostname: koku-worker-2-wefwe",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 231| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "24d3af803933060256dfd8de7a13f66bdb33495d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 291,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 291,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 289| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 290| koku-listener:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 291|-> container_name: koku_listener",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 292| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 293| working_dir: /koku/",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "339408b5b72e71f1b038c60cc69b0f5712a2d7cd",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 339,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 339,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 337| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 338| koku-listener-2:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 339|-> container_name: koku_listener_2",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 340| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 341| working_dir: /koku/",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_requesting_net_raw",
+ "cwe": 269,
+ "imp": 1,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "bbb1b158e02932f4ae69dbc0de5c639a3b5ed465",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 387,
+ "event": "Sigma main event",
+ "message": "The Docker container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 387,
+ "event": "remediation",
+ "message": "Explicitly remove the `NET_RAW` capability by adding either `NET_RAW` or `ALL` to the `cap_drop` list and avoiding the `NET_RAW` capability in the `cap_add` list.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 385| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 386| sources-client:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 387|-> container_name: sources_client",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 388| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 389| restart: on-failure:25",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_running_as_root",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f5122eb74ebc3e93e5fb12b71eb9d433d34d46a1",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dev/containers/postgresql/Dockerfile",
+ "line": 1,
+ "event": "Sigma main event",
+ "message": "The Docker container is configured to run as the root user.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dev/containers/postgresql/Dockerfile",
+ "line": 1,
+ "event": "remediation",
+ "message": "Explicitly set the last `USER` value to a non-root user to prevent the container from running in a privileged context.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1|-> from postgres:14",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3| ARG USER_ID=999",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_running_as_root",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "3faae214c4655f1f4056889fb19410c928db331e",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 641,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file launches the container process using the root user.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 641,
+ "event": "remediation",
+ "message": "Set the `user` value to a non-root user. If the Docker Compose file omits the `user` field then the default user set by the Dockerfile image will be used.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 639| container_name: trino",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 640| image: quay.io/samdoran/ubi-trino:443-002",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 641|-> user: root",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 642| ports:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 643| - 8080:8080",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "2e071390b31f8422b56dac5a37ebeb8199fb5509",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 28,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 28,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 26| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 27| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 28|-> key: django-secret-key",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 29| name: koku-secret",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 30| optional: false",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "41d700e42374812833b50b831854011f36e52061",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 86,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 86,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 84| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 85| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 86|-> key: ${GLITCHTIP_KEY_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 87| name: ${GLITCHTIP_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 88| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "41d700e42374812833b50b831854011f36e52061",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 309,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 309,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 307| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 308| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 309|-> key: ${GLITCHTIP_KEY_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 310| name: ${GLITCHTIP_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 311| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "2e071390b31f8422b56dac5a37ebeb8199fb5509",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 413,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 413,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 411| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 412| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 413|-> key: django-secret-key",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 414| name: koku-secret",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 415| optional: false",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "fd4c006009993962eeac3e7ce7c9b48f858ab280",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 437,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 437,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 435| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 436| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 437|-> key: psk",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 438| name: ${SOURCES_PSK_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 439| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "41d700e42374812833b50b831854011f36e52061",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 641,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 641,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 639| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 640| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 641|-> key: ${GLITCHTIP_KEY_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 642| name: ${GLITCHTIP_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 643| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "fd4c006009993962eeac3e7ce7c9b48f858ab280",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 763,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 763,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 761| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 762| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 763|-> key: psk",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 764| name: ${SOURCES_PSK_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 765| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "2e071390b31f8422b56dac5a37ebeb8199fb5509",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 769,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 769,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 767| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 768| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 769|-> key: django-secret-key",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 770| name: koku-secret",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 771| optional: false",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "41d700e42374812833b50b831854011f36e52061",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 825,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 825,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 823| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 824| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 825|-> key: ${GLITCHTIP_KEY_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 826| name: ${GLITCHTIP_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 827| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "fd4c006009993962eeac3e7ce7c9b48f858ab280",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 930,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 930,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 928| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 929| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 930|-> key: psk",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 931| name: ${SOURCES_PSK_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 932| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "2e071390b31f8422b56dac5a37ebeb8199fb5509",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 936,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 936,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 934| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 935| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 936|-> key: django-secret-key",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 937| name: koku-secret",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 938| optional: false",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "41d700e42374812833b50b831854011f36e52061",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 988,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 988,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 986| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 987| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 988|-> key: ${GLITCHTIP_KEY_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 989| name: ${GLITCHTIP_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 990| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "fd4c006009993962eeac3e7ce7c9b48f858ab280",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 1100,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 1100,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1098| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1099| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1100|-> key: psk",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1101| name: ${SOURCES_PSK_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1102| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "41d700e42374812833b50b831854011f36e52061",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 1132,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 1132,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1130| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1131| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1132|-> key: ${GLITCHTIP_KEY_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1133| name: ${GLITCHTIP_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1134| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "fd4c006009993962eeac3e7ce7c9b48f858ab280",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 1276,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 1276,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1274| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1275| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1276|-> key: psk",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1277| name: ${SOURCES_PSK_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1278| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "41d700e42374812833b50b831854011f36e52061",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 1308,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 1308,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1306| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1307| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1308|-> key: ${GLITCHTIP_KEY_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1309| name: ${GLITCHTIP_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1310| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "fd4c006009993962eeac3e7ce7c9b48f858ab280",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 1462,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 1462,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1460| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1461| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1462|-> key: psk",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1463| name: ${SOURCES_PSK_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1464| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "41d700e42374812833b50b831854011f36e52061",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 1490,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 1490,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1488| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1489| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1490|-> key: ${GLITCHTIP_KEY_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1491| name: ${GLITCHTIP_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1492| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "fd4c006009993962eeac3e7ce7c9b48f858ab280",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 1640,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 1640,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1638| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1639| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1640|-> key: psk",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1641| name: ${SOURCES_PSK_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1642| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "41d700e42374812833b50b831854011f36e52061",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 1674,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 1674,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1672| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1673| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1674|-> key: ${GLITCHTIP_KEY_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1675| name: ${GLITCHTIP_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1676| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "fd4c006009993962eeac3e7ce7c9b48f858ab280",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 1826,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 1826,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1824| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1825| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1826|-> key: psk",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1827| name: ${SOURCES_PSK_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1828| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "41d700e42374812833b50b831854011f36e52061",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 1860,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 1860,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1858| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1859| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1860|-> key: ${GLITCHTIP_KEY_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1861| name: ${GLITCHTIP_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1862| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "fd4c006009993962eeac3e7ce7c9b48f858ab280",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 2012,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 2012,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2010| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2011| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2012|-> key: psk",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2013| name: ${SOURCES_PSK_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2014| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "41d700e42374812833b50b831854011f36e52061",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 2044,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 2044,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2042| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2043| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2044|-> key: ${GLITCHTIP_KEY_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2045| name: ${GLITCHTIP_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2046| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "fd4c006009993962eeac3e7ce7c9b48f858ab280",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 2196,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 2196,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2194| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2195| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2196|-> key: psk",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2197| name: ${SOURCES_PSK_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2198| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "41d700e42374812833b50b831854011f36e52061",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 2228,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 2228,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2226| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2227| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2228|-> key: ${GLITCHTIP_KEY_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2229| name: ${GLITCHTIP_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2230| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "fd4c006009993962eeac3e7ce7c9b48f858ab280",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 2380,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 2380,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2378| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2379| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2380|-> key: psk",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2381| name: ${SOURCES_PSK_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2382| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "41d700e42374812833b50b831854011f36e52061",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 2414,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 2414,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2412| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2413| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2414|-> key: ${GLITCHTIP_KEY_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2415| name: ${GLITCHTIP_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2416| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "fd4c006009993962eeac3e7ce7c9b48f858ab280",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 2570,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 2570,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2568| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2569| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2570|-> key: psk",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2571| name: ${SOURCES_PSK_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2572| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "41d700e42374812833b50b831854011f36e52061",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 2604,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 2604,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2602| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2603| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2604|-> key: ${GLITCHTIP_KEY_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2605| name: ${GLITCHTIP_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2606| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "fd4c006009993962eeac3e7ce7c9b48f858ab280",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 2760,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 2760,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2758| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2759| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2760|-> key: psk",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2761| name: ${SOURCES_PSK_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2762| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "41d700e42374812833b50b831854011f36e52061",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 2792,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 2792,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2790| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2791| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2792|-> key: ${GLITCHTIP_KEY_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2793| name: ${GLITCHTIP_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2794| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "fd4c006009993962eeac3e7ce7c9b48f858ab280",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 2942,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 2942,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2940| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2941| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2942|-> key: psk",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2943| name: ${SOURCES_PSK_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2944| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "41d700e42374812833b50b831854011f36e52061",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 2974,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 2974,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2972| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2973| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2974|-> key: ${GLITCHTIP_KEY_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2975| name: ${GLITCHTIP_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2976| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "fd4c006009993962eeac3e7ce7c9b48f858ab280",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 3124,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 3124,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3122| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3123| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3124|-> key: psk",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3125| name: ${SOURCES_PSK_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3126| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "41d700e42374812833b50b831854011f36e52061",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 3156,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 3156,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3154| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3155| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3156|-> key: ${GLITCHTIP_KEY_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3157| name: ${GLITCHTIP_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3158| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "fd4c006009993962eeac3e7ce7c9b48f858ab280",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 3310,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 3310,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3308| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3309| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3310|-> key: psk",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3311| name: ${SOURCES_PSK_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3312| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "41d700e42374812833b50b831854011f36e52061",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 3342,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 3342,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3340| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3341| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3342|-> key: ${GLITCHTIP_KEY_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3343| name: ${GLITCHTIP_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3344| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "fd4c006009993962eeac3e7ce7c9b48f858ab280",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 3496,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 3496,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3494| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3495| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3496|-> key: psk",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3497| name: ${SOURCES_PSK_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3498| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "41d700e42374812833b50b831854011f36e52061",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 3530,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 3530,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3528| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3529| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3530|-> key: ${GLITCHTIP_KEY_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3531| name: ${GLITCHTIP_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3532| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "fd4c006009993962eeac3e7ce7c9b48f858ab280",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 3676,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 3676,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3674| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3675| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3676|-> key: psk",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3677| name: ${SOURCES_PSK_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3678| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "41d700e42374812833b50b831854011f36e52061",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 3712,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 3712,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3710| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3711| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3712|-> key: ${GLITCHTIP_KEY_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3713| name: ${GLITCHTIP_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3714| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "fd4c006009993962eeac3e7ce7c9b48f858ab280",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 3850,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 3850,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3848| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3849| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3850|-> key: psk",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3851| name: ${SOURCES_PSK_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3852| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "41d700e42374812833b50b831854011f36e52061",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 3886,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 3886,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3884| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3885| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3886|-> key: ${GLITCHTIP_KEY_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3887| name: ${GLITCHTIP_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3888| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.custom_resource_in_default_namespace",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "8eb9dd6fe8ced70d56e49c559797a0345bcab0eb",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dashboards/grafana-dashboard-insights-hccm-postgresql.configmap.yaml",
+ "line": 979,
+ "event": "Sigma main event",
+ "message": "The Kubernetes resource uses the `default` namespace by either omitting the `metadata.namespace` field or by explicitly setting the value to `default`. This can cause conflicts with other services and prevents granular access control.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dashboards/grafana-dashboard-insights-hccm-postgresql.configmap.yaml",
+ "line": 979,
+ "event": "remediation",
+ "message": "Explicitly set the resource's `metadata.namespace` field to a namespace other than `default`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 977| kind: ConfigMap",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 978| metadata:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 979|-> name: grafana-dashboard-clouddot-insights-hccm-postgresql",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 980| labels:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 981| grafana_dashboard: \"true\"",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.custom_resource_in_default_namespace",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "e6da80d2ba601107e16d5f4d4c06a5c205eeab6d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dashboards/grafana-dashboard-insights-hccm-redis.configmap.yaml",
+ "line": 1315,
+ "event": "Sigma main event",
+ "message": "The Kubernetes resource uses the `default` namespace by either omitting the `metadata.namespace` field or by explicitly setting the value to `default`. This can cause conflicts with other services and prevents granular access control.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dashboards/grafana-dashboard-insights-hccm-redis.configmap.yaml",
+ "line": 1315,
+ "event": "remediation",
+ "message": "Explicitly set the resource's `metadata.namespace` field to a namespace other than `default`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1313| kind: ConfigMap",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1314| metadata:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1315|-> name: grafana-dashboard-clouddot-insights-hccm-redis",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1316| labels:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1317| grafana_dashboard: \"true\"",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.custom_resource_in_default_namespace",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "87455d9dae41fdb88ca351f90b09b17496516ca7",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dashboards/grafana-dashboard-insights-hccm-trino.configmap.yaml",
+ "line": 1304,
+ "event": "Sigma main event",
+ "message": "The Kubernetes resource uses the `default` namespace by either omitting the `metadata.namespace` field or by explicitly setting the value to `default`. This can cause conflicts with other services and prevents granular access control.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dashboards/grafana-dashboard-insights-hccm-trino.configmap.yaml",
+ "line": 1304,
+ "event": "remediation",
+ "message": "Explicitly set the resource's `metadata.namespace` field to a namespace other than `default`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1302| kind: ConfigMap",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1303| metadata:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1304|-> name: grafana-dashboard-clouddot-insights-hccm-trino",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1305| labels:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1306| grafana_dashboard: \"true\"",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.custom_resource_in_default_namespace",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "60267981eafe9c68b1fd9d346af2d5fa15eb7b29",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dashboards/grafana-dashboard-insights-hccm.configmap.yaml",
+ "line": 5164,
+ "event": "Sigma main event",
+ "message": "The Kubernetes resource uses the `default` namespace by either omitting the `metadata.namespace` field or by explicitly setting the value to `default`. This can cause conflicts with other services and prevents granular access control.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dashboards/grafana-dashboard-insights-hccm.configmap.yaml",
+ "line": 5164,
+ "event": "remediation",
+ "message": "Explicitly set the resource's `metadata.namespace` field to a namespace other than `default`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 5162| kind: ConfigMap",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 5163| metadata:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 5164|-> name: grafana-dashboard-clouddot-insights-hccm",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 5165| labels:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 5166| grafana_dashboard: \"true\"",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.custom_resource_in_default_namespace",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "d32f9f4675189c964eb56b044813235f7cde5b3e",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 4,
+ "event": "Sigma main event",
+ "message": "The Kubernetes resource uses the `default` namespace by either omitting the `metadata.namespace` field or by explicitly setting the value to `default`. This can cause conflicts with other services and prevents granular access control.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 4,
+ "event": "remediation",
+ "message": "Explicitly set the resource's `metadata.namespace` field to a namespace other than `default`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2| kind: Template",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3| metadata:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 4|-> name: koku",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 5| objects:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 6| - apiVersion: cloud.redhat.com/v1alpha1",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.custom_resource_in_default_namespace",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "157e5c791dd48b63063e5682ddd936e7a0e447d3",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/kustomize/base/base.yaml",
+ "line": 4,
+ "event": "Sigma main event",
+ "message": "The Kubernetes resource uses the `default` namespace by either omitting the `metadata.namespace` field or by explicitly setting the value to `default`. This can cause conflicts with other services and prevents granular access control.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/kustomize/base/base.yaml",
+ "line": 4,
+ "event": "remediation",
+ "message": "Explicitly set the resource's `metadata.namespace` field to a namespace other than `default`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2| kind: Template",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3| metadata:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 4|-> name: koku",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 5| objects:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 6| # ====================================================",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.custom_resource_in_default_namespace",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "077bbd1abe5354b8b0b2d2136adae44c639941c0",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dev/scripts/e2e-secrets.yml",
+ "line": 4,
+ "event": "Sigma main event",
+ "message": "The Kubernetes resource uses the `default` namespace by either omitting the `metadata.namespace` field or by explicitly setting the value to `default`. This can cause conflicts with other services and prevents granular access control.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dev/scripts/e2e-secrets.yml",
+ "line": 4,
+ "event": "remediation",
+ "message": "Explicitly set the resource's `metadata.namespace` field to a namespace other than `default`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2| apiVersion: v1",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3| metadata:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 4|-> name: koku-secrets-template",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 5| annotations:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 6| openshift.io/display-name: \"Koku\"",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.default_allow_all_authz_policy",
+ "cwe": 862,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "79fc26f0599e33beea668ab567c13af950ea7587",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1,
+ "event": "Sigma main event",
+ "message": "The API does not have a global security scheme, indicating a default allow-all configuration. Any API operations without an explicit security scheme will allow unauthorized requests.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1,
+ "event": "remediation",
+ "message": "The global security field should contain one or more security schemes, for example `{'security':[{'OAuth2':['read','write']}]}`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1|-> {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2| \"openapi\": \"3.0.0\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3| \"info\": {",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.default_allow_all_authz_policy",
+ "cwe": 862,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "3c7aaab079997a03c6677d37a3a13fef3961f3fa",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 1,
+ "event": "Sigma main event",
+ "message": "The API does not have a global security scheme, indicating a default allow-all configuration. Any API operations without an explicit security scheme will allow unauthorized requests.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 1,
+ "event": "remediation",
+ "message": "The global security field should contain one or more security schemes, for example `{'security':[{'OAuth2':['read','write']}]}`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1|-> {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2| \"openapi\": \"3.0.0\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3| \"info\": {",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.hardcoded_secret",
+ "cwe": 798,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "c2cc2738dc5a384ca43b6c4d0d1c1d6d751469fc",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dev/scripts/test_customer.yaml",
+ "line": 13,
+ "event": "Sigma main event",
+ "message": "A secret, such as a password, cryptographic key, or token is stored in plaintext directly in the source code, in an application's properties, or configuration file. Users with access to the secret may then use the secret to access resources that they otherwise would not have access to. Secret type: Token (generic).",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dev/scripts/test_customer.yaml",
+ "line": 13,
+ "event": "remediation",
+ "message": "Avoid setting sensitive configuration values as string literals. Instead, these values should be set using variables with the sensitive data loaded from an encrypted file or a secret store.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 11| authentication:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 12| credentials:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 13|-> iam_token: '11111111-1111-1111-1111-11111111'",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 14| billing_source:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 15| data_source:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.hardcoded_secret",
+ "cwe": 798,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "df135c8edb8a0e03111ac4a3a5a5e63dabcf3751",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dev/scripts/test_customer.yaml",
+ "line": 52,
+ "event": "Sigma main event",
+ "message": "A secret, such as a password, cryptographic key, or token is stored in plaintext directly in the source code, in an application's properties, or configuration file. Users with access to the secret may then use the secret to access resources that they otherwise would not have access to. Secret type: Secret (generic).",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dev/scripts/test_customer.yaml",
+ "line": 52,
+ "event": "remediation",
+ "message": "Avoid setting sensitive configuration values as string literals. Instead, these values should be set using variables with the sensitive data loaded from an encrypted file or a secret store.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 50| tenant_id: '22222222-2222-2222-2222-22222222'",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 51| client_id: '33333333-3333-3333-3333-33333333'",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 52|-> client_secret: 'MyPassW0rd!'",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 53| billing_source:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 54| data_source:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.hardcoded_secret",
+ "cwe": 798,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "df135c8edb8a0e03111ac4a3a5a5e63dabcf3751",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dev/scripts/test_customer.yaml",
+ "line": 69,
+ "event": "Sigma main event",
+ "message": "A secret, such as a password, cryptographic key, or token is stored in plaintext directly in the source code, in an application's properties, or configuration file. Users with access to the secret may then use the secret to access resources that they otherwise would not have access to. Secret type: Secret (generic).",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dev/scripts/test_customer.yaml",
+ "line": 69,
+ "event": "remediation",
+ "message": "Avoid setting sensitive configuration values as string literals. Instead, these values should be set using variables with the sensitive data loaded from an encrypted file or a secret store.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 67| tenant_id: '22222222-2222-2222-2222-22222223'",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 68| client_id: '33333333-3333-3333-3333-33333334'",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 69|-> client_secret: 'MyPassW0rd!'",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 70| billing_source:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 71| data_source:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.hardcoded_secret",
+ "cwe": 798,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "bdaa89a2d9cf56bef82f0a1bbf6af446c57e9dcb",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 584,
+ "event": "Sigma main event",
+ "message": "A secret, such as a password, cryptographic key, or token is stored in plaintext directly in the source code, in an application's properties, or configuration file. Users with access to the secret may then use the secret to access resources that they otherwise would not have access to. Secret type: Password (generic).",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 584,
+ "event": "remediation",
+ "message": "Avoid setting sensitive configuration values as string literals. Instead, these values should be set using variables with the sensitive data loaded from an encrypted file or a secret store.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 582| environment:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 583| MINIO_ROOT_USER: kokuminioaccess",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 584|-> MINIO_ROOT_PASSWORD: kokuminiosecret",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 585| MINIO_USERNAME: kminio",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 586| MINIO_GROUPNAME: kminio",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.hardcoded_secret",
+ "cwe": 798,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "bb42cc478b718ef9726fcf54d73b65bf256f4d7a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/tox.ini",
+ "line": 34,
+ "event": "Sigma main event",
+ "message": "A secret, such as a password, cryptographic key, or token is stored in plaintext directly in the source code, in an application's properties, or configuration file. Users with access to the secret may then use the secret to access resources that they otherwise would not have access to. Secret type: Password (generic).",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/tox.ini",
+ "line": 34,
+ "event": "remediation",
+ "message": "Avoid setting sensitive configuration values as string literals. Instead, these values should be set using variables with the sensitive data loaded from an encrypted file or a secret store.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 32| DATABASE_USER=koku_tester",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 33| DATABASE_PASSWORD={env:DATABASE_PASSWORD:''}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 34|-> ACCOUNT_ENHANCED_METRICS={env:ACCOUNT_ENHANCED_METRICS:True}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 35| prometheus_multiproc_dir=/tmp",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 36| TRINO_DATE_STEP={env:TRINO_DATE_STEP:31}",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.hardcoded_secret",
+ "cwe": 798,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "ea11f14272b0d69196646d9b0ab91b5ddb3e7171",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/tox.ini",
+ "line": 61,
+ "event": "Sigma main event",
+ "message": "A secret, such as a password, cryptographic key, or token is stored in plaintext directly in the source code, in an application's properties, or configuration file. Users with access to the secret may then use the secret to access resources that they otherwise would not have access to. Secret type: Password (generic).",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/tox.ini",
+ "line": 61,
+ "event": "remediation",
+ "message": "Avoid setting sensitive configuration values as string literals. Instead, these values should be set using variables with the sensitive data loaded from an encrypted file or a secret store.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 59| DATABASE_USER=koku_tester",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 60| DATABASE_PASSWORD={env:DATABASE_PASSWORD:''}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 61|-> PROMETHEUS_MULTIPROC_DIR=/tmp",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 62| UNLEASH_HOST={env:UNLEASH_HOST:localhost}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 63| deps =",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.improper_use_of_add_command",
+ "cwe": 676,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a01ff8b079d056267a515e33ebd3ce49d9b704b8",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/Dockerfile",
+ "line": 94,
+ "event": "Sigma main event",
+ "message": "The Dockerfile uses the `ADD` command to add a local non-tar file or to fetch a remote file into the Docker container. The best use for the `ADD` command is to extract local tar files into Docker containers.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/Dockerfile",
+ "line": 94,
+ "event": "remediation",
+ "message": "For local non-tar files use the `COPY` command. For remote URLs use `curl` or `wget` to manually download the file and then use the `COPY` command to copy the file to the correct location.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 92| ENV VIRTUAL_ENV=${APP_ROOT}/.venv",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 93| ENV \\",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 94|-> # Add the koku virtual env bin to the front of PATH.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 95| # This activates the virtual env for all subsequent python calls.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 96| PATH=\"$VIRTUAL_ENV/bin:$PATH\" \\",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "67739ea40f8cb0e81349d4ac06c9932b636a0c51",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 6,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 6,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 4| services:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 5| koku-base:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 6|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 7| build:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 8| context: .",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "2432192a80051eed253069edead9a09368885e6c",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 20,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 20,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 18| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 19| koku-server:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 20|-> container_name: koku_server",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 21| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 22| working_dir: /koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "153c8954694dace5880a2b7af0b47c3512b89bb6",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 83,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 83,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 81| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 82| masu-server:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 83|-> container_name: masu_server",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 84| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 85| working_dir: /koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "56937202043fa954252920f6f663fd5a573efb3f",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 152,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 152,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 150| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 151| koku-worker:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 152|-> hostname: koku-worker-1",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 153| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 154| working_dir: /koku/koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "8e27cc491a2dc0ec0a665999ae363ec5359dc968",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 246,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 246,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 244| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 245| koku-listener:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 246|-> container_name: koku_listener",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 247| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 248| working_dir: /koku/",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "976843aca9b92a9aaeea7f7d50cf0ec63c8846f3",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 297,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 297,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 295| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 296| subs-worker:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 297|-> container_name: subs_worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 298| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 299| working_dir: /koku/koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "5eb3094fc7d6ff89925db4457ff39347072c9379",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 351,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 351,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 349| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 350| sources-client:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 351|-> container_name: sources_client",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 352| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 353| restart: on-failure:25",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "3c38c2382411e5c239350e06553de82a9220b98c",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 411,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 411,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 409| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 410| koku-beat:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 411|-> container_name: koku_beat",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 412| hostname: koku_beat",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 413| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "b4e00f80a9c3a57a4cdd6695bd3a0b1bb2dd04a7",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 448,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 448,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 446| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 447| db:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 448|-> container_name: koku-db",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 449| image: koku-db:14",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 450| build:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "81112a61992fb1a5257c4b5edaa65500b0471758",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 526,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 526,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 524| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 525| redis:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 526|-> container_name: koku_redis",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 527| image: redis:5.0.4",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 528| ports:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "c1a5c657a1c04160e32f1c757ab44929c38971ad",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 532,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 532,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 530| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 531| pushgateway:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 532|-> container_name: koku-pushgateway",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 533| image: prom/pushgateway",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 534| ports:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "e563b2619c00c0633b87fd1b07a43553ec81c6f6",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 538,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 538,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 536| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 537| pgadmin:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 538|-> container_name: pgAdmin",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 539| image: dpage/pgadmin4",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 540| environment:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f4a3d81a42d64239529f8b00eebaf0829f97e186",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 549,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 549,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 547| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 548| grafana:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 549|-> container_name: koku_grafana",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 550| build:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 551| context: grafana",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "7cc5d7c9e1c6aff3835b52864b23727929d8538e",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 559,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 559,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 557| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 558| unleash:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 559|-> container_name: koku-unleash",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 560| image: unleashorg/unleash-server:5.6.9",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 561| environment:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "4ee76feb2d7925d6e8402f1f6a15bcfebd452c1f",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 580,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 580,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 578| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 579| minio:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 580|-> container_name: koku-minio",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 581| image: minio/minio:RELEASE.2023-09-20T22-49-55Z",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 582| environment:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "1647171b6a91e81ef16d8e78e80987401a911f8a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 597,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 597,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 595| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 596| create-parquet-bucket:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 597|-> image: minio/mc:latest",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 598| depends_on:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 599| - minio",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "753ac4904e6a63bb44a3765c38422ee13c116d36",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 616,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 616,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 614| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 615| hive-metastore:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 616|-> container_name: hive-metastore",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 617| image: quay.io/samdoran/ubi-hive:3.1.3-metastore-036",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 618| ports:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "d82f6c39634a246adea0233c88ea9d9004c58ebe",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 639,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 639,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 637| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 638| trino:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 639|-> container_name: trino",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 640| image: quay.io/samdoran/ubi-trino:443-002",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 641| user: root",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "43741929ba5d4a5573a28459ea8de19cee3fe746",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 5,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 5,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3| services:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 4| koku-base:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 5|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 6| build:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 7| context: ./../..",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "3035ef1a97c96e9aab0f4673ad42369cec0da198",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 11,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 11,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 9| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 10| koku-server:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 11|-> container_name: koku_server",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 12| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 13| working_dir: /koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "5732138d7ce0a9777a3b003deb0cd5acf85208d6",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 61,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 61,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 59| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 60| masu-server:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 61|-> container_name: masu_server",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 62| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 63| working_dir: /koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "ab67eeb99f2cb1b1bcc58797beab97cebc22673c",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 106,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 106,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 104| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 105| redis:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 106|-> container_name: koku_redis",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 107| image: redis:5.0.4",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 108| ports:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "6d8f2a34b262e2b5394ac5f8f8e68882e1115e8d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 112,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 112,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 110| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 111| db:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 112|-> container_name: koku_db",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 113| image: postgres:12",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 114| environment:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "e0e19d9aec02c111f90b1551c99b4e31b8d121c5",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 158,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 158,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 156| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 157| koku-rabbit:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 158|-> container_name: koku_rabbit",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 159| hostname: rabbit",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 160| image: rabbitmq:latest",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f882a5b730a400a0bd611b5d1caad93454333355",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 168,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 168,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 166| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 167| koku-worker:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 168|-> container_name: koku_worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 169| hostname: koku_worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 170| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "82ca62bf2764fe19f0edf865369395b97d9e834b",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 230,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 230,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 228| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 229| koku-listener:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 230|-> container_name: koku_listener",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 231| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 232| working_dir: /koku/",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a924eddd119b7cba265fb1e927d8c454c234eb72",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 278,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 278,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 276| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 277| koku-listener-2:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 278|-> container_name: koku_listener_2",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 279| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 280| working_dir: /koku/",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "0a0e4b132757492075aecc9fcde7240231c70180",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 326,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 326,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 324| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 325| koku-listener-3:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 326|-> container_name: koku_listener_3",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 327| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 328| working_dir: /koku/",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "b6bb320743b83d96fa215dcb4423989f3b0cba97",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 374,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 374,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 372| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 373| sources-client:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 374|-> container_name: sources_client",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 375| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 376| restart: on-failure:25",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "86405721acb0261b89f33c99667377d3223a69a3",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 5,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 5,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3| services:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 4| koku-base:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 5|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 6| build:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 7| context: ${KOKU_PATH}/",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "ff0bad2afe9ffee97c3d3af6d9d252a27c3b69b0",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 11,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 11,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 9| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 10| koku-server:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 11|-> container_name: koku_server",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 12| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 13| working_dir: /koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "c96892e7c1bc26de619d1c235209840137298120",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 61,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 61,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 59| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 60| masu-server:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 61|-> container_name: masu_server",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 62| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 63| working_dir: /koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f2683af1ba9a8286a67d8d1b8d9083293e6398df",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 106,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 106,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 104| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 105| redis:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 106|-> container_name: koku_redis",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 107| image: redis:5.0.4",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 108| ports:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "40c4fd9ad1dc3a86e0cfd45281519de5a97ea283",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 112,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 112,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 110| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 111| db:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 112|-> container_name: koku_db",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 113| image: postgres:12",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 114| environment:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "cdfec2b30c1864987c921687d89b3d16f2ca48e9",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 158,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 158,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 156| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 157| koku-rabbit:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 158|-> container_name: koku_rabbit",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 159| hostname: rabbit",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 160| image: rabbitmq:latest",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "c8c5a70729bf83d81c58b5bff557c4daa6656ad3",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 168,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 168,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 166| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 167| koku-worker-1:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 168|-> container_name: koku_worker_1",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 169| hostname: koku-worker-1-fsfsgr",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 170| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f9f963f85ffda408bd68ff4786fd4eddd6f96b59",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 230,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 230,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 228| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 229| koku-worker-2:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 230|-> container_name: koku_worker_2",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 231| hostname: koku-worker-2-nvnvn",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 232| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "bb11aff313ef0b9a02ad6dd14ce4ff777782fe46",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 292,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 292,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 290| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 291| koku-worker-3:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 292|-> container_name: koku_worker_3",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 293| hostname: koku-worker-3-qqeet",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 294| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "10a1a4deeaa28bbee674a476e3f6a9c93d1d7910",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 354,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 354,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 352| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 353| koku-worker-4:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 354|-> container_name: koku_worker_4",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 355| hostname: koku-worker-4-hjsdfo",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 356| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "383cc6e42fa81ac3e9111a7feece3eb27ef22c19",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 416,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 416,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 414| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 415| koku-worker-5:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 416|-> container_name: koku_worker_5",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 417| hostname: koku-worker-5-jlhlgjl",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 418| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "ac5dc9d849a1e27c05335bfe0fa7a4a6fbd688bd",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 478,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 478,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 476| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 477| koku-worker-6:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 478|-> container_name: koku_worker_6",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 479| hostname: koku-worker-6-jlhlgjl",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 480| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "198f5223e5f14afd671f082f7a55f9afbe6ebf40",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 540,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 540,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 538| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 539| koku-worker-7:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 540|-> container_name: koku_worker_7",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 541| hostname: koku-worker-7-jlhlgjl",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 542| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "3801741e5f8ef61cbd864190acd57c6e0e9f05c8",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 602,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 602,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 600| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 601| koku-worker-8:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 602|-> container_name: koku_worker_8",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 603| hostname: koku-worker-8-jlhlgjl",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 604| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "ef39913d8233558b1f01a58214e95fb2b42ff2d2",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 664,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 664,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 662| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 663| koku-worker-9:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 664|-> container_name: koku_worker_9",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 665| hostname: koku-worker-9-jlhlgjl",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 666| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "2386c962fc93a88f7d60fa4c37fc7d9b46786613",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 726,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 726,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 724| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 725| koku-worker-10:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 726|-> container_name: koku_worker_10",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 727| hostname: koku-worker-10-jlhlgjl",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 728| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f1ce39f54a298debc01c461542b37d5ba2d283c2",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 788,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 788,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 786| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 787| koku-listener:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 788|-> container_name: koku_listener",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 789| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 790| working_dir: /koku/",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f2206c22bdfdff5a534d1ed4eb53362cf712d345",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 836,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 836,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 834| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 835| sources-client:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 836|-> container_name: sources_client",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 837| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 838| restart: on-failure:25",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "9a830769308736f46d174f04bdbca24fe3b5cdaa",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 5,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 5,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3| services:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 4| koku-base:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 5|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 6| build:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 7| context: ./../..",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "494072aef01e66ce08eacb37a2cacbe89fb26a66",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 11,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 11,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 9| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 10| koku-server:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 11|-> container_name: koku_server",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 12| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 13| working_dir: /koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "773116a93d52a09f4651de5d3d2be3f2a9f7c47d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 59,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 59,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 57| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 58| masu-server:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 59|-> container_name: masu_server",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 60| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 61| working_dir: /koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "6c420e913aa229d2576ba9353faf1532be8f23b2",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 109,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 109,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 107| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 108| redis:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 109|-> container_name: koku_redis",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 110| image: redis:5.0.4",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 111| ports:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "696ce4aad21768630a26ae0a9070e42a3cb25012",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 115,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 115,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 113| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 114| db:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 115|-> container_name: koku_db",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 116| image: postgres:12",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 117| environment:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "dd4e715a7048a33e5a12f353dfb96e0b5be31ec3",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 162,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 162,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 160| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 161| koku-worker-ocp:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 162|-> container_name: koku-worker-ocp",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 163| hostname: koku-worker-ocp",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 164| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "2a70b7949b2c1da8225b654611840af44403f11c",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 218,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 218,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 216| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 217| koku-listener:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 218|-> container_name: koku_listener",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 219| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 220| working_dir: /koku/",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "8f2201f8bd57e56bf5eb53dee7b68fd32be070c5",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 263,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 263,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 261| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 262| sources-client:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 263|-> container_name: sources_client",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 264| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 265| restart: on-failure:25",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "269b3150adac0a4c40c19a9a31991b27d98a5786",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 301,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 301,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 299| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 300| priority-worker:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 301|-> container_name: priority-worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 302| hostname: priority-worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 303| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "69c51ecd790eafd0f5ba838f811f04aa9d614976",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 358,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 358,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 356| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 357| download-worker:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 358|-> container_name: download-worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 359| hostname: download-worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 360| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "2f226edc4b4bfcda9b434ef32a3f3f9a9ddba964",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 430,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 430,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 428| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 429| summary-worker:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 430|-> container_name: summary-worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 431| hostname: summary-worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 432| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "ff6d887acff9501c8d82266bc7f8439646da8ec4",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 487,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 487,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 485| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 486| cost-model-worker:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 487|-> container_name: cost-model-worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 488| hostname: cost-model-worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 489| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "2b18212b5ae38e32b996c31c3070bee3ddc4504c",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 544,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 544,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 542| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 543| refresh-worker:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 544|-> container_name: refresh-worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 545| hostname: refresh-worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 546| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f365e10e6fccf779e104497c49d9932a305893b2",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 601,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 601,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 599| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 600| koku-beat:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 601|-> container_name: koku_beat",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 602| hostname: koku_beat",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 603| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "ebc4014cbbbcbaa1919b5ba380cc80e4d014d8f4",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 5,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 5,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3| services:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 4| koku-base:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 5|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 6| build:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 7| context: ./../..",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "aca7783e2346815dcee076d3d6ff687b767b8b28",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 11,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 11,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 9| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 10| koku-server:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 11|-> container_name: koku_server",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 12| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 13| working_dir: /koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "50e4b682e5192fec8ee7cf643782fa38ec781f81",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 61,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 61,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 59| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 60| masu-server:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 61|-> container_name: masu_server",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 62| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 63| working_dir: /koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "3aa5acbb8e58a8807114238652fd2288e510a23a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 105,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 105,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 103| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 104| redis:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 105|-> container_name: koku_redis",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 106| image: redis:5.0.4",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 107| ports:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "afddfda4b8f62d3c985ea632a3aa70ee8b4340fa",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 111,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 111,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 109| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 110| db:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 111|-> container_name: koku_db",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 112| image: postgres:12",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 113| environment:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "22991564bc12f3b9e281b21759d472943d2f5e29",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 157,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 157,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 155| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 156| koku-rabbit:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 157|-> container_name: koku_rabbit",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 158| hostname: rabbit",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 159| image: rabbitmq:latest",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "4d7032f31dcf2180444e3806eeacb9ad60db05c3",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 167,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 167,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 165| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 166| koku-worker-1:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 167|-> container_name: koku_worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 168| hostname: koku-worker-1-jljlkjfg",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 169| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "1bd8c2af9743af08d5245f5c7a4b3ae50a0f3cef",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 229,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 229,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 227| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 228| koku-worker-2:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 229|-> container_name: koku_worker_2",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 230| hostname: koku-worker-2-wefwe",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 231| image: koku_base",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "478bcb4fcbd684ec2f726f504b3c3e84236ec71f",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 291,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 291,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 289| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 290| koku-listener:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 291|-> container_name: koku_listener",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 292| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 293| working_dir: /koku/",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "08301d1556c109ec1d0d3ded376f0060699a14b5",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 339,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 339,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 337| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 338| koku-listener-2:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 339|-> container_name: koku_listener_2",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 340| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 341| working_dir: /koku/",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.least_privilege_violation",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "de56199a5ab4aad07b7139f86fdd3550f29e0794",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 387,
+ "event": "Sigma main event",
+ "message": "The Docker container is not configured to drop all default capabilities and then add only required one. Thus the container may be granted excessive privileges which violate the least privilege principle.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 387,
+ "event": "remediation",
+ "message": "Remove all the default capabilities from the list of capabilities by setting the `cap_drop` value to `ALL` and then add only specific capabilities needed by a container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 385| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 386| sources-client:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 387|-> container_name: sources_client",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 388| image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 389| restart: on-failure:25",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 97,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 97,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 95| \"description\": \"Return download file async task ID.\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 96| \"parameters\": [],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 97|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 98| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 99| \"description\": \"The celery task ID of the download task\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "284a0c14d604dd6f255443d1fffaac53ac097d2f",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 113,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 113,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 111| ]",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 112| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 113|-> \"parameters\": [",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 114| {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 115| \"name\": \"provider_uuid\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 175,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 175,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 173| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 174| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 175|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 176| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 177| \"description\": \"List of tag keys\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 205,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 205,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 203| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 204| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 205|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 206| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 207| \"description\": \"List of tag keys\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "b2b66b9fd0c05fd0951c52b4444a6e5cb93cefca",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 221,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 221,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 219| ]",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 220| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 221|-> \"parameters\": []",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 222| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 223| \"/expired_data/\": {",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 228,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 228,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 226| \"description\": \"Return simulated expired data.\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 227| \"parameters\": [],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 228|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 229| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 230| \"description\": \"Simulate the deletion expired data\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 248,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 248,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 246| \"description\": \"Return expired data.\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 247| \"parameters\": [],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 248|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 249| \"204\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 250| \"description\": \"Delete expired data\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "b2b66b9fd0c05fd0951c52b4444a6e5cb93cefca",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 264,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 264,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 262| ]",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 263| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 264|-> \"parameters\": []",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 265| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 266| \"/hcs_report_data/\": {",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 325,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 325,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 323| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 324| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 325|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 326| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 327| \"description\": \"HCS report task has been queued\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 414,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 414,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 412| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 413| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 414|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 415| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 416| \"description\": \"HCS Finalization task has been queued\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 510,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 510,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 508| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 509| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 510|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 511| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 512| \"description\": \"Data summary task has been queued\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 582,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 582,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 580| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 581| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 582|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 583| \"204\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 584| \"description\": \"Data deletion task has been queued\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "b2b66b9fd0c05fd0951c52b4444a6e5cb93cefca",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 598,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 598,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 596| ]",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 597| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 598|-> \"parameters\": []",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 599| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 600| \"/sources/\": {",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 723,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 723,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 721| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 722| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 723|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 724| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 725| \"description\": \"A paginated list of source objects\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 755,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 755,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 753| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 754| }],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 755|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 756| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 757| \"description\": \"A Source object\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 805,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 805,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 803| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 804| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 805|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 806| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 807| \"description\": \"A Source object\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 845,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 845,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 843| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 844| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 845|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 846| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 847| \"description\": \"\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "b2b66b9fd0c05fd0951c52b4444a6e5cb93cefca",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 861,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 861,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 859| ]",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 860| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 861|-> \"parameters\": []",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 862| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 863| \"/update_cost_model_costs/\": {",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 890,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 890,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 888| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 889| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 890|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 891| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 892| \"description\": \"Update derived cost\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "b2b66b9fd0c05fd0951c52b4444a6e5cb93cefca",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 906,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 906,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 904| ]",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 905| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 906|-> \"parameters\": []",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 907| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 908| \"/update_openshift_on_cloud/\": {",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 967,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 967,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 965| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 966| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 967|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 968| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 969| \"description\": \"Data summary task has been queued\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "b2b66b9fd0c05fd0951c52b4444a6e5cb93cefca",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 983,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 983,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 981| ]",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 982| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 983|-> \"parameters\": []",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 984| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 985| \"/report/process/openshift_on_cloud/\": {",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1044,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1044,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1042| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1043| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1044|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1045| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1046| \"description\": \"Data processing task has been queued\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "b2b66b9fd0c05fd0951c52b4444a6e5cb93cefca",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1060,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1060,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1058| ]",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1059| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1060|-> \"parameters\": []",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1061| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1062| \"/notification/\": {",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1080,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1080,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1078| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1079| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1080|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1081| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1082| \"description\": \"The celery task ID of the notification task\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1115,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1115,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1113| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1114| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1115|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1116| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1117| \"description\": \"The celery task ID of the crawl account hierarchy task\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1158,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1158,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1156| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1157| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1158|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1159| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1160| \"description\": \"Return tree json.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "b2b66b9fd0c05fd0951c52b4444a6e5cb93cefca",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1174,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1174,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1172| ]",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1173| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1174|-> \"parameters\": []",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1175| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1176| \"/running_celery_tasks/\": {",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1181,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1181,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1179| \"operationId\": \"runningCeleryTasks\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1180| \"description\": \"Returns a list of running celery tasks.\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1181|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1182| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1183| \"description\": \"Returns a list of running celery tasks.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1203,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1203,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1201| \"operationId\": \"celeryQueueLength\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1202| \"description\": \"Returns a dictionary of queues with queue length.\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1203|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1204| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1205| \"description\": \"Returns a dictionary of queues with their associated lengths.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1235,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1235,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1233| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1234| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1235|-> \"responses\":{",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1236| \"200\":{",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1237| \"description\": \"Returns the number of tasks cleared the celery queue.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1257,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1257,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1255| \"operationId\": \"dbPerformanceDbVersion\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1256| \"description\": \"Returns a HTML document showing the database version.\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1257|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1258| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1259| \"description\": \"Returns a HTML document showing the database version.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1276,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1276,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1274| \"operationId\": \"dbPerformanceDbSettings\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1275| \"description\": \"Returns a HTML document showing the database software settings.\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1276|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1277| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1278| \"description\": \"Returns a HTML document showing the database software settings.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1330,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1330,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1328| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1329| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1330|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1331| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1332| \"description\": \"Returns a HTML document showing query statement statistics if the pg_stat_statements extension has been installed.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1410,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1410,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1408| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1409| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1410|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1411| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1412| \"description\": \"Returns a HTML document showing current connection activity.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1464,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1464,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1462| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1463| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1464|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1465| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1466| \"description\": \"Returns a HTML document showing any blocking locks and processes that are blocked by them.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1518,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1518,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1516| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1517| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1518|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1519| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1520| \"description\": \"Returns a HTML document showing current connection activity.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1537,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1537,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1535| \"operationId\": \"dbPerformanceExplainQuery\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1536| \"description\": \"Returns a HTML document interface to submit a query for the database to explain.\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1537|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1538| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1539| \"description\": \"Returns a HTML document interface to submit a query for the database to explain.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1577,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1577,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1575| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1576| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1577|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1578| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1579| \"description\": \"Return Plans.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1623,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1623,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1621| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1622| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1623|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1624| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1625| \"description\": \"Returns a dictionary with cost mappings for continuity checks\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1646,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1646,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1644| \"description\": \"Update and return list of exchange rates\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1645| \"parameters\": [],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1646|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1647| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1648| \"description\": \"Returns a dictionary of exchange rates after update\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1762,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1762,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1760| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1761| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1762|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1763| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1764| \"description\": \"An object describing manifest information\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1806,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1806,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1804| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1805| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1806|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1807| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1808| \"description\": \"An object describing manifest information\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1881,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1881,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1879| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1880| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1881|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1882| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1883| \"description\": \"An object describing manifest information\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1921,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1921,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1919| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1920| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1921|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1922| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1923| \"description\": \"Query result.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1961,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1961,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1959| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1960| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1961|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1962| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1963| \"description\": \"JSON with query result.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 2059,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 2059,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2057| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2058| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2059|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2060| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2061| \"description\": \"Returns a dictionary with cost mappings for continuity checks\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 2114,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 2114,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2112| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2113| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2114|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2115| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2116| \"description\": \"Returns a dictionary with cost mappings for continuity checks\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 2137,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 2137,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2135| \"description\": \"Returns the additional context for a specific provider.\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2136| \"parameters\": [],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2137|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2138| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2139| \"description\": \"The additional context field.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 2168,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 2168,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2166| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2167| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2168|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2169| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2170| \"description\": \"The additional context field.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "284a0c14d604dd6f255443d1fffaac53ac097d2f",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 2184,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 2184,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2182| ]",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2183| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2184|-> \"parameters\": [",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2185| {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2186| \"name\": \"provider_uuid\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "233c04b6a29ba7bc0ae2da8a5a2f8f16abe4bb8b",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 40,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 40,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 38| \"required\": true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 39| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 40|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 41| \"201\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 42| \"description\": \"An object describing the source\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "233c04b6a29ba7bc0ae2da8a5a2f8f16abe4bb8b",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 97,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 97,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 95| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 96| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 97|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 98| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 99| \"description\": \"A paginated list of source objects\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "233c04b6a29ba7bc0ae2da8a5a2f8f16abe4bb8b",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 139,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 139,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 137| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 138| }],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 139|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 140| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 141| \"description\": \"A Source object\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "233c04b6a29ba7bc0ae2da8a5a2f8f16abe4bb8b",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 202,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 202,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 200| \"required\": true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 201| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 202|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 203| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 204| \"description\": \"A Source object\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "233c04b6a29ba7bc0ae2da8a5a2f8f16abe4bb8b",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 252,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 252,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 250| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 251| }],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 252|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 253| \"204\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 254| \"description\": \"Source deleted\"",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "233c04b6a29ba7bc0ae2da8a5a2f8f16abe4bb8b",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 306,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 306,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 304| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 305| }],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 306|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 307| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 308| \"description\": \"The status of the source\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "233c04b6a29ba7bc0ae2da8a5a2f8f16abe4bb8b",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 370,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 370,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 368| \"required\": true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 369| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 370|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 371| \"204\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 372| \"description\": \"Status update event was successfully queued.\"",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_tls",
+ "cwe": 319,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "31044ca9f40067b921354798ea36533f60a2008a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dev/containers/trino/etc/config.properties",
+ "line": 4,
+ "event": "Sigma main event",
+ "message": "The application is configured to use a URI with an unencrypted protocol such as `ftp`, `http`, `redis`, or `ws`. Sensitive data transmitted over insecure communication channels can be read and modified by attackers.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dev/containers/trino/etc/config.properties",
+ "line": 4,
+ "event": "remediation",
+ "message": "Configure the URI to use a secure protocol with TLS protections.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2| node-scheduler.include-coordinator=true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3| http-server.http.port=8080",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 4|-> discovery.uri=http://trino:8080",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 5| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 6| jmx.rmiserver.port=10000",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 97,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 97,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 95| \"description\": \"Return download file async task ID.\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 96| \"parameters\": [],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 97|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 98| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 99| \"description\": \"The celery task ID of the download task\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 175,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 175,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 173| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 174| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 175|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 176| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 177| \"description\": \"List of tag keys\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 205,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 205,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 203| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 204| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 205|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 206| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 207| \"description\": \"List of tag keys\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 228,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 228,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 226| \"description\": \"Return simulated expired data.\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 227| \"parameters\": [],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 228|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 229| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 230| \"description\": \"Simulate the deletion expired data\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 248,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 248,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 246| \"description\": \"Return expired data.\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 247| \"parameters\": [],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 248|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 249| \"204\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 250| \"description\": \"Delete expired data\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 325,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 325,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 323| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 324| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 325|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 326| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 327| \"description\": \"HCS report task has been queued\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 414,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 414,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 412| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 413| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 414|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 415| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 416| \"description\": \"HCS Finalization task has been queued\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 510,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 510,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 508| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 509| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 510|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 511| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 512| \"description\": \"Data summary task has been queued\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 582,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 582,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 580| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 581| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 582|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 583| \"204\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 584| \"description\": \"Data deletion task has been queued\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 723,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 723,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 721| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 722| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 723|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 724| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 725| \"description\": \"A paginated list of source objects\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 755,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 755,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 753| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 754| }],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 755|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 756| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 757| \"description\": \"A Source object\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 805,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 805,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 803| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 804| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 805|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 806| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 807| \"description\": \"A Source object\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 845,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 845,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 843| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 844| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 845|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 846| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 847| \"description\": \"\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 890,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 890,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 888| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 889| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 890|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 891| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 892| \"description\": \"Update derived cost\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 967,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 967,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 965| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 966| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 967|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 968| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 969| \"description\": \"Data summary task has been queued\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1044,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1044,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1042| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1043| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1044|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1045| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1046| \"description\": \"Data processing task has been queued\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1080,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1080,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1078| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1079| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1080|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1081| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1082| \"description\": \"The celery task ID of the notification task\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1115,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1115,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1113| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1114| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1115|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1116| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1117| \"description\": \"The celery task ID of the crawl account hierarchy task\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1158,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1158,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1156| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1157| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1158|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1159| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1160| \"description\": \"Return tree json.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1181,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1181,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1179| \"operationId\": \"runningCeleryTasks\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1180| \"description\": \"Returns a list of running celery tasks.\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1181|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1182| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1183| \"description\": \"Returns a list of running celery tasks.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1203,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1203,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1201| \"operationId\": \"celeryQueueLength\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1202| \"description\": \"Returns a dictionary of queues with queue length.\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1203|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1204| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1205| \"description\": \"Returns a dictionary of queues with their associated lengths.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1235,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1235,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1233| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1234| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1235|-> \"responses\":{",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1236| \"200\":{",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1237| \"description\": \"Returns the number of tasks cleared the celery queue.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1257,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1257,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1255| \"operationId\": \"dbPerformanceDbVersion\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1256| \"description\": \"Returns a HTML document showing the database version.\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1257|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1258| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1259| \"description\": \"Returns a HTML document showing the database version.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1276,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1276,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1274| \"operationId\": \"dbPerformanceDbSettings\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1275| \"description\": \"Returns a HTML document showing the database software settings.\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1276|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1277| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1278| \"description\": \"Returns a HTML document showing the database software settings.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1330,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1330,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1328| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1329| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1330|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1331| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1332| \"description\": \"Returns a HTML document showing query statement statistics if the pg_stat_statements extension has been installed.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1410,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1410,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1408| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1409| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1410|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1411| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1412| \"description\": \"Returns a HTML document showing current connection activity.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1464,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1464,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1462| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1463| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1464|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1465| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1466| \"description\": \"Returns a HTML document showing any blocking locks and processes that are blocked by them.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1518,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1518,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1516| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1517| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1518|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1519| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1520| \"description\": \"Returns a HTML document showing current connection activity.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1537,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1537,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1535| \"operationId\": \"dbPerformanceExplainQuery\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1536| \"description\": \"Returns a HTML document interface to submit a query for the database to explain.\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1537|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1538| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1539| \"description\": \"Returns a HTML document interface to submit a query for the database to explain.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1577,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1577,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1575| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1576| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1577|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1578| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1579| \"description\": \"Return Plans.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1623,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1623,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1621| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1622| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1623|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1624| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1625| \"description\": \"Returns a dictionary with cost mappings for continuity checks\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1646,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1646,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1644| \"description\": \"Update and return list of exchange rates\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1645| \"parameters\": [],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1646|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1647| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1648| \"description\": \"Returns a dictionary of exchange rates after update\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1762,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1762,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1760| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1761| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1762|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1763| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1764| \"description\": \"An object describing manifest information\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1806,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1806,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1804| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1805| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1806|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1807| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1808| \"description\": \"An object describing manifest information\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1881,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1881,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1879| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1880| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1881|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1882| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1883| \"description\": \"An object describing manifest information\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1921,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1921,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1919| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1920| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1921|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1922| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1923| \"description\": \"Query result.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1961,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1961,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1959| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1960| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1961|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1962| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1963| \"description\": \"JSON with query result.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 2059,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 2059,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2057| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2058| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2059|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2060| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2061| \"description\": \"Returns a dictionary with cost mappings for continuity checks\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 2114,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 2114,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2112| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2113| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2114|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2115| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2116| \"description\": \"Returns a dictionary with cost mappings for continuity checks\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 2137,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 2137,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2135| \"description\": \"Returns the additional context for a specific provider.\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2136| \"parameters\": [],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2137|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2138| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2139| \"description\": \"The additional context field.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 2168,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 2168,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2166| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2167| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2168|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2169| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2170| \"description\": \"The additional context field.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "0368f4f66e9da743522ed540a6dd6b73fdddc365",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 40,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 40,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 38| \"required\": true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 39| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 40|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 41| \"201\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 42| \"description\": \"An object describing the source\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "0368f4f66e9da743522ed540a6dd6b73fdddc365",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 97,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 97,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 95| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 96| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 97|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 98| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 99| \"description\": \"A paginated list of source objects\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "0368f4f66e9da743522ed540a6dd6b73fdddc365",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 139,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 139,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 137| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 138| }],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 139|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 140| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 141| \"description\": \"A Source object\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "0368f4f66e9da743522ed540a6dd6b73fdddc365",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 202,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 202,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 200| \"required\": true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 201| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 202|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 203| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 204| \"description\": \"A Source object\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "0368f4f66e9da743522ed540a6dd6b73fdddc365",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 252,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 252,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 250| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 251| }],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 252|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 253| \"204\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 254| \"description\": \"Source deleted\"",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "0368f4f66e9da743522ed540a6dd6b73fdddc365",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 306,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 306,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 304| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 305| }],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 306|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 307| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 308| \"description\": \"The status of the source\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "0368f4f66e9da743522ed540a6dd6b73fdddc365",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 370,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 370,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 368| \"required\": true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 369| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 370|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 371| \"204\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 372| \"description\": \"Status update event was successfully queued.\"",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.privileged_container_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "51d9e9395ff930660bad2b7ce8b76a085c96b1a7",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 46,
+ "event": "Sigma main event",
+ "message": "The Docker container has a privileged security context, disabling most security mechanisms and allowing known privilege escalation attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 46,
+ "event": "remediation",
+ "message": "Remove the field `privileged` or explicitly set the value to `false`, and make sure the list of capabilities `cap_add` does not include the value `ALL`. If the container needs access to specific privileged devices or capabilities, consider using the `devices` or `cap_add` flag to authorize only the necessary permissions.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 44| - ENABLE_TRINO_SOURCES",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 45| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 46|-> privileged: true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 47| ports:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 48| - 8000:8000",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.privileged_container_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "51d9e9395ff930660bad2b7ce8b76a085c96b1a7",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 93,
+ "event": "Sigma main event",
+ "message": "The Docker container has a privileged security context, disabling most security mechanisms and allowing known privilege escalation attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 93,
+ "event": "remediation",
+ "message": "Remove the field `privileged` or explicitly set the value to `false`, and make sure the list of capabilities `cap_add` does not include the value `ALL`. If the container needs access to specific privileged devices or capabilities, consider using the `devices` or `cap_add` flag to authorize only the necessary permissions.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 91| - ENABLE_TRINO_SOURCES",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 92| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 93|-> privileged: true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 94| ports:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 95| - 5042:8000",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.privileged_container_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "51d9e9395ff930660bad2b7ce8b76a085c96b1a7",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 210,
+ "event": "Sigma main event",
+ "message": "The Docker container has a privileged security context, disabling most security mechanisms and allowing known privilege escalation attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 210,
+ "event": "remediation",
+ "message": "Remove the field `privileged` or explicitly set the value to `false`, and make sure the list of capabilities `cap_add` does not include the value `ALL`. If the container needs access to specific privileged devices or capabilities, consider using the `devices` or `cap_add` flag to authorize only the necessary permissions.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 208| - ENABLE_TRINO_SOURCES",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 209| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 210|-> privileged: true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 211| volumes:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 212| - './../..:/koku'",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.privileged_container_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "51d9e9395ff930660bad2b7ce8b76a085c96b1a7",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 264,
+ "event": "Sigma main event",
+ "message": "The Docker container has a privileged security context, disabling most security mechanisms and allowing known privilege escalation attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 264,
+ "event": "remediation",
+ "message": "Remove the field `privileged` or explicitly set the value to `false`, and make sure the list of capabilities `cap_add` does not include the value `ALL`. If the container needs access to specific privileged devices or capabilities, consider using the `devices` or `cap_add` flag to authorize only the necessary permissions.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 262| - ENABLE_TRINO_SOURCES",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 263| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 264|-> privileged: true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 265| ports:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 266| - \"9988:9999\"",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.privileged_container_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "51d9e9395ff930660bad2b7ce8b76a085c96b1a7",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 312,
+ "event": "Sigma main event",
+ "message": "The Docker container has a privileged security context, disabling most security mechanisms and allowing known privilege escalation attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 312,
+ "event": "remediation",
+ "message": "Remove the field `privileged` or explicitly set the value to `false`, and make sure the list of capabilities `cap_add` does not include the value `ALL`. If the container needs access to specific privileged devices or capabilities, consider using the `devices` or `cap_add` flag to authorize only the necessary permissions.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 310| - ENABLE_TRINO_SOURCES",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 311| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 312|-> privileged: true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 313| ports:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 314| - \"9989:9999\"",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.privileged_container_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "51d9e9395ff930660bad2b7ce8b76a085c96b1a7",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 360,
+ "event": "Sigma main event",
+ "message": "The Docker container has a privileged security context, disabling most security mechanisms and allowing known privilege escalation attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 360,
+ "event": "remediation",
+ "message": "Remove the field `privileged` or explicitly set the value to `false`, and make sure the list of capabilities `cap_add` does not include the value `ALL`. If the container needs access to specific privileged devices or capabilities, consider using the `devices` or `cap_add` flag to authorize only the necessary permissions.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 358| - ENABLE_TRINO_SOURCES",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 359| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 360|-> privileged: true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 361| ports:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 362| - \"9987:9999\"",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.privileged_container_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "51d9e9395ff930660bad2b7ce8b76a085c96b1a7",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 399,
+ "event": "Sigma main event",
+ "message": "The Docker container has a privileged security context, disabling most security mechanisms and allowing known privilege escalation attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 399,
+ "event": "remediation",
+ "message": "Remove the field `privileged` or explicitly set the value to `false`, and make sure the list of capabilities `cap_add` does not include the value `ALL`. If the container needs access to specific privileged devices or capabilities, consider using the `devices` or `cap_add` flag to authorize only the necessary permissions.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 397| - KOKU_SOURCES_CLIENT_PORT=${KOKU_SOURCES_CLIENT_PORT-9000}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 398| - prometheus_multiproc_dir=/tmp",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 399|-> privileged: true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 400| ports:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 401| - 4000:8080",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.privileged_container_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "39d005525c8589620d2cddca7114adc5a4d8a338",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 46,
+ "event": "Sigma main event",
+ "message": "The Docker container has a privileged security context, disabling most security mechanisms and allowing known privilege escalation attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 46,
+ "event": "remediation",
+ "message": "Remove the field `privileged` or explicitly set the value to `false`, and make sure the list of capabilities `cap_add` does not include the value `ALL`. If the container needs access to specific privileged devices or capabilities, consider using the `devices` or `cap_add` flag to authorize only the necessary permissions.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 44| - ENABLE_TRINO_SOURCES",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 45| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 46|-> privileged: true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 47| ports:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 48| - 8000:8000",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.privileged_container_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "39d005525c8589620d2cddca7114adc5a4d8a338",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 93,
+ "event": "Sigma main event",
+ "message": "The Docker container has a privileged security context, disabling most security mechanisms and allowing known privilege escalation attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 93,
+ "event": "remediation",
+ "message": "Remove the field `privileged` or explicitly set the value to `false`, and make sure the list of capabilities `cap_add` does not include the value `ALL`. If the container needs access to specific privileged devices or capabilities, consider using the `devices` or `cap_add` flag to authorize only the necessary permissions.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 91| - ENABLE_TRINO_SOURCES",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 92| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 93|-> privileged: true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 94| ports:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 95| - 5042:8000",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.privileged_container_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "39d005525c8589620d2cddca7114adc5a4d8a338",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 210,
+ "event": "Sigma main event",
+ "message": "The Docker container has a privileged security context, disabling most security mechanisms and allowing known privilege escalation attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 210,
+ "event": "remediation",
+ "message": "Remove the field `privileged` or explicitly set the value to `false`, and make sure the list of capabilities `cap_add` does not include the value `ALL`. If the container needs access to specific privileged devices or capabilities, consider using the `devices` or `cap_add` flag to authorize only the necessary permissions.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 208| - ENABLE_TRINO_SOURCES",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 209| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 210|-> privileged: true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 211| volumes:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 212| - ${KOKU_PATH}/:/koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.privileged_container_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "39d005525c8589620d2cddca7114adc5a4d8a338",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 272,
+ "event": "Sigma main event",
+ "message": "The Docker container has a privileged security context, disabling most security mechanisms and allowing known privilege escalation attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 272,
+ "event": "remediation",
+ "message": "Remove the field `privileged` or explicitly set the value to `false`, and make sure the list of capabilities `cap_add` does not include the value `ALL`. If the container needs access to specific privileged devices or capabilities, consider using the `devices` or `cap_add` flag to authorize only the necessary permissions.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 270| - ENABLE_TRINO_SOURCES",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 271| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 272|-> privileged: true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 273| volumes:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 274| - ${KOKU_PATH}/:/koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.privileged_container_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "39d005525c8589620d2cddca7114adc5a4d8a338",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 334,
+ "event": "Sigma main event",
+ "message": "The Docker container has a privileged security context, disabling most security mechanisms and allowing known privilege escalation attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 334,
+ "event": "remediation",
+ "message": "Remove the field `privileged` or explicitly set the value to `false`, and make sure the list of capabilities `cap_add` does not include the value `ALL`. If the container needs access to specific privileged devices or capabilities, consider using the `devices` or `cap_add` flag to authorize only the necessary permissions.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 332| - ENABLE_TRINO_SOURCES",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 333| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 334|-> privileged: true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 335| volumes:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 336| - ${KOKU_PATH}/:/koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.privileged_container_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "39d005525c8589620d2cddca7114adc5a4d8a338",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 396,
+ "event": "Sigma main event",
+ "message": "The Docker container has a privileged security context, disabling most security mechanisms and allowing known privilege escalation attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 396,
+ "event": "remediation",
+ "message": "Remove the field `privileged` or explicitly set the value to `false`, and make sure the list of capabilities `cap_add` does not include the value `ALL`. If the container needs access to specific privileged devices or capabilities, consider using the `devices` or `cap_add` flag to authorize only the necessary permissions.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 394| - ENABLE_TRINO_SOURCES",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 395| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 396|-> privileged: true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 397| volumes:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 398| - ${KOKU_PATH}/:/koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.privileged_container_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "39d005525c8589620d2cddca7114adc5a4d8a338",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 458,
+ "event": "Sigma main event",
+ "message": "The Docker container has a privileged security context, disabling most security mechanisms and allowing known privilege escalation attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 458,
+ "event": "remediation",
+ "message": "Remove the field `privileged` or explicitly set the value to `false`, and make sure the list of capabilities `cap_add` does not include the value `ALL`. If the container needs access to specific privileged devices or capabilities, consider using the `devices` or `cap_add` flag to authorize only the necessary permissions.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 456| - ENABLE_TRINO_SOURCES",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 457| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 458|-> privileged: true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 459| volumes:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 460| - ${KOKU_PATH}/:/koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.privileged_container_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "39d005525c8589620d2cddca7114adc5a4d8a338",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 520,
+ "event": "Sigma main event",
+ "message": "The Docker container has a privileged security context, disabling most security mechanisms and allowing known privilege escalation attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 520,
+ "event": "remediation",
+ "message": "Remove the field `privileged` or explicitly set the value to `false`, and make sure the list of capabilities `cap_add` does not include the value `ALL`. If the container needs access to specific privileged devices or capabilities, consider using the `devices` or `cap_add` flag to authorize only the necessary permissions.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 518| - ENABLE_TRINO_SOURCES",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 519| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 520|-> privileged: true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 521| volumes:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 522| - ${KOKU_PATH}/:/koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.privileged_container_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "39d005525c8589620d2cddca7114adc5a4d8a338",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 582,
+ "event": "Sigma main event",
+ "message": "The Docker container has a privileged security context, disabling most security mechanisms and allowing known privilege escalation attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 582,
+ "event": "remediation",
+ "message": "Remove the field `privileged` or explicitly set the value to `false`, and make sure the list of capabilities `cap_add` does not include the value `ALL`. If the container needs access to specific privileged devices or capabilities, consider using the `devices` or `cap_add` flag to authorize only the necessary permissions.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 580| - ENABLE_TRINO_SOURCES",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 581| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 582|-> privileged: true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 583| volumes:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 584| - ${KOKU_PATH}/:/koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.privileged_container_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "39d005525c8589620d2cddca7114adc5a4d8a338",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 644,
+ "event": "Sigma main event",
+ "message": "The Docker container has a privileged security context, disabling most security mechanisms and allowing known privilege escalation attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 644,
+ "event": "remediation",
+ "message": "Remove the field `privileged` or explicitly set the value to `false`, and make sure the list of capabilities `cap_add` does not include the value `ALL`. If the container needs access to specific privileged devices or capabilities, consider using the `devices` or `cap_add` flag to authorize only the necessary permissions.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 642| - ENABLE_TRINO_SOURCES",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 643| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 644|-> privileged: true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 645| volumes:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 646| - ${KOKU_PATH}/:/koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.privileged_container_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "39d005525c8589620d2cddca7114adc5a4d8a338",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 706,
+ "event": "Sigma main event",
+ "message": "The Docker container has a privileged security context, disabling most security mechanisms and allowing known privilege escalation attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 706,
+ "event": "remediation",
+ "message": "Remove the field `privileged` or explicitly set the value to `false`, and make sure the list of capabilities `cap_add` does not include the value `ALL`. If the container needs access to specific privileged devices or capabilities, consider using the `devices` or `cap_add` flag to authorize only the necessary permissions.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 704| - ENABLE_TRINO_SOURCES",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 705| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 706|-> privileged: true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 707| volumes:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 708| - ${KOKU_PATH}/:/koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.privileged_container_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "39d005525c8589620d2cddca7114adc5a4d8a338",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 768,
+ "event": "Sigma main event",
+ "message": "The Docker container has a privileged security context, disabling most security mechanisms and allowing known privilege escalation attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 768,
+ "event": "remediation",
+ "message": "Remove the field `privileged` or explicitly set the value to `false`, and make sure the list of capabilities `cap_add` does not include the value `ALL`. If the container needs access to specific privileged devices or capabilities, consider using the `devices` or `cap_add` flag to authorize only the necessary permissions.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 766| - ENABLE_TRINO_SOURCES",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 767| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 768|-> privileged: true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 769| volumes:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 770| - ${KOKU_PATH}/:/koku",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.privileged_container_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "39d005525c8589620d2cddca7114adc5a4d8a338",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 822,
+ "event": "Sigma main event",
+ "message": "The Docker container has a privileged security context, disabling most security mechanisms and allowing known privilege escalation attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 822,
+ "event": "remediation",
+ "message": "Remove the field `privileged` or explicitly set the value to `false`, and make sure the list of capabilities `cap_add` does not include the value `ALL`. If the container needs access to specific privileged devices or capabilities, consider using the `devices` or `cap_add` flag to authorize only the necessary permissions.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 820| - ENABLE_TRINO_SOURCES",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 821| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 822|-> privileged: true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 823| ports:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 824| - \"9988:9999\"",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.privileged_container_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "39d005525c8589620d2cddca7114adc5a4d8a338",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 861,
+ "event": "Sigma main event",
+ "message": "The Docker container has a privileged security context, disabling most security mechanisms and allowing known privilege escalation attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 861,
+ "event": "remediation",
+ "message": "Remove the field `privileged` or explicitly set the value to `false`, and make sure the list of capabilities `cap_add` does not include the value `ALL`. If the container needs access to specific privileged devices or capabilities, consider using the `devices` or `cap_add` flag to authorize only the necessary permissions.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 859| - KOKU_SOURCES_CLIENT_PORT=${KOKU_SOURCES_CLIENT_PORT-9000}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 860| - prometheus_multiproc_dir=/tmp",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 861|-> privileged: true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 862| ports:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 863| - 4000:8080",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.privileged_container_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "642171be4fc6680173c763e80baceda9cf7a8036",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 44,
+ "event": "Sigma main event",
+ "message": "The Docker container has a privileged security context, disabling most security mechanisms and allowing known privilege escalation attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 44,
+ "event": "remediation",
+ "message": "Remove the field `privileged` or explicitly set the value to `false`, and make sure the list of capabilities `cap_add` does not include the value `ALL`. If the container needs access to specific privileged devices or capabilities, consider using the `devices` or `cap_add` flag to authorize only the necessary permissions.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 42| - ENABLE_TRINO_SOURCES",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 43| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 44|-> privileged: true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 45| ports:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 46| - 8000:8000",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.privileged_container_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "642171be4fc6680173c763e80baceda9cf7a8036",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 96,
+ "event": "Sigma main event",
+ "message": "The Docker container has a privileged security context, disabling most security mechanisms and allowing known privilege escalation attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 96,
+ "event": "remediation",
+ "message": "Remove the field `privileged` or explicitly set the value to `false`, and make sure the list of capabilities `cap_add` does not include the value `ALL`. If the container needs access to specific privileged devices or capabilities, consider using the `devices` or `cap_add` flag to authorize only the necessary permissions.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 94| - ENABLE_TRINO_SOURCES",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 95| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 96|-> privileged: true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 97| ports:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 98| - 5042:8000",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.privileged_container_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "642171be4fc6680173c763e80baceda9cf7a8036",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 207,
+ "event": "Sigma main event",
+ "message": "The Docker container has a privileged security context, disabling most security mechanisms and allowing known privilege escalation attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 207,
+ "event": "remediation",
+ "message": "Remove the field `privileged` or explicitly set the value to `false`, and make sure the list of capabilities `cap_add` does not include the value `ALL`. If the container needs access to specific privileged devices or capabilities, consider using the `devices` or `cap_add` flag to authorize only the necessary permissions.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 205| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 206| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 207|-> privileged: true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 208| volumes:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 209| - './../..:/koku/'",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.privileged_container_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "642171be4fc6680173c763e80baceda9cf7a8036",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 250,
+ "event": "Sigma main event",
+ "message": "The Docker container has a privileged security context, disabling most security mechanisms and allowing known privilege escalation attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 250,
+ "event": "remediation",
+ "message": "Remove the field `privileged` or explicitly set the value to `false`, and make sure the list of capabilities `cap_add` does not include the value `ALL`. If the container needs access to specific privileged devices or capabilities, consider using the `devices` or `cap_add` flag to authorize only the necessary permissions.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 248| - ENABLE_TRINO_SOURCES",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 249| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 250|-> privileged: true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 251| ports:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 252| - \"9988:9999\"",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.privileged_container_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "642171be4fc6680173c763e80baceda9cf7a8036",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 288,
+ "event": "Sigma main event",
+ "message": "The Docker container has a privileged security context, disabling most security mechanisms and allowing known privilege escalation attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 288,
+ "event": "remediation",
+ "message": "Remove the field `privileged` or explicitly set the value to `false`, and make sure the list of capabilities `cap_add` does not include the value `ALL`. If the container needs access to specific privileged devices or capabilities, consider using the `devices` or `cap_add` flag to authorize only the necessary permissions.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 286| - KOKU_SOURCES_CLIENT_PORT=${KOKU_SOURCES_CLIENT_PORT-9000}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 287| - prometheus_multiproc_dir=/tmp",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 288|-> privileged: true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 289| ports:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 290| - 4000:8080",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.privileged_container_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "642171be4fc6680173c763e80baceda9cf7a8036",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 350,
+ "event": "Sigma main event",
+ "message": "The Docker container has a privileged security context, disabling most security mechanisms and allowing known privilege escalation attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 350,
+ "event": "remediation",
+ "message": "Remove the field `privileged` or explicitly set the value to `false`, and make sure the list of capabilities `cap_add` does not include the value `ALL`. If the container needs access to specific privileged devices or capabilities, consider using the `devices` or `cap_add` flag to authorize only the necessary permissions.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 348| - './../..:/koku/'",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 349| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 350|-> privileged: true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 351| links:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 352| - redis",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.privileged_container_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "642171be4fc6680173c763e80baceda9cf7a8036",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 422,
+ "event": "Sigma main event",
+ "message": "The Docker container has a privileged security context, disabling most security mechanisms and allowing known privilege escalation attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 422,
+ "event": "remediation",
+ "message": "Remove the field `privileged` or explicitly set the value to `false`, and make sure the list of capabilities `cap_add` does not include the value `ALL`. If the container needs access to specific privileged devices or capabilities, consider using the `devices` or `cap_add` flag to authorize only the necessary permissions.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 420| - './../../testing/local_providers/gcp_local_3/:/tmp/gcp_local_bucket_3'",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 421| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 422|-> privileged: true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 423| links:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 424| - redis",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.privileged_container_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "642171be4fc6680173c763e80baceda9cf7a8036",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 479,
+ "event": "Sigma main event",
+ "message": "The Docker container has a privileged security context, disabling most security mechanisms and allowing known privilege escalation attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 479,
+ "event": "remediation",
+ "message": "Remove the field `privileged` or explicitly set the value to `false`, and make sure the list of capabilities `cap_add` does not include the value `ALL`. If the container needs access to specific privileged devices or capabilities, consider using the `devices` or `cap_add` flag to authorize only the necessary permissions.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 477| - './../..:/koku/'",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 478| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 479|-> privileged: true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 480| links:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 481| - redis",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.privileged_container_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "642171be4fc6680173c763e80baceda9cf7a8036",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 536,
+ "event": "Sigma main event",
+ "message": "The Docker container has a privileged security context, disabling most security mechanisms and allowing known privilege escalation attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 536,
+ "event": "remediation",
+ "message": "Remove the field `privileged` or explicitly set the value to `false`, and make sure the list of capabilities `cap_add` does not include the value `ALL`. If the container needs access to specific privileged devices or capabilities, consider using the `devices` or `cap_add` flag to authorize only the necessary permissions.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 534| - './../..:/koku/'",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 535| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 536|-> privileged: true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 537| links:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 538| - redis",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.privileged_container_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "642171be4fc6680173c763e80baceda9cf7a8036",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 593,
+ "event": "Sigma main event",
+ "message": "The Docker container has a privileged security context, disabling most security mechanisms and allowing known privilege escalation attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 593,
+ "event": "remediation",
+ "message": "Remove the field `privileged` or explicitly set the value to `false`, and make sure the list of capabilities `cap_add` does not include the value `ALL`. If the container needs access to specific privileged devices or capabilities, consider using the `devices` or `cap_add` flag to authorize only the necessary permissions.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 591| - './../..:/koku/'",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 592| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 593|-> privileged: true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 594| links:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 595| - redis",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.privileged_container_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "642171be4fc6680173c763e80baceda9cf7a8036",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 647,
+ "event": "Sigma main event",
+ "message": "The Docker container has a privileged security context, disabling most security mechanisms and allowing known privilege escalation attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 647,
+ "event": "remediation",
+ "message": "Remove the field `privileged` or explicitly set the value to `false`, and make sure the list of capabilities `cap_add` does not include the value `ALL`. If the container needs access to specific privileged devices or capabilities, consider using the `devices` or `cap_add` flag to authorize only the necessary permissions.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 645| - DATE_OVERRIDE",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 646| - MASU_DEBUG",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 647|-> privileged: true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 648| volumes:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 649| - './../..:/koku/'",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.privileged_container_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "e360c28ef1b9528f7ebbee19c3d9b8857cf34cf4",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 46,
+ "event": "Sigma main event",
+ "message": "The Docker container has a privileged security context, disabling most security mechanisms and allowing known privilege escalation attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 46,
+ "event": "remediation",
+ "message": "Remove the field `privileged` or explicitly set the value to `false`, and make sure the list of capabilities `cap_add` does not include the value `ALL`. If the container needs access to specific privileged devices or capabilities, consider using the `devices` or `cap_add` flag to authorize only the necessary permissions.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 44| - ENABLE_TRINO_SOURCES",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 45| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 46|-> privileged: true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 47| ports:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 48| - 8000:8000",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.privileged_container_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "e360c28ef1b9528f7ebbee19c3d9b8857cf34cf4",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 92,
+ "event": "Sigma main event",
+ "message": "The Docker container has a privileged security context, disabling most security mechanisms and allowing known privilege escalation attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 92,
+ "event": "remediation",
+ "message": "Remove the field `privileged` or explicitly set the value to `false`, and make sure the list of capabilities `cap_add` does not include the value `ALL`. If the container needs access to specific privileged devices or capabilities, consider using the `devices` or `cap_add` flag to authorize only the necessary permissions.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 90| - ENABLE_TRINO_SOURCES",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 91| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 92|-> privileged: true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 93| ports:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 94| - 5042:8000",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.privileged_container_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "e360c28ef1b9528f7ebbee19c3d9b8857cf34cf4",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 209,
+ "event": "Sigma main event",
+ "message": "The Docker container has a privileged security context, disabling most security mechanisms and allowing known privilege escalation attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 209,
+ "event": "remediation",
+ "message": "Remove the field `privileged` or explicitly set the value to `false`, and make sure the list of capabilities `cap_add` does not include the value `ALL`. If the container needs access to specific privileged devices or capabilities, consider using the `devices` or `cap_add` flag to authorize only the necessary permissions.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 207| - ENABLE_TRINO_SOURCES",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 208| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 209|-> privileged: true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 210| volumes:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 211| - './../..:/koku'",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.privileged_container_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "e360c28ef1b9528f7ebbee19c3d9b8857cf34cf4",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 271,
+ "event": "Sigma main event",
+ "message": "The Docker container has a privileged security context, disabling most security mechanisms and allowing known privilege escalation attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 271,
+ "event": "remediation",
+ "message": "Remove the field `privileged` or explicitly set the value to `false`, and make sure the list of capabilities `cap_add` does not include the value `ALL`. If the container needs access to specific privileged devices or capabilities, consider using the `devices` or `cap_add` flag to authorize only the necessary permissions.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 269| - ENABLE_TRINO_SOURCES",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 270| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 271|-> privileged: true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 272| volumes:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 273| - './../..:/koku'",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.privileged_container_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "e360c28ef1b9528f7ebbee19c3d9b8857cf34cf4",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 325,
+ "event": "Sigma main event",
+ "message": "The Docker container has a privileged security context, disabling most security mechanisms and allowing known privilege escalation attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 325,
+ "event": "remediation",
+ "message": "Remove the field `privileged` or explicitly set the value to `false`, and make sure the list of capabilities `cap_add` does not include the value `ALL`. If the container needs access to specific privileged devices or capabilities, consider using the `devices` or `cap_add` flag to authorize only the necessary permissions.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 323| - ENABLE_TRINO_SOURCES",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 324| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 325|-> privileged: true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 326| ports:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 327| - \"9988:9999\"",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.privileged_container_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "e360c28ef1b9528f7ebbee19c3d9b8857cf34cf4",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 373,
+ "event": "Sigma main event",
+ "message": "The Docker container has a privileged security context, disabling most security mechanisms and allowing known privilege escalation attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 373,
+ "event": "remediation",
+ "message": "Remove the field `privileged` or explicitly set the value to `false`, and make sure the list of capabilities `cap_add` does not include the value `ALL`. If the container needs access to specific privileged devices or capabilities, consider using the `devices` or `cap_add` flag to authorize only the necessary permissions.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 371| - ENABLE_TRINO_SOURCES",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 372| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 373|-> privileged: true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 374| ports:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 375| - \"9989:9999\"",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.privileged_container_allowed",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "e360c28ef1b9528f7ebbee19c3d9b8857cf34cf4",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 412,
+ "event": "Sigma main event",
+ "message": "The Docker container has a privileged security context, disabling most security mechanisms and allowing known privilege escalation attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 412,
+ "event": "remediation",
+ "message": "Remove the field `privileged` or explicitly set the value to `false`, and make sure the list of capabilities `cap_add` does not include the value `ALL`. If the container needs access to specific privileged devices or capabilities, consider using the `devices` or `cap_add` flag to authorize only the necessary permissions.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 410| - KOKU_SOURCES_CLIENT_PORT=${KOKU_SOURCES_CLIENT_PORT-9000}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 411| - prometheus_multiproc_dir=/tmp",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 412|-> privileged: true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 413| ports:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 414| - 4000:8080",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.shell_missing_pipefail",
+ "cwe": 755,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "18f5de80314c2e542c859629a8683623f69905fd",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/grafana/Dockerfile-grafana",
+ "line": 6,
+ "event": "Sigma main event",
+ "message": "The Dockerfile command directs output through the pipe operator `|` without enabling the shell option `pipefail`. As a result, the exit code will be determined by the success or failure of the last command, ignoring any upstream failures in the pipe chain. This can result in unexpected behavior due to undetected build failures.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/grafana/Dockerfile-grafana",
+ "line": 6,
+ "event": "remediation",
+ "message": "Explicitly set the `pipefail` option for the current shell context when using the pipe operator `|`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 4| USER grafana",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 5| COPY --chown=grafana:root grafana.db.sql /var/lib/grafana/grafana.db.sql",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 6|-> RUN cat /var/lib/grafana/grafana.db.sql | sqlite3 /var/lib/grafana/grafana.db && rm /var/lib/grafana/grafana.db.sql",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f0a612596a7e349129632cc9afdd97192e1557b9",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/Dockerfile",
+ "line": 1,
+ "event": "Sigma main event",
+ "message": "The Dockerfile `FROM` instruction does not pin the docker image to a stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which may affect application reliability or introduce security vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/Dockerfile",
+ "line": 1,
+ "event": "remediation",
+ "message": "Explicitly pin the image version to a stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1|-> FROM registry.access.redhat.com/ubi8/ubi-minimal:latest AS base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3| USER root",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "4d4628274034bcfdc13b08c08ee75f7eaa87921f",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/Dockerfile",
+ "line": 66,
+ "event": "Sigma main event",
+ "message": "The Dockerfile `FROM` instruction does not pin the docker image to a stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which may affect application reliability or introduce security vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/Dockerfile",
+ "line": 66,
+ "event": "remediation",
+ "message": "Explicitly pin the image version to a stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 64| ARG TARGETARCH",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 65| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 66|-> FROM stage-${TARGETARCH} AS final",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 67| # PIPENV_DEV is set to true in the docker-compose allowing",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 68| # local builds to install the dev dependencies",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "b4238aa56f7b695a8f9e6d2da689b8834b97bc81",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 6,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 6,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 4| services:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 5| koku-base:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 6|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 7| build:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 8| context: .",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "b4238aa56f7b695a8f9e6d2da689b8834b97bc81",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 21,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 21,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 19| koku-server:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 20| container_name: koku_server",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 21|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 22| working_dir: /koku",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 23| entrypoint:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "b4238aa56f7b695a8f9e6d2da689b8834b97bc81",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 84,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 84,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 82| masu-server:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 83| container_name: masu_server",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 84|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 85| working_dir: /koku",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 86| entrypoint:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "b4238aa56f7b695a8f9e6d2da689b8834b97bc81",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 153,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 153,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 151| koku-worker:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 152| hostname: koku-worker-1",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 153|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 154| working_dir: /koku/koku",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 155| entrypoint:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "b4238aa56f7b695a8f9e6d2da689b8834b97bc81",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 247,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 247,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 245| koku-listener:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 246| container_name: koku_listener",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 247|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 248| working_dir: /koku/",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 249| entrypoint: ['watchmedo', 'auto-restart', '--directory=./koku', '--pattern=*.py', '--ignore-patterns=*test*', '--recursive', '--', 'python', 'koku/manage.py', 'listener']",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "b4238aa56f7b695a8f9e6d2da689b8834b97bc81",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 298,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 298,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 296| subs-worker:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 297| container_name: subs_worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 298|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 299| working_dir: /koku/koku",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 300| entrypoint: ['watchmedo', 'auto-restart', '--directory=./', '--pattern=*.py', '--ignore-patterns=*test*', '--recursive', '--', 'celery', '-A', 'koku', 'worker', '--without-gossip', '-l', 'info', '-Q', 'subs_extraction,subs_transmission']",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "b4238aa56f7b695a8f9e6d2da689b8834b97bc81",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 352,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 352,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 350| sources-client:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 351| container_name: sources_client",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 352|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 353| restart: on-failure:25",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 354| working_dir: /koku/",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "b4238aa56f7b695a8f9e6d2da689b8834b97bc81",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 413,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 413,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 411| container_name: koku_beat",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 412| hostname: koku_beat",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 413|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 414| working_dir: /koku/koku",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 415| entrypoint: ['celery', '-A', 'koku', 'beat', '-l', 'info']",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "775a045fdace3b30528c5f0705f8949bcfa561c3",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 533,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 533,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 531| pushgateway:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 532| container_name: koku-pushgateway",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 533|-> image: prom/pushgateway",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 534| ports:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 535| - 9091:9091",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f16d3303085ea60d43d7e56ea7e2b65fe52bf9b1",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 539,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 539,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 537| pgadmin:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 538| container_name: pgAdmin",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 539|-> image: dpage/pgadmin4",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 540| environment:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 541| - PGADMIN_DEFAULT_EMAIL=${PGADMIN_EMAIL-postgres@local.dev}",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "1bf8a552e5a92ca576145d29e81d731cb71cbd85",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 597,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/docker-compose.yml",
+ "line": 597,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 595| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 596| create-parquet-bucket:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 597|-> image: minio/mc:latest",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 598| depends_on:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 599| - minio",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "497062b9a21759cd0ab8feebd1e4101a1c201dea",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/grafana/Dockerfile-grafana",
+ "line": 1,
+ "event": "Sigma main event",
+ "message": "The Dockerfile `FROM` instruction does not pin the docker image to a stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which may affect application reliability or introduce security vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/grafana/Dockerfile-grafana",
+ "line": 1,
+ "event": "remediation",
+ "message": "Explicitly pin the image version to a stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1|-> FROM grafana/grafana:latest",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2| USER root",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3| RUN apk add sqlite",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "7a7e3cbdf32b30c5b55438751f52390c3ee8ec3c",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 5,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 5,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3| services:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 4| koku-base:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 5|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 6| build:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 7| context: ./../..",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "7a7e3cbdf32b30c5b55438751f52390c3ee8ec3c",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 12,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 12,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 10| koku-server:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 11| container_name: koku_server",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 12|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 13| working_dir: /koku",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 14| entrypoint:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "7a7e3cbdf32b30c5b55438751f52390c3ee8ec3c",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 62,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 62,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 60| masu-server:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 61| container_name: masu_server",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 62|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 63| working_dir: /koku",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 64| entrypoint:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "63bbf6a4ddd5434505f77f22fd27d320d4ca0881",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 160,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 160,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 158| container_name: koku_rabbit",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 159| hostname: rabbit",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 160|-> image: rabbitmq:latest",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 161| environment:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 162| - RABBITMQ_DEFAULT_USER=guest",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "7a7e3cbdf32b30c5b55438751f52390c3ee8ec3c",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 170,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 170,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 168| container_name: koku_worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 169| hostname: koku_worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 170|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 171| working_dir: /koku/koku",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 172| entrypoint: ['watchmedo', 'auto-restart', '--directory=./', '--pattern=*.py', '--recursive', '--', 'celery', '-A', 'koku', 'worker', '--without-gossip', '-l', 'info', '-Q', 'celery,download,remove_expired,reporting,process,upload,customer_data_sync,delete_archived_data,query_upload']",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "7a7e3cbdf32b30c5b55438751f52390c3ee8ec3c",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 231,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 231,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 229| koku-listener:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 230| container_name: koku_listener",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 231|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 232| working_dir: /koku/",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 233| entrypoint: ['python', 'koku/manage.py', 'listener']",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "7a7e3cbdf32b30c5b55438751f52390c3ee8ec3c",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 279,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 279,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 277| koku-listener-2:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 278| container_name: koku_listener_2",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 279|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 280| working_dir: /koku/",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 281| entrypoint: ['python', 'koku/manage.py', 'listener']",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "7a7e3cbdf32b30c5b55438751f52390c3ee8ec3c",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 327,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 327,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 325| koku-listener-3:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 326| container_name: koku_listener_3",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 327|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 328| working_dir: /koku/",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 329| entrypoint: ['python', 'koku/manage.py', 'listener']",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "7a7e3cbdf32b30c5b55438751f52390c3ee8ec3c",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 375,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 375,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 373| sources-client:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 374| container_name: sources_client",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 375|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 376| restart: on-failure:25",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 377| working_dir: /koku/",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "010230905555debccdcbdb20aa6724a14bee74c3",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 5,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 5,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3| services:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 4| koku-base:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 5|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 6| build:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 7| context: ${KOKU_PATH}/",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "010230905555debccdcbdb20aa6724a14bee74c3",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 12,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 12,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 10| koku-server:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 11| container_name: koku_server",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 12|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 13| working_dir: /koku",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 14| entrypoint:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "010230905555debccdcbdb20aa6724a14bee74c3",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 62,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 62,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 60| masu-server:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 61| container_name: masu_server",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 62|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 63| working_dir: /koku",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 64| entrypoint:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "00c510cf3b8280e3b3d3a04ce817afba0f492aea",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 160,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 160,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 158| container_name: koku_rabbit",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 159| hostname: rabbit",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 160|-> image: rabbitmq:latest",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 161| environment:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 162| - RABBITMQ_DEFAULT_USER=guest",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "010230905555debccdcbdb20aa6724a14bee74c3",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 170,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 170,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 168| container_name: koku_worker_1",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 169| hostname: koku-worker-1-fsfsgr",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 170|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 171| working_dir: /koku/koku",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 172| entrypoint: ['watchmedo', 'auto-restart', '--directory=./', '--pattern=*.py', '--recursive', '--', 'celery', '-A', 'koku', 'worker', '--without-gossip', '-l', 'info', '-Q', 'celery,download,remove_expired,reporting,process,upload,customer_data_sync,delete_archived_data,query_upload']",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "010230905555debccdcbdb20aa6724a14bee74c3",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 232,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 232,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 230| container_name: koku_worker_2",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 231| hostname: koku-worker-2-nvnvn",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 232|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 233| working_dir: /koku/koku",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 234| entrypoint: ['watchmedo', 'auto-restart', '--directory=./', '--pattern=*.py', '--recursive', '--', 'celery', '-A', 'koku', 'worker', '--without-gossip', '-l', 'info', '-Q', 'celery,download,remove_expired,reporting,process,upload,customer_data_sync,delete_archived_data,query_upload']",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "010230905555debccdcbdb20aa6724a14bee74c3",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 294,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 294,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 292| container_name: koku_worker_3",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 293| hostname: koku-worker-3-qqeet",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 294|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 295| working_dir: /koku/koku",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 296| entrypoint: ['watchmedo', 'auto-restart', '--directory=./', '--pattern=*.py', '--recursive', '--', 'celery', '-A', 'koku', 'worker', '--without-gossip', '-l', 'info', '-Q', 'celery,download,remove_expired,reporting,process,upload,customer_data_sync,delete_archived_data,query_upload']",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "010230905555debccdcbdb20aa6724a14bee74c3",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 356,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 356,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 354| container_name: koku_worker_4",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 355| hostname: koku-worker-4-hjsdfo",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 356|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 357| working_dir: /koku/koku",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 358| entrypoint: ['watchmedo', 'auto-restart', '--directory=./', '--pattern=*.py', '--recursive', '--', 'celery', '-A', 'koku', 'worker', '--without-gossip', '-l', 'info', '-Q', 'celery,download,remove_expired,reporting,process,upload,customer_data_sync,delete_archived_data,query_upload']",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "010230905555debccdcbdb20aa6724a14bee74c3",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 418,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 418,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 416| container_name: koku_worker_5",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 417| hostname: koku-worker-5-jlhlgjl",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 418|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 419| working_dir: /koku/koku",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 420| entrypoint: ['watchmedo', 'auto-restart', '--directory=./', '--pattern=*.py', '--recursive', '--', 'celery', '-A', 'koku', 'worker', '--without-gossip', '-l', 'info', '-Q', 'celery,download,remove_expired,reporting,process,upload,customer_data_sync,delete_archived_data,query_upload']",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "010230905555debccdcbdb20aa6724a14bee74c3",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 480,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 480,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 478| container_name: koku_worker_6",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 479| hostname: koku-worker-6-jlhlgjl",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 480|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 481| working_dir: /koku/koku",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 482| entrypoint: ['watchmedo', 'auto-restart', '--directory=./', '--pattern=*.py', '--recursive', '--', 'celery', '-A', 'koku', 'worker', '--without-gossip', '-l', 'info', '-Q', 'celery,download,remove_expired,reporting,process,upload,customer_data_sync,delete_archived_data,query_upload']",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "010230905555debccdcbdb20aa6724a14bee74c3",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 542,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 542,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 540| container_name: koku_worker_7",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 541| hostname: koku-worker-7-jlhlgjl",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 542|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 543| working_dir: /koku/koku",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 544| entrypoint: ['watchmedo', 'auto-restart', '--directory=./', '--pattern=*.py', '--recursive', '--', 'celery', '-A', 'koku', 'worker', '--without-gossip', '-l', 'info', '-Q', 'celery,download,remove_expired,reporting,process,upload,customer_data_sync,delete_archived_data,query_upload']",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "010230905555debccdcbdb20aa6724a14bee74c3",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 604,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 604,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 602| container_name: koku_worker_8",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 603| hostname: koku-worker-8-jlhlgjl",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 604|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 605| working_dir: /koku/koku",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 606| entrypoint: ['watchmedo', 'auto-restart', '--directory=./', '--pattern=*.py', '--recursive', '--', 'celery', '-A', 'koku', 'worker', '--without-gossip', '-l', 'info', '-Q', 'celery,download,remove_expired,reporting,process,upload,customer_data_sync,delete_archived_data,query_upload']",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "010230905555debccdcbdb20aa6724a14bee74c3",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 666,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 666,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 664| container_name: koku_worker_9",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 665| hostname: koku-worker-9-jlhlgjl",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 666|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 667| working_dir: /koku/koku",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 668| entrypoint: ['watchmedo', 'auto-restart', '--directory=./', '--pattern=*.py', '--recursive', '--', 'celery', '-A', 'koku', 'worker', '--without-gossip', '-l', 'info', '-Q', 'celery,download,remove_expired,reporting,process,upload,customer_data_sync,delete_archived_data,query_upload']",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "010230905555debccdcbdb20aa6724a14bee74c3",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 728,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 728,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 726| container_name: koku_worker_10",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 727| hostname: koku-worker-10-jlhlgjl",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 728|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 729| working_dir: /koku/koku",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 730| entrypoint: ['watchmedo', 'auto-restart', '--directory=./', '--pattern=*.py', '--recursive', '--', 'celery', '-A', 'koku', 'worker', '--without-gossip', '-l', 'info', '-Q', 'celery,download,remove_expired,reporting,process,upload,customer_data_sync,delete_archived_data,query_upload']",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "010230905555debccdcbdb20aa6724a14bee74c3",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 789,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 789,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 787| koku-listener:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 788| container_name: koku_listener",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 789|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 790| working_dir: /koku/",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 791| entrypoint: ['python', 'koku/manage.py', 'listener']",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "010230905555debccdcbdb20aa6724a14bee74c3",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 837,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 837,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 835| sources-client:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 836| container_name: sources_client",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 837|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 838| restart: on-failure:25",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 839| working_dir: /koku/",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "d7e41d945fd87ea77ce0e3741279616e3b068cf3",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 5,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 5,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3| services:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 4| koku-base:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 5|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 6| build:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 7| context: ./../..",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "d7e41d945fd87ea77ce0e3741279616e3b068cf3",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 12,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 12,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 10| koku-server:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 11| container_name: koku_server",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 12|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 13| working_dir: /koku",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 14| entrypoint:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "d7e41d945fd87ea77ce0e3741279616e3b068cf3",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 60,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 60,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 58| masu-server:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 59| container_name: masu_server",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 60|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 61| working_dir: /koku",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 62| entrypoint:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "d7e41d945fd87ea77ce0e3741279616e3b068cf3",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 164,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 164,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 162| container_name: koku-worker-ocp",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 163| hostname: koku-worker-ocp",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 164|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 165| working_dir: /koku/koku",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 166| entrypoint: ['watchmedo', 'auto-restart', '--directory=./', '--pattern=*.py', '--recursive', '--', 'celery', '-A', 'koku', 'worker', '--without-gossip', '-l', 'info', '-Q', 'ocp']",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "d7e41d945fd87ea77ce0e3741279616e3b068cf3",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 219,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 219,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 217| koku-listener:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 218| container_name: koku_listener",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 219|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 220| working_dir: /koku/",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 221| entrypoint: ['python', 'koku/manage.py', 'listener']",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "d7e41d945fd87ea77ce0e3741279616e3b068cf3",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 264,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 264,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 262| sources-client:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 263| container_name: sources_client",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 264|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 265| restart: on-failure:25",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 266| working_dir: /koku/",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "d7e41d945fd87ea77ce0e3741279616e3b068cf3",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 303,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 303,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 301| container_name: priority-worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 302| hostname: priority-worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 303|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 304| working_dir: /koku/koku",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 305| entrypoint: ['watchmedo', 'auto-restart', '--directory=./', '--pattern=*.py', '--recursive', '--', 'celery', '-A', 'koku', 'worker', '--without-gossip', '-l', 'info', '-Q', 'priority']",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "d7e41d945fd87ea77ce0e3741279616e3b068cf3",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 360,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 360,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 358| container_name: download-worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 359| hostname: download-worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 360|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 361| working_dir: /koku/koku",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 362| entrypoint: ['watchmedo', 'auto-restart', '--directory=./', '--pattern=*.py', '--recursive', '--', 'celery', '-A', 'koku', 'worker', '--without-gossip', '-l', 'info', '-Q', 'download']",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "d7e41d945fd87ea77ce0e3741279616e3b068cf3",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 432,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 432,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 430| container_name: summary-worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 431| hostname: summary-worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 432|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 433| working_dir: /koku/koku",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 434| entrypoint: ['watchmedo', 'auto-restart', '--directory=./', '--pattern=*.py', '--recursive', '--', 'celery', '-A', 'koku', 'worker', '--without-gossip', '-l', 'info', '-Q', 'summary']",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "d7e41d945fd87ea77ce0e3741279616e3b068cf3",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 489,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 489,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 487| container_name: cost-model-worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 488| hostname: cost-model-worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 489|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 490| working_dir: /koku/koku",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 491| entrypoint: ['watchmedo', 'auto-restart', '--directory=./', '--pattern=*.py', '--recursive', '--', 'celery', '-A', 'koku', 'worker', '--without-gossip', '-l', 'info', '-Q', 'cost_model']",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "d7e41d945fd87ea77ce0e3741279616e3b068cf3",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 546,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 546,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 544| container_name: refresh-worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 545| hostname: refresh-worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 546|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 547| working_dir: /koku/koku",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 548| entrypoint: ['watchmedo', 'auto-restart', '--directory=./', '--pattern=*.py', '--recursive', '--', 'celery', '-A', 'koku', 'worker', '--without-gossip', '-l', 'info', '-Q', 'refresh']",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "d7e41d945fd87ea77ce0e3741279616e3b068cf3",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 603,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 603,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 601| container_name: koku_beat",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 602| hostname: koku_beat",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 603|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 604| working_dir: /koku/koku",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 605| entrypoint: ['celery', '--pidfile=/opt/celeryd.pid', '-A', 'koku', 'beat', '-l', 'info']",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "4edb63189ca64af73ae4a012fab075e0377444c0",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 5,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 5,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3| services:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 4| koku-base:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 5|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 6| build:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 7| context: ./../..",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "4edb63189ca64af73ae4a012fab075e0377444c0",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 12,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 12,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 10| koku-server:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 11| container_name: koku_server",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 12|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 13| working_dir: /koku",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 14| entrypoint:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "4edb63189ca64af73ae4a012fab075e0377444c0",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 62,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 62,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 60| masu-server:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 61| container_name: masu_server",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 62|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 63| working_dir: /koku",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 64| entrypoint:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "737fb2c7ef829fa3903d2cd023a088a4876e686c",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 159,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 159,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 157| container_name: koku_rabbit",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 158| hostname: rabbit",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 159|-> image: rabbitmq:latest",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 160| environment:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 161| - RABBITMQ_DEFAULT_USER=guest",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "4edb63189ca64af73ae4a012fab075e0377444c0",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 169,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 169,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 167| container_name: koku_worker",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 168| hostname: koku-worker-1-jljlkjfg",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 169|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 170| working_dir: /koku/koku",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 171| entrypoint: ['watchmedo', 'auto-restart', '--directory=./', '--pattern=*.py', '--recursive', '--', 'celery', '-A', 'koku', 'worker', '--without-gossip', '-l', 'info', '-Q', 'celery,download,remove_expired,reporting,process,upload,customer_data_sync,delete_archived_data,query_upload']",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "4edb63189ca64af73ae4a012fab075e0377444c0",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 231,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 231,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 229| container_name: koku_worker_2",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 230| hostname: koku-worker-2-wefwe",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 231|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 232| working_dir: /koku/koku",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 233| entrypoint: ['watchmedo', 'auto-restart', '--directory=./', '--pattern=*.py', '--recursive', '--', 'celery', '-A', 'koku', 'worker', '--without-gossip', '-l', 'info', '-Q', 'celery,download,remove_expired,reporting,process,upload,customer_data_sync,delete_archived_data,query_upload']",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "4edb63189ca64af73ae4a012fab075e0377444c0",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 292,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 292,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 290| koku-listener:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 291| container_name: koku_listener",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 292|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 293| working_dir: /koku/",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 294| entrypoint: ['python', 'koku/manage.py', 'listener']",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "4edb63189ca64af73ae4a012fab075e0377444c0",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 340,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 340,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 338| koku-listener-2:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 339| container_name: koku_listener_2",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 340|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 341| working_dir: /koku/",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 342| entrypoint: ['python', 'koku/manage.py', 'listener']",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "4edb63189ca64af73ae4a012fab075e0377444c0",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 388,
+ "event": "Sigma main event",
+ "message": "The Docker Compose file does not explicitly set `image` attribute with a specific stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which in the best case may affect application reliability and in the worst case may introduce vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 388,
+ "event": "remediation",
+ "message": "Explicitly set the `image` attribute to a specific stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 386| sources-client:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 387| container_name: sources_client",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 388|-> image: koku_base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 389| restart: on-failure:25",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 390| working_dir: /koku/",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.weak_auth_mechanism",
+ "cwe": 309,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "29a85a42847b551eb2375daa2a58299befe08c99",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 115,
+ "event": "Sigma main event",
+ "message": "The `POSTGRES_HOST_AUTH_METHOD` property is set to a weak authentication mechanism (such as `md5`, `password`, or `ident`) or omitted as the default value is `md5` when the PostgreSQL image version is prior to 14, then the connection is vulnerable to password \"sniffing\" attacks or to be compromised.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multilistener.yml",
+ "line": 115,
+ "event": "remediation",
+ "message": "Set the `POSTGRES_HOST_AUTH_METHOD` property to a stronger authentication mechanism (such as `scram-sha-256`, `gss`) based on the usage or omit it when the PostgreSQL image version is 14 or later as the default value is `scram-sha-256`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 113| image: postgres:12",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 114| environment:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 115|-> - POSTGRES_DB=${DATABASE_NAME-postgres}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 116| - POSTGRES_USER=${DATABASE_USER-postgres}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 117| - POSTGRES_PASSWORD=${DATABASE_PASSWORD-postgres}",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.weak_auth_mechanism",
+ "cwe": 309,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "74f9dad335d6a1f73a8126b3b2cccaea345f1ef2",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 115,
+ "event": "Sigma main event",
+ "message": "The `POSTGRES_HOST_AUTH_METHOD` property is set to a weak authentication mechanism (such as `md5`, `password`, or `ident`) or omitted as the default value is `md5` when the PostgreSQL image version is prior to 14, then the connection is vulnerable to password \"sniffing\" attacks or to be compromised.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker-make.yml",
+ "line": 115,
+ "event": "remediation",
+ "message": "Set the `POSTGRES_HOST_AUTH_METHOD` property to a stronger authentication mechanism (such as `scram-sha-256`, `gss`) based on the usage or omit it when the PostgreSQL image version is 14 or later as the default value is `scram-sha-256`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 113| image: postgres:12",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 114| environment:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 115|-> - POSTGRES_DB=${DATABASE_NAME-postgres}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 116| - POSTGRES_USER=${DATABASE_USER-postgres}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 117| - POSTGRES_PASSWORD=${DATABASE_PASSWORD-postgres}",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.weak_auth_mechanism",
+ "cwe": 309,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "12532a0000bf80dc6ecf69349618d14c8cc5d368",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 118,
+ "event": "Sigma main event",
+ "message": "The `POSTGRES_HOST_AUTH_METHOD` property is set to a weak authentication mechanism (such as `md5`, `password`, or `ident`) or omitted as the default value is `md5` when the PostgreSQL image version is prior to 14, then the connection is vulnerable to password \"sniffing\" attacks or to be compromised.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworker.yml",
+ "line": 118,
+ "event": "remediation",
+ "message": "Set the `POSTGRES_HOST_AUTH_METHOD` property to a stronger authentication mechanism (such as `scram-sha-256`, `gss`) based on the usage or omit it when the PostgreSQL image version is 14 or later as the default value is `scram-sha-256`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 116| image: postgres:12",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 117| environment:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 118|-> - POSTGRES_DB=${DATABASE_NAME-postgres}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 119| - POSTGRES_USER=${DATABASE_USER-postgres}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 120| - POSTGRES_PASSWORD=${DATABASE_PASSWORD-postgres}",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.weak_auth_mechanism",
+ "cwe": 309,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a11337045852946d9c2782ebb1d01569479b2914",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 114,
+ "event": "Sigma main event",
+ "message": "The `POSTGRES_HOST_AUTH_METHOD` property is set to a weak authentication mechanism (such as `md5`, `password`, or `ident`) or omitted as the default value is `md5` when the PostgreSQL image version is prior to 14, then the connection is vulnerable to password \"sniffing\" attacks or to be compromised.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/compose_files/docker-compose-multiworkerlistener.yml",
+ "line": 114,
+ "event": "remediation",
+ "message": "Set the `POSTGRES_HOST_AUTH_METHOD` property to a stronger authentication mechanism (such as `scram-sha-256`, `gss`) based on the usage or omit it when the PostgreSQL image version is 14 or later as the default value is `scram-sha-256`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 112| image: postgres:12",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 113| environment:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 114|-> - POSTGRES_DB=${DATABASE_NAME-postgres}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 115| - POSTGRES_USER=${DATABASE_USER-postgres}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 116| - POSTGRES_PASSWORD=${DATABASE_PASSWORD-postgres}",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "cwe": 571,
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "5e08187da7fd3d9e46deafcd808cf89fc4d5a5c7",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/build_deploy.sh",
+ "line": 23,
+ "column": 8,
+ "event": "warning[SC2155]",
+ "message": "Declare and assign separately to avoid masking return values.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 21| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 22| # Create tmp dir to store data in during job run (do NOT store in $WORKSPACE)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 23|-> export TMP_JOB_DIR=$(mktemp -d -p \"$HOME\" -t \"jenkins-${JOB_NAME}-${BUILD_NUMBER}-XXXXXX\")",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 24| echo \"job tmp dir location: $TMP_JOB_DIR\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 25| ",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "cwe": 571,
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "a7cba7bb88d0ee8f31df6d189a5457f071f28fac",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/ci/functions.sh",
+ "line": 92,
+ "column": 12,
+ "event": "warning[SC2155]",
+ "message": "Declare and assign separately to avoid masking return values.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 90| _install_bonfire_tools",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 91| source ${CICD_ROOT}/_common_deploy_logic.sh",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 92|-> export NAMESPACE=$(bonfire namespace reserve --duration ${RESERVATION_TIMEOUT})",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 93| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 94| oc get secret/koku-aws -o json -n ephemeral-base | jq -r '.data' > aws-creds.json",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "cwe": 457,
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "9d29d4dba0b8b3c917d1603bbe76807b6db9dc68",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/ci/functions.sh",
+ "line": 109,
+ "column": 58,
+ "event": "warning[SC2154]",
+ "message": "ghprbActualCommit is referenced but not assigned.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 107| ${APP_NAME} \\",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 108| --ref-env insights-production \\",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 109|-> --set-template-ref ${APP_NAME}/${COMPONENT_NAME}=${ghprbActualCommit} \\",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 110| --set-image-tag ${IMAGE}=${IMAGE_TAG} \\",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 111| --namespace ${NAMESPACE} \\",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "cwe": 88,
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "1614a06ea6342272da22b865144e02189480a1af",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dev/containers/postgresql/99_postgresql_conf.sh",
+ "line": 50,
+ "column": 18,
+ "event": "error[SC2068]",
+ "message": "Double quote array expansions to avoid re-splitting elements.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 48| # Parse $_PG_CREATE_DATABASES by ',' into a bash array variable -- \"dbname|owner,dbname|owner...\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 49| IFS=, read -a _databases <<<${_PG_CREATE_DATABASES}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 50|-> for _database in ${_databases[@]}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 51| do",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 52| # parse $_database by '|' into discrete variables -- \"dbname|owner\"",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "cwe": 569,
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "18b64ce2adc4f69a9aaf137de06372371cb2643d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dev/scripts/common/logging.sh",
+ "line": 17,
+ "column": 16,
+ "event": "warning[SC2124]",
+ "message": "Assigning an array to a string! Assign as array, or use * instead of @ to concatenate.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 15| log(){",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 16| local _tag_name=${1}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 17|-> local _msg=${@:2}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 18| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 19| printf \"${TS}${TIMESTAMP} ${TAG}[${_tag_name}\\t] ${_msg}\\n\"",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "cwe": 138,
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "cee9118866075fc827fc5999a53a805cb9b7acec",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dev/scripts/common/logging.sh",
+ "line": 24,
+ "column": 25,
+ "event": "error[SC2145]",
+ "message": "Argument mixes string and array. Use * or separate argument.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 22| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 23| log-info() {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 24|-> log \"INFO\" \"${INFO} $@\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 25| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 26| ",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "cwe": 138,
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "e815d251c6a058a45a1b9a09741dd395898f03a2",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dev/scripts/common/logging.sh",
+ "line": 28,
+ "column": 28,
+ "event": "error[SC2145]",
+ "message": "Argument mixes string and array. Use * or separate argument.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 26| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 27| log-warn() {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 28|-> log \"WARNING\" \"${WARN} $@\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 29| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 30| ",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "cwe": 138,
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "e38c2f9fe8410b810f95ae96cf8d469b7d9045a7",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dev/scripts/common/logging.sh",
+ "line": 32,
+ "column": 25,
+ "event": "error[SC2145]",
+ "message": "Argument mixes string and array. Use * or separate argument.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 30| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 31| log-err() {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 32|-> log \"ERROR\" \"${ERR} $@\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 33| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 34| ",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "cwe": 571,
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "5bd92c2266f239d66f57571743552fe2944c59ba",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dev/scripts/common/logging.sh",
+ "line": 36,
+ "column": 11,
+ "event": "warning[SC2155]",
+ "message": "Declare and assign separately to avoid masking return values.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 34| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 35| log-debug() {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 36|-> local _debug=$(tr '[:upper:]' '[:lower:]' <<<\"$DEBUG\")",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 37| if [[ ! -z \"${DEBUG}\" && ${_debug} == true ]];then",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 38| log \"DEBUG\" \"${TRACE} $@\"",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "cwe": 138,
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "3b745e7599743a7c631fcb7babe7153c3b67f8b7",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dev/scripts/common/logging.sh",
+ "line": 38,
+ "column": 31,
+ "event": "error[SC2145]",
+ "message": "Argument mixes string and array. Use * or separate argument.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 36| local _debug=$(tr '[:upper:]' '[:lower:]' <<<\"$DEBUG\")",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 37| if [[ ! -z \"${DEBUG}\" && ${_debug} == true ]];then",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 38|-> log \"DEBUG\" \"${TRACE} $@\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 39| fi",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 40| }",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "cwe": 563,
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "af62b8b2cbd13667db26281412c0f4ed9cca9dac",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dev/scripts/e2e-deploy.sh",
+ "line": 114,
+ "column": 10,
+ "event": "warning[SC2034]",
+ "message": "JUNK appears unused. Verify use (or export if used externally).",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 112| ************************",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 113| EOF",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 114|-> read JUNK",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 115| fi",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 116| ",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "77fc5241b98a3d47fe86d2486ce0d0001ff79c8b",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dev/scripts/genssc",
+ "line": 15,
+ "column": 4,
+ "event": "warning[SC3010]",
+ "message": "In POSIX sh, [[ ]] is undefined.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 13| fi",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 14| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 15|-> if [[ -z \"${KOKU_PATH}\" ]]",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 16| then",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 17| echo \"ERROR: Environment variable KOKU_PATH must be set\" >&2",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "7c89f4a3abe73494f190cb39cd92ca40a8c512f2",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dev/scripts/genssc",
+ "line": 27,
+ "column": 1,
+ "event": "warning[SC3010]",
+ "message": "In POSIX sh, [[ ]] is undefined.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 25| CSR_FILE=\"${KEY_DIR}\"/koku.csr",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 26| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 27|-> [[ ! -d \"${KEY_DIR}\" ]] && mkdir -p \"${KEY_DIR}\" || true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 28| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 29| sudo rm -rf \"${CERT_FILE}\" \"${KEY_FILE}\" \"${CSR_FILE}\"",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "99de7e8b67b9def8a4566e76dc4858f008b15655",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dev/scripts/genssc",
+ "line": 36,
+ "column": 4,
+ "event": "warning[SC3010]",
+ "message": "In POSIX sh, [[ ]] is undefined.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 34| RC=$?",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 35| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 36|-> if [[ ${RC} -ne 0 ]]",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 37| then",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 38| echo \"Self-Signed Certificate creation failed!\" >&2",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "2f50ff50fba28268904f4cd0dd1cba4c87642aae",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/run_server.sh",
+ "line": 4,
+ "column": 4,
+ "event": "warning[SC3010]",
+ "message": "In POSIX sh, [[ ]] is undefined.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2| sleep 5",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3| python koku/manage.py migrate_schemas",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 4|-> if [[ -z \"$RUN_GUNICORN\" ]]; then",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 5| DJANGO_READ_DOT_ENV_FILE=True python koku/manage.py runserver 0.0.0.0:8000",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 6| else",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "cwe": 88,
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "085b0ce1498fca92db21fca4ce175d5660b513b5",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/scripts/run_migrations.sh",
+ "line": 147,
+ "column": 16,
+ "event": "error[SC2068]",
+ "message": "Double quote array expansions to avoid re-splitting elements.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 145| fi",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 146| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 147|-> for _op in ${_MIG_OPS[@]}; do",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 148| if [[ ${_op} != \"${_NOOP}\" ]]; then",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 149| _app=${_op%%:*}",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "cwe": 88,
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "84d469899ebb84433f4ebebfef15a13a5f46b92d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/scripts/run_migrations.sh",
+ "line": 174,
+ "column": 11,
+ "event": "error[SC2068]",
+ "message": "Double quote array expansions to avoid re-splitting elements.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 172| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 173| # Check to see if any CLI args will override the env var",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 174|-> arg_check $@",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 175| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 176| # Check to see if bash is compatible",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "cwe": 563,
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "41264ab9820ae6a27c6487fea790eeba0ddc840e",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/smoke_test.sh",
+ "line": 7,
+ "column": 1,
+ "event": "warning[SC2034]",
+ "message": "COMPONENTS appears unused. Verify use (or export if used externally).",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 5| APP_NAME=\"hccm\" # name of app-sre \"application\" folder this component lives in",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 6| COMPONENT_NAME=\"koku\" # name of app-sre \"resourceTemplate\" in deploy.yaml for this component",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 7|-> COMPONENTS=\"hive-metastore koku trino\" # specific components to deploy (optional, default: all)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 8| COMPONENTS_W_RESOURCES=\"hive-metastore koku trino\" # components which should preserve resource settings (optional, default: none)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 9| IQE_PLUGINS=\"cost_management\"",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "cwe": 563,
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "758c6ec52c56debc82ba4314107d626e6ea9b093",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/smoke_test.sh",
+ "line": 8,
+ "column": 1,
+ "event": "warning[SC2034]",
+ "message": "COMPONENTS_W_RESOURCES appears unused. Verify use (or export if used externally).",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 6| COMPONENT_NAME=\"koku\" # name of app-sre \"resourceTemplate\" in deploy.yaml for this component",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 7| COMPONENTS=\"hive-metastore koku trino\" # specific components to deploy (optional, default: all)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 8|-> COMPONENTS_W_RESOURCES=\"hive-metastore koku trino\" # components which should preserve resource settings (optional, default: none)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 9| IQE_PLUGINS=\"cost_management\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 10| IQE_MARKER_EXPRESSION=\"cost_smoke\"",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "cwe": 563,
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "2d627380f50ce60a5a1c9041d7214c1bf3392fe1",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/smoke_test.sh",
+ "line": 9,
+ "column": 1,
+ "event": "warning[SC2034]",
+ "message": "IQE_PLUGINS appears unused. Verify use (or export if used externally).",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 7| COMPONENTS=\"hive-metastore koku trino\" # specific components to deploy (optional, default: all)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 8| COMPONENTS_W_RESOURCES=\"hive-metastore koku trino\" # components which should preserve resource settings (optional, default: none)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 9|-> IQE_PLUGINS=\"cost_management\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 10| IQE_MARKER_EXPRESSION=\"cost_smoke\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 11| IQE_FILTER_EXPRESSION=\"\"",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "cwe": 563,
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "1ae31636a8d008b196c0e2a67c12746a5ca9cd58",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/smoke_test.sh",
+ "line": 10,
+ "column": 1,
+ "event": "warning[SC2034]",
+ "message": "IQE_MARKER_EXPRESSION appears unused. Verify use (or export if used externally).",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 8| COMPONENTS_W_RESOURCES=\"hive-metastore koku trino\" # components which should preserve resource settings (optional, default: none)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 9| IQE_PLUGINS=\"cost_management\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 10|-> IQE_MARKER_EXPRESSION=\"cost_smoke\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 11| IQE_FILTER_EXPRESSION=\"\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 12| IQE_CJI_TIMEOUT=\"5h\"",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "cwe": 563,
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "8acf90a9b61a32e3a3df8e69170ca31697b1c4fc",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/smoke_test.sh",
+ "line": 11,
+ "column": 1,
+ "event": "warning[SC2034]",
+ "message": "IQE_FILTER_EXPRESSION appears unused. Verify use (or export if used externally).",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 9| IQE_PLUGINS=\"cost_management\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 10| IQE_MARKER_EXPRESSION=\"cost_smoke\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 11|-> IQE_FILTER_EXPRESSION=\"\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 12| IQE_CJI_TIMEOUT=\"5h\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 13| IQE_ENV_VARS=\"JOB_NAME=${JOB_NAME},BUILD_NUMBER=${BUILD_NUMBER}\"",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "cwe": 563,
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "4c4c4bfebaaccc0b5c266e213c3d0ec6c5199b1e",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/smoke_test.sh",
+ "line": 12,
+ "column": 1,
+ "event": "warning[SC2034]",
+ "message": "IQE_CJI_TIMEOUT appears unused. Verify use (or export if used externally).",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 10| IQE_MARKER_EXPRESSION=\"cost_smoke\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 11| IQE_FILTER_EXPRESSION=\"\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 12|-> IQE_CJI_TIMEOUT=\"5h\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 13| IQE_ENV_VARS=\"JOB_NAME=${JOB_NAME},BUILD_NUMBER=${BUILD_NUMBER}\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 14| ",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "cwe": 563,
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "4af60bb6ada6d2dd276933816ac682a520606d49",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/smoke_test.sh",
+ "line": 13,
+ "column": 1,
+ "event": "warning[SC2034]",
+ "message": "IQE_ENV_VARS appears unused. Verify use (or export if used externally).",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 11| IQE_FILTER_EXPRESSION=\"\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 12| IQE_CJI_TIMEOUT=\"5h\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 13|-> IQE_ENV_VARS=\"JOB_NAME=${JOB_NAME},BUILD_NUMBER=${BUILD_NUMBER}\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 14| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 15| # Get bonfire helper scripts",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "cwe": 571,
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "5959e3a3444f7f3ff88be677eb4c919ee0c9418d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/smoke_test.sh",
+ "line": 25,
+ "column": 8,
+ "event": "warning[SC2155]",
+ "message": "Declare and assign separately to avoid masking return values.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 23| set -x",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 24| export BONFIRE_NS_REQUESTER=\"${JOB_NAME}-${BUILD_NUMBER}\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 25|-> export NAMESPACE=$(bonfire namespace reserve --duration 6h)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 26| SMOKE_NAMESPACE=$NAMESPACE",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 27| ",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "cwe": 563,
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "0f029c34cf4a16db914e450cf5d5f140a065ec14",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/smoke_test.sh",
+ "line": 26,
+ "column": 1,
+ "event": "warning[SC2034]",
+ "message": "SMOKE_NAMESPACE appears unused. Verify use (or export if used externally).",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 24| export BONFIRE_NS_REQUESTER=\"${JOB_NAME}-${BUILD_NUMBER}\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 25| export NAMESPACE=$(bonfire namespace reserve --duration 6h)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 26|-> SMOKE_NAMESPACE=$NAMESPACE",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 27| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 28| oc get secret/koku-aws -o json -n ephemeral-base | jq -r '.data' > aws-creds.json",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "cwe": 563,
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "7d2a300807c72086f4633e7362afa9c4c0c6a92f",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/smoke_test.sh",
+ "line": 37,
+ "column": 1,
+ "event": "warning[SC2034]",
+ "message": "IQE_IBUTSU_SOURCE appears unused. Verify use (or export if used externally).",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 35| OCI_CONFIG_EPH=$(jq -r '.\"oci-config\"' < oci-creds.json)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 36| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 37|-> IQE_IBUTSU_SOURCE=\"cost-ephemeral-${IMAGE_TAG}\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 38| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 39| bonfire deploy \\",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "cwe": 569,
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "47675b594485337185dd946596d70e17acdb065e",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/run_local_hccm.sh",
+ "line": 2,
+ "column": 9,
+ "event": "warning[SC2124]",
+ "message": "Assigning an array to a string! Assign as array, or use * instead of @ to concatenate.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1| #!/bin/bash",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2|-> COMMAND=$@",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3| if [ -z \"$COMMAND\" ]",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 4| then",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "cwe": 569,
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "40027ae2e188344c7a2d4a3d9a85fed0e81107df",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/run_test.sh",
+ "line": 2,
+ "column": 9,
+ "event": "warning[SC2124]",
+ "message": "Assigning an array to a string! Assign as array, or use * instead of @ to concatenate.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1| #!/bin/bash",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2|-> COMMAND=$@",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3| SCRIPTPATH=\"$( cd \"$(dirname \"$0\")\" ; pwd -P )\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 4| IMAGE=\"docker-registry.upshift.redhat.com/insights-qe/iqe-tests\"",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "cwe": 156,
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "4d122551cf59b447f255d51ce20efc21a88c5363",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/testing/run_test.sh",
+ "line": 18,
+ "column": 10,
+ "event": "warning[SC2046]",
+ "message": "Quote this to prevent word splitting.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 16| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 17| if [ \"x$E2E_REPO\" != \"x\" ]; then",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 18|-> if [ $(stat -c %a $HOME/.kube/config) != \"660\" ]; then",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 19| # kubeconfig needs to be readable inside the iqe container for the oc command to work.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 20| chmod 660 $HOME/.kube/config",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 89,
+ "tool": "snyk-code",
+ "hash_v1": "eae1cb526d2e25693df09cf4cdd93f5666fef32e",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/api/db_performance/dbp_views.py",
+ "line": 483,
+ "column": 24,
+ "h_size": 15,
+ "event": "error[python/Sqli]",
+ "message": "Unsanitized input from the HTTP request body flows into execute, where it is used in an SQL query. This may result in an SQL Injection vulnerability.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 481| with DBPerformanceStats(get_identity_username(request), CONFIGURATOR) as dbp:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 482| try:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 483|-> data = dbp.explain_sql(query_params[\"sql_statement\"])",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 484| except ProgrammingError as e:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 485| data = {\"query_plan\": f\"{type(e).__name__}: {str(e)}\"}",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 89,
+ "tool": "snyk-code",
+ "hash_v1": "8ea2907fa4d31e1f55a399bc22cf8fd0734f2258",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/api/trino.py",
+ "line": 56,
+ "column": 13,
+ "h_size": 11,
+ "event": "error[python/Sqli]",
+ "message": "Unsanitized input from the HTTP request body flows into execute, where it is used in an SQL query. This may result in an SQL Injection vulnerability.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 54| ) as conn:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 55| cur = conn.cursor()",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 56|-> cur.execute(query)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 57| cols = [des[0] for des in cur.description]",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 58| rows = cur.fetchall()",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 89,
+ "tool": "snyk-code",
+ "hash_v1": "f75560dcd652ef38ca98fac0abfe88acd53ee08b",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/processor/tasks.py",
+ "line": 1082,
+ "column": 21,
+ "h_size": 14,
+ "event": "warning[python/Sqli]",
+ "message": "Unsanitized input from an environment variable flows into execute, where it is used in an SQL query. This may result in an SQL Injection vulnerability.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1080| if scale_factor != zero:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1081| alter_count += 1",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1082|-> cursor.execute(sql, value)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1083| LOG.info(sql_log)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1084| LOG.info(cursor.statusmessage)",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 89,
+ "tool": "snyk-code",
+ "hash_v1": "e410f7418818374429acf69ad0f4eebfc812041a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/management/commands/migrate_trino_tables.py",
+ "line": 176,
+ "column": 17,
+ "h_size": 27,
+ "event": "warning[python/Sqli]",
+ "message": "Unsanitized input from a database flows into run_trino_sql, where it is used in an SQL query. This may result in an SQL Injection vulnerability.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 174| if partitions_to_drop:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 175| LOG.info(f\"*** dropping partition from tables for schema {schema} ***\")",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 176|-> drop_partitions_from_tables(partitions_to_drop, schema)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 177| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 178| ",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 89,
+ "tool": "snyk-code",
+ "hash_v1": "7ca1fb6a6c055a08477f0a8a92a0266d20d95a1e",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/management/commands/migrate_trino_tables.py",
+ "line": 259,
+ "column": 26,
+ "h_size": 13,
+ "event": "warning[python/Sqli]",
+ "message": "Unsanitized input from a database flows into run_trino_sql, where it is used in an SQL query. This may result in an SQL Injection vulnerability.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 257| for i in range(0, partition_count, limit):",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 258| sql = f\"SELECT DISTINCT {part.partition_column} FROM {part.table} OFFSET {i} LIMIT {limit}\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 259|-> result = run_trino_sql(sql, schema)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 260| partitions = [res[0] for res in result]",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 261| ",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 89,
+ "tool": "snyk-code",
+ "hash_v1": "7ca1fb6a6c055a08477f0a8a92a0266d20d95a1e",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/management/commands/migrate_trino_tables.py",
+ "line": 265,
+ "column": 30,
+ "h_size": 13,
+ "event": "warning[python/Sqli]",
+ "message": "Unsanitized input from a database flows into run_trino_sql, where it is used in an SQL query. This may result in an SQL Injection vulnerability.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 263| LOG.info(f\"*** Deleting {part.table} partition {part.partition_column} = {partition} ***\")",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 264| sql = f\"DELETE FROM {part.table} WHERE {part.partition_column} = '{partition}'\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 265|-> result = run_trino_sql(sql, schema)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 266| LOG.info(f\"DELETE PARTITION result: {result}\")",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 267| except Exception as e:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 89,
+ "tool": "snyk-code",
+ "hash_v1": "2d8b44d1e7c9d3cc0cf8f1962ac1f928cf7b719e",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/koku/pg_partition.py",
+ "line": 62,
+ "column": 9,
+ "h_size": 14,
+ "event": "warning[python/Sqli]",
+ "message": "Unsanitized input from a database flows into execute, where it is used in an SQL query. This may result in an SQL Injection vulnerability.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 60| LOG.debug(f\"SQL: {cursor.mogrify(sql, params).decode('utf-8')}\")",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 61| # print(cursor.mogrify(sql, params).decode('utf-8') + '\\n', file=SQLFILE, flush=True)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 62|-> cursor.execute(sql, params)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 63| return cursor",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 64| else:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 89,
+ "tool": "snyk-code",
+ "hash_v1": "3036b46c10f4a9cb862bd7e901ad6c38183431fe",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/koku/pg_partition.py",
+ "line": 1044,
+ "column": 17,
+ "h_size": 12,
+ "event": "warning[python/Sqli]",
+ "message": "Unsanitized input from a database flows into execute, where it is used in an SQL query. This may result in an SQL Injection vulnerability.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1042| else:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1043| LOG.info(f\"Applying constraint {cdef.constraint_name}\")",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1044|-> conn_execute(cdef.alter_add_constraint())",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1045| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1046| def __create_indexes(self):",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 89,
+ "tool": "snyk-code",
+ "hash_v1": "d7b7de0b2e9c75408d197875155866ab655b8510",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/koku/pg_partition.py",
+ "line": 1053,
+ "column": 17,
+ "h_size": 12,
+ "event": "warning[python/Sqli]",
+ "message": "Unsanitized input from a database flows into execute, where it is used in an SQL query. This may result in an SQL Injection vulnerability.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1051| else:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1052| LOG.info(f\"Applying index definition for {idef.index_name}\")",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1053|-> conn_execute(idef.create())",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1054| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1055| def __get_partition_start_values(self, params):",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 89,
+ "tool": "snyk-code",
+ "hash_v1": "a617a8a268674f3760babb96ca9e2f1de71bfc2a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/koku/pg_partition.py",
+ "line": 1181,
+ "column": 13,
+ "h_size": 12,
+ "event": "warning[python/Sqli]",
+ "message": "Unsanitized input from a database flows into execute, where it is used in an SQL query. This may result in an SQL Injection vulnerability.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1179| partition_name = f\"{self.partitioned_table_name}_{newpart.strftime('%Y_%m')}\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1180| LOG.info(f\"Creating partition {self.target_schema}.{partition_name}\")",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1181|-> conn_execute(sqltmpl.format(table_partition=partition_name), params)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1182| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1183| params = (",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 89,
+ "tool": "snyk-code",
+ "hash_v1": "5f7d81c6954f8b80f9a0b00f49c19921a9d36b8f",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/koku/pg_partition.py",
+ "line": 1289,
+ "column": 13,
+ "h_size": 12,
+ "event": "warning[python/Sqli]",
+ "message": "Unsanitized input from a database flows into execute, where it is used in an SQL query. This may result in an SQL Injection vulnerability.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1287| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1288| LOG.debug(f\"SQL = {sql} PARAMS = {params}\")",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1289|-> conn_execute(sql, params)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1290| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1291| self.partitioned_table_name = self.source_table_name",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 89,
+ "tool": "snyk-code",
+ "hash_v1": "ace0d83896d9c03e9b9007c74efac44dcc273c57",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/koku/pg_partition.py",
+ "line": 1354,
+ "column": 13,
+ "h_size": 12,
+ "event": "warning[python/Sqli]",
+ "message": "Unsanitized input from a database flows into execute, where it is used in an SQL query. This may result in an SQL Injection vulnerability.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1352| LOG.info(\"Executing batch rename commands\")",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1353| for sql in sql_actions:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1354|-> conn_execute(sql)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1355| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1356| LOG.info(\"Executing update command\")",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 89,
+ "tool": "snyk-code",
+ "hash_v1": "e176ba6597d617acc06cee9f3cc25b10b3f4a098",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/koku/pg_partition.py",
+ "line": 1365,
+ "column": 13,
+ "h_size": 12,
+ "event": "warning[python/Sqli]",
+ "message": "Unsanitized input from a database flows into execute, where it is used in an SQL query. This may result in an SQL Injection vulnerability.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1363| LOG.info(\"Creating any views\")",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1364| for vdef in self.view_iter(self.VIEW_CREATE_ORDER):",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1365|-> conn_execute(vdef.create())",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1366| if vdef.indexes:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1367| LOG.info(\"Creating view indexes\")",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 89,
+ "tool": "snyk-code",
+ "hash_v1": "64a06df892626f1722fe5342dde1a70f839b8b30",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/koku/pg_partition.py",
+ "line": 1369,
+ "column": 21,
+ "h_size": 12,
+ "event": "warning[python/Sqli]",
+ "message": "Unsanitized input from a database flows into execute, where it is used in an SQL query. This may result in an SQL Injection vulnerability.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1367| LOG.info(\"Creating view indexes\")",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1368| for view_ix in vdef.indexes:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1369|-> conn_execute(view_ix.create())",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1370| conn_execute(vdef.alter_owner())",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1371| ",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 89,
+ "tool": "snyk-code",
+ "hash_v1": "b723eaf9e7edd2718ecab1b637369d0dd0f60992",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/koku/pg_partition.py",
+ "line": 1370,
+ "column": 13,
+ "h_size": 12,
+ "event": "warning[python/Sqli]",
+ "message": "Unsanitized input from a database flows into execute, where it is used in an SQL query. This may result in an SQL Injection vulnerability.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1368| for view_ix in vdef.indexes:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1369| conn_execute(view_ix.create())",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1370|-> conn_execute(vdef.alter_owner())",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1371| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1372| def __refresh_views(self):",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 89,
+ "tool": "snyk-code",
+ "hash_v1": "9b650c9120307f656f0758d67b10fd0f3dc7dccc",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/koku/pg_partition.py",
+ "line": 1628,
+ "column": 21,
+ "h_size": 12,
+ "event": "warning[python/Sqli]",
+ "message": "Unsanitized input from a database flows into execute, where it is used in an SQL query. This may result in an SQL Injection vulnerability.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1626| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1627| # Move data into new partition",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1628|-> conn_execute(mv_recs_sql.format(full_partition_name), (p_from, p_to), _conn=self.conn)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1629| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1630| # Re-attach partition with actual bounds",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 89,
+ "tool": "snyk-code",
+ "hash_v1": "b6eaf566f6d362e10546c38fcf2f89ee3b33b03f",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/koku/pg_partition.py",
+ "line": 1747,
+ "column": 9,
+ "h_size": 11,
+ "event": "warning[python/Sqli]",
+ "message": "Unsanitized input from a database flows into execute, where it is used in an SQL query. This may result in an SQL Injection vulnerability.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1745| \"\"\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1746| with transaction.get_connection().cursor() as cur:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1747|-> cur.execute(chk_sql)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1748| res = cur.fetchone()",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1749| ",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 89,
+ "tool": "snyk-code",
+ "hash_v1": "272b53e44497a39248879ce1597af16963a44d44",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/koku/pg_partition.py",
+ "line": 1798,
+ "column": 9,
+ "h_size": 11,
+ "event": "warning[python/Sqli]",
+ "message": "Unsanitized input from a database flows into execute, where it is used in an SQL query. This may result in an SQL Injection vulnerability.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1796| with transaction.get_connection().cursor() as cur:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1797| LOG.info(f\"Copy data from {source_partition.table_name} to {target_partition.table_name} where {conditions}\")",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1798|-> cur.execute(mv_sql)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1799| cp_recs = cur.rowcount",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1800| LOG.info(f\"Copied {cp_recs} records\")",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 89,
+ "tool": "snyk-code",
+ "hash_v1": "72cc8e73ba2a1aa7bf15aa5a00384cb6a13de490",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/koku/pg_partition.py",
+ "line": 1802,
+ "column": 9,
+ "h_size": 11,
+ "event": "warning[python/Sqli]",
+ "message": "Unsanitized input from a database flows into execute, where it is used in an SQL query. This may result in an SQL Injection vulnerability.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1800| LOG.info(f\"Copied {cp_recs} records\")",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1801| LOG.info(f\"Delete data from {source_partition.table_name} where {conditions}\")",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1802|-> cur.execute(dl_sql)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1803| dl_recs = cur.rowcount",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1804| LOG.info(f\"Deleted {dl_recs} records\")",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 89,
+ "tool": "snyk-code",
+ "hash_v1": "4e2bd1169fa0ec93dbb574244e11efd6da6a3ab9",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/koku/pg_partition.py",
+ "line": 1923,
+ "column": 40,
+ "h_size": 23,
+ "event": "warning[python/Sqli]",
+ "message": "Unsanitized input from a database flows into execute, where it is used in an SQL query. This may result in an SQL Injection vulnerability.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1921| newpart_vals[\"partition_parameters\"][\"to\"] = str(needed_partition + month_interval)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1922| # Successfully creating a new record will also create the partition",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1923|-> newpart, created = get_or_create_partition(newpart_vals, _default_partition=default_part)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1924| LOG.debug(f\"partition = {newpart}\")",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1925| LOG.debug(f\"created = {created}\")",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 89,
+ "tool": "snyk-code",
+ "hash_v1": "54902828ee7b6550f1d22e66a6f4c8921937bc4a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/management/commands/migrate_trino_tables.py",
+ "line": 199,
+ "column": 17,
+ "h_size": 11,
+ "event": "warning[python/Sqli]",
+ "message": "Unsanitized input from a database flows into execute, where it is used in an SQL query. This may result in an SQL Injection vulnerability.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 197| with trino_db.connect(schema=schema) as conn:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 198| cur = conn.cursor()",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 199|-> cur.execute(sql)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 200| return cur.fetchall()",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 201| except TrinoExternalError as err:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 89,
+ "tool": "snyk-code",
+ "hash_v1": "2cc29f7b05d31f59e9a6b1d75045e41fa719b1d5",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/management/commands/migrate_serial_to_identity_columns.py",
+ "line": 162,
+ "column": 13,
+ "h_size": 14,
+ "event": "warning[python/Sqli]",
+ "message": "Unsanitized input from a database flows into execute, where it is used in an SQL query. This may result in an SQL Injection vulnerability.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 160| cursor.execute(query)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 161| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 162|-> cursor.execute(f\"DROP SEQUENCE {sequence_name}\")",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 163| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 164| # Change column to identity",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 89,
+ "tool": "snyk-code",
+ "hash_v1": "f0b13bf8384a1ebee78c889f58f54b672a73d030",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/migrations/0047_update_django_migration_sequences.py",
+ "line": 49,
+ "column": 13,
+ "h_size": 11,
+ "event": "warning[python/Sqli]",
+ "message": "Unsanitized input from a database flows into execute, where it is used in an SQL query. This may result in an SQL Injection vulnerability.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 47| for rec in res:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 48| LOG.info(f\"Getting max pk value from the {rec['namesp']} {rec['tabname']} table...\")",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 49|-> cur.execute(max_pk_val.format(rec[\"namesp\"], rec[\"tabname\"]))",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 50| new_sequence_val = (cur.fetchone() or [1])[0]",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 51| ",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 798,
+ "tool": "snyk-code",
+ "hash_v1": "5b30ecca13f14ca06f1aed57ec814c164a64b88b",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/test/test_sources_http_client.py",
+ "line": 414,
+ "column": 45,
+ "h_size": 31,
+ "event": "note[python/NoHardcodedPasswords/test]",
+ "message": "Do not hardcode passwords in code. Found hardcoded password used in a dictionary key.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 412| ),",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 413| \"status\": 200,",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 414|-> \"json\": {\"authtype\": \"arn\", \"password\": self.authentication},",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 415| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 416| ]",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 916,
+ "tool": "snyk-code",
+ "hash_v1": "b10c8945d4ec87f97be622b5b351a72da78ac54e",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/test/external/downloader/ibm/test_ibm_report_downloader.py",
+ "line": 35,
+ "column": 21,
+ "h_size": 9,
+ "event": "note[python/InsecureHash/test]",
+ "message": "sha1 is insecure. Consider changing it to a secure hashing algorithm.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 33| @patch(\"masu.external.downloader.ibm.ibm_report_downloader.get_sdk_headers\")",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 34| def test_page_downloader_factory_no_more_pages(self, get_sdk_headers, base_service_mock):",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 35|-> iam_token = FAKE.sha1()",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 36| enterprise_id = FAKE.uuid4()",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 37| credentials = dict(iam_token=iam_token)",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 916,
+ "tool": "snyk-code",
+ "hash_v1": "b10c8945d4ec87f97be622b5b351a72da78ac54e",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/test/external/downloader/ibm/test_ibm_report_downloader.py",
+ "line": 54,
+ "column": 21,
+ "h_size": 9,
+ "event": "note[python/InsecureHash/test]",
+ "message": "sha1 is insecure. Consider changing it to a secure hashing algorithm.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 52| @patch(\"masu.external.downloader.ibm.ibm_report_downloader.get_sdk_headers\")",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 53| def test_page_downloader_factory_success(self, get_sdk_headers, base_service_mock):",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 54|-> iam_token = FAKE.sha1()",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 55| enterprise_id = FAKE.uuid4()",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 56| credentials = dict(iam_token=iam_token)",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 916,
+ "tool": "snyk-code",
+ "hash_v1": "1d15fc2de7ad150cbafbaaf8fdc752412b558c79",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/test/external/downloader/ibm/test_ibm_report_downloader.py",
+ "line": 137,
+ "column": 13,
+ "h_size": 9,
+ "event": "note[python/InsecureHash/test]",
+ "message": "sha1 is insecure. Consider changing it to a secure hashing algorithm.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 135| full_local_file = f\"{FAKE.file_path()}/{filename}\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 136| archives = create_daily_archives(",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 137|-> FAKE.sha1(), FAKE.name(), FAKE.uuid4(), filename, full_local_file, 2, dh.this_month_start, {}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 138| )",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 139| self.assertEqual(len(archives), 1)",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 916,
+ "tool": "snyk-code",
+ "hash_v1": "815c505d29510a6d91bc53fbeeabd1be70a9ec46",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/test/external/downloader/ibm/test_ibm_report_downloader.py",
+ "line": 162,
+ "column": 40,
+ "h_size": 9,
+ "event": "note[python/InsecureHash/test]",
+ "message": "sha1 is insecure. Consider changing it to a secure hashing algorithm.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 160| data_source=dict(enterprise_id=FAKE.uuid4()),",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 161| provider_uuid=FAKE.uuid4(),",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 162|-> credentials=dict(iam_token=FAKE.sha1()),",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 163| )",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 164| ",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 79,
+ "tool": "snyk-code",
+ "hash_v1": "4b5f78e75070fa1ddd7025c935d16dc59abd6163",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/api/db_performance/dbp_views.py",
+ "line": 138,
+ "column": 12,
+ "h_size": 13,
+ "event": "warning[python/Jinja2AutoEscapeFalse]",
+ "message": "jinja2.Template is called with no autoescape argument (autoescaping is disabled by default). This increases the risk of Cross-Site Scripting (XSS) attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 136| ):",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 137| menu = get_menu(url_name)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 138|-> tmpl = JinjaTemplate(open(os.path.join(TEMPLATE_PATH, template)).read())",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 139| return tmpl.render(",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 140| db_performance_menu=menu,",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 918,
+ "tool": "snyk-code",
+ "hash_v1": "25f829d4092f7def95bff2528001455a914f8b07",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/api/ingest_ocp_payload.py",
+ "line": 78,
+ "column": 12,
+ "h_size": 12,
+ "event": "warning[python/Ssrf]",
+ "message": "Unsanitized input from an uploaded file flows into requests.put, where it is used as an URL to perform a request. This may result in a Server Side Request Forgery vulnerability.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 76| def upload_file_to_s3(signature, data): # pragma: no cover",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 77| \"\"\"Upload file to s3.\"\"\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 78|-> return requests.put(signature, data=data)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 79| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 80| ",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 918,
+ "tool": "snyk-code",
+ "hash_v1": "22dfec64c0c97335e3d4faca57fd38c342e430f8",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/api/ingest_ocp_payload.py",
+ "line": 104,
+ "column": 19,
+ "h_size": 17,
+ "event": "warning[python/Ssrf]",
+ "message": "Unsanitized input from an uploaded file flows into requests.put, where it is used as an URL to perform a request. This may result in a Server Side Request Forgery vulnerability.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 102| response_data[\"payload-name\"].append(payload_name)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 103| s3_signature = get_s3_signature(settings.S3_ENDPOINT, payload_name, method=\"put_object\")",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 104|-> res = upload_file_to_s3(s3_signature, data=file.file)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 105| if res.status_code == HTTPStatus.OK:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 106| response_data[\"upload\"] = \"success\"",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 918,
+ "tool": "snyk-code",
+ "hash_v1": "f05a7c7eddf177d772008f1f1c3a79e8b7d8e083",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/api/trino.py",
+ "line": 82,
+ "column": 24,
+ "h_size": 12,
+ "event": "warning[python/Ssrf]",
+ "message": "Unsanitized input from an HTTP parameter flows into requests.get, where it is used as an URL to perform a request. This may result in a Server Side Request Forgery vulnerability.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 80| api_str = f\"http://{settings.TRINO_HOST}:{settings.TRINO_PORT}/ui/api/{api_service}\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 81| LOG.info(f\"Running Trino UI API service for endpoint: {api_str}\")",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 82|-> response = requests.get(api_str)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 83| return Response({\"api_service_name\": api_service, \"trino_response\": response.json()})",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 84| errmsg = \"Must provide a valid parameter and trino-ui api service.\"",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 916,
+ "tool": "snyk-code",
+ "hash_v1": "758514670441ad8dc3e4fcae03f05e2fef9d50b4",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/util/ibm/common.py",
+ "line": 11,
+ "column": 12,
+ "h_size": 42,
+ "event": "note[python/InsecureHash]",
+ "message": "hashlib.md5 is insecure. Consider changing it to a secure hashing algorithm.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 9| def generate_etag(param):",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 10| \"\"\"Generate etag for IBM Cloud report.\"\"\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 11|-> return hashlib.md5(str(param).encode()).hexdigest()",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 12| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 13| ",
+ "verbosity_level": 1
+ }
+ ]
+ }
+ ]
+}
diff --git a/tests/csfilter-kfp/0001-stdout.txt b/tests/csfilter-kfp/0001-stdout.txt
new file mode 100644
index 00000000..1a3d6c3e
--- /dev/null
+++ b/tests/csfilter-kfp/0001-stdout.txt
@@ -0,0 +1,13522 @@
+{
+ "scan": {
+ "analyzer-version-clang": "18.1.4",
+ "analyzer-version-coverity": "2023.12.0",
+ "analyzer-version-cppcheck": "2.9",
+ "analyzer-version-gcc": "14.1.1",
+ "analyzer-version-gcc-analyzer": "14.1.1",
+ "analyzer-version-shellcheck": "0.10.0",
+ "analyzer-version-snyk-code": "1.1233.0",
+ "analyzer-version-unicontrol": "0.0.2",
+ "cov-compilation-unit-count": 672,
+ "cov-compilation-unit-ratio": 100,
+ "cov-lines-processed": 119962,
+ "cov-time-elapsed-analysis": "00:01:01",
+ "enabled-plugins": "clang, coverity, cppcheck, gcc, shellcheck, snyk, unicontrol",
+ "exit-code": 0,
+ "host": "osh-worker-001.osh-001.prod.iad2.dc.redhat.com",
+ "known-false-positives": "/usr/share/csmock/known-false-positives.js",
+ "known-false-positives-dir": "/home/kdudka/git/csdiff/tests/csfilter-kfp/0001-kfp",
+ "known-false-positives-rpm": "known-false-positives-2.1.0.20240515.103302.g38b39b1-1.el9.noarch",
+ "mock-config": "fedora-rawhide-x86_64",
+ "project-name": "project-koku-koku-cbe5e5c3355c1e140aa1cca7377aebe09d8d8466",
+ "snyk-scanned-files-coverage": 100,
+ "snyk-scanned-files-success": 946,
+ "snyk-scanned-files-total": 946,
+ "store-results-to": "/tmp/tmp96vqv_hc/project-koku-koku-cbe5e5c3355c1e140aa1cca7377aebe09d8d8466.tar.xz",
+ "time-created": "2024-05-16 13:35:39",
+ "time-finished": "2024-05-16 13:39:12",
+ "tool": "csmock",
+ "tool-args": "'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'coverity,gcc,shellcheck,unicontrol,cppcheck,snyk,clang' '-o' '/tmp/tmp96vqv_hc/project-koku-koku-cbe5e5c3355c1e140aa1cca7377aebe09d8d8466.tar.xz' '--keep-going' '--use-host-cppcheck' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--shell-cmd=:' '/tmp/tmp96vqv_hc/project-koku-koku-cbe5e5c3355c1e140aa1cca7377aebe09d8d8466.tar.gz'",
+ "tool-version": "csmock-3.5.3.20240429.105215.geea8e1b.internal-1.el9"
+ },
+ "defects": [
+ {
+ "checker": "FORWARD_NULL",
+ "cwe": 476,
+ "function": "remove",
+ "language": "python",
+ "tool": "coverity",
+ "hash_v1": "b9a6d3c35953a1f45554d436d40fa5ae4b797de7",
+ "key_event_idx": 11,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/provider/provider_manager.py",
+ "line": 356,
+ "column": 9,
+ "event": "path",
+ "message": "Condition \"current_user === None\", taking true branch.",
+ "verbosity_level": 2
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/provider/provider_manager.py",
+ "line": 356,
+ "column": 9,
+ "event": "null_check",
+ "message": "Comparing \"current_user\" to a null-like value implies that \"current_user\" might be null-like.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/provider/provider_manager.py",
+ "line": 356,
+ "column": 9,
+ "event": "path",
+ "message": "Condition \"request\", taking true branch.",
+ "verbosity_level": 2
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/provider/provider_manager.py",
+ "line": 356,
+ "column": 9,
+ "event": "path",
+ "message": "Condition \"request.user\", taking false branch.",
+ "verbosity_level": 2
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/provider/provider_manager.py",
+ "line": 358,
+ "column": 9,
+ "event": "path",
+ "message": "Condition \"self.sources_model\", taking true branch.",
+ "verbosity_level": 2
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/provider/provider_manager.py",
+ "line": 358,
+ "column": 9,
+ "event": "path",
+ "message": "Condition \"!from_sources\", taking false branch.",
+ "verbosity_level": 2
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/provider/provider_manager.py",
+ "line": 361,
+ "column": 9,
+ "event": "path",
+ "message": "Condition \"from_sources\", taking true branch.",
+ "verbosity_level": 2
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/provider/provider_manager.py",
+ "line": 361,
+ "column": 9,
+ "event": "path",
+ "message": "Condition \"self.get_is_provider_processing()\", taking true branch.",
+ "verbosity_level": 2
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/provider/provider_manager.py",
+ "line": 363,
+ "column": 13,
+ "event": "path",
+ "message": "Condition \"retry_count !== None\", taking true branch.",
+ "verbosity_level": 2
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/provider/provider_manager.py",
+ "line": 363,
+ "column": 13,
+ "event": "path",
+ "message": "Condition \"retry_count < settings.MAX_SOURCE_DELETE_RETRIES\", taking false branch.",
+ "verbosity_level": 2
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/provider/provider_manager.py",
+ "line": 366,
+ "column": 9,
+ "event": "path",
+ "message": "Condition \"!self.is_removable_by_user(current_user)\", taking true branch.",
+ "verbosity_level": 2
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/provider/provider_manager.py",
+ "line": 367,
+ "column": 13,
+ "event": "property_access",
+ "message": "Accessing a property of null-like value \"current_user\".",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 365| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 366| if not self.is_removable_by_user(current_user):",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 367|-> err_msg = f\"User {current_user.username} does not have permission to delete provider {str(self.model)}\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 368| raise ProviderManagerAuthorizationError(err_msg)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 369| ",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "FORWARD_NULL",
+ "cwe": 476,
+ "function": "remove",
+ "language": "python",
+ "tool": "coverity",
+ "hash_v1": "1ce452567c457f586f9b3cae76f52e1618313974",
+ "key_event_idx": 11,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/provider/provider_manager.py",
+ "line": 356,
+ "column": 9,
+ "event": "path",
+ "message": "Condition \"current_user === None\", taking true branch.",
+ "verbosity_level": 2
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/provider/provider_manager.py",
+ "line": 356,
+ "column": 9,
+ "event": "null_check",
+ "message": "Comparing \"current_user\" to a null-like value implies that \"current_user\" might be null-like.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/provider/provider_manager.py",
+ "line": 356,
+ "column": 9,
+ "event": "path",
+ "message": "Condition \"request\", taking true branch.",
+ "verbosity_level": 2
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/provider/provider_manager.py",
+ "line": 356,
+ "column": 9,
+ "event": "path",
+ "message": "Condition \"request.user\", taking false branch.",
+ "verbosity_level": 2
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/provider/provider_manager.py",
+ "line": 358,
+ "column": 9,
+ "event": "path",
+ "message": "Condition \"self.sources_model\", taking true branch.",
+ "verbosity_level": 2
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/provider/provider_manager.py",
+ "line": 358,
+ "column": 9,
+ "event": "path",
+ "message": "Condition \"!from_sources\", taking false branch.",
+ "verbosity_level": 2
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/provider/provider_manager.py",
+ "line": 361,
+ "column": 9,
+ "event": "path",
+ "message": "Condition \"from_sources\", taking true branch.",
+ "verbosity_level": 2
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/provider/provider_manager.py",
+ "line": 361,
+ "column": 9,
+ "event": "path",
+ "message": "Condition \"self.get_is_provider_processing()\", taking true branch.",
+ "verbosity_level": 2
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/provider/provider_manager.py",
+ "line": 363,
+ "column": 13,
+ "event": "path",
+ "message": "Condition \"retry_count !== None\", taking true branch.",
+ "verbosity_level": 2
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/provider/provider_manager.py",
+ "line": 363,
+ "column": 13,
+ "event": "path",
+ "message": "Condition \"retry_count < settings.MAX_SOURCE_DELETE_RETRIES\", taking false branch.",
+ "verbosity_level": 2
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/provider/provider_manager.py",
+ "line": 366,
+ "column": 9,
+ "event": "path",
+ "message": "Condition \"!self.is_removable_by_user(current_user)\", taking false branch.",
+ "verbosity_level": 2
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/provider/provider_manager.py",
+ "line": 373,
+ "column": 13,
+ "event": "property_access",
+ "message": "Accessing a property of null-like value \"current_user\".",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 371| try:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 372| self.model.delete()",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 373|-> LOG.info(log_json(msg=\"provider removed\", provider_uuid=str(self.model.uuid), user=current_user.username))",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 374| except IntegrityError as err:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 375| LOG.warning(",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "FORWARD_NULL",
+ "cwe": 476,
+ "function": "__init__",
+ "language": "python",
+ "tool": "coverity",
+ "hash_v1": "c24d84919038f9518d2e7252343d71129b605ec7",
+ "key_event_idx": 6,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/forecast/forecast.py",
+ "line": 73,
+ "column": 1,
+ "event": "assign_undefined",
+ "message": "Assigning: \"filter_fields\" = \"undefined\".",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/forecast/forecast.py",
+ "line": 85,
+ "column": 9,
+ "event": "path",
+ "message": "Condition \"self.provider in {Provider.PROVIDER_AWS, Provider.OCP_AWS}\", taking true branch.",
+ "verbosity_level": 2
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/forecast/forecast.py",
+ "line": 86,
+ "column": 13,
+ "event": "path",
+ "message": "Condition \"query_params.get(\"cost_type\")\", taking true branch.",
+ "verbosity_level": 2
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/forecast/forecast.py",
+ "line": 87,
+ "column": 17,
+ "event": "path",
+ "message": "Falling through to end of if statement.",
+ "verbosity_level": 2
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/forecast/forecast.py",
+ "line": 95,
+ "column": 9,
+ "event": "path",
+ "message": "Condition \"access\", taking false branch.",
+ "verbosity_level": 2
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/forecast/forecast.py",
+ "line": 116,
+ "column": 9,
+ "event": "path",
+ "message": "Condition \"access_key != \"default\"\", taking true branch.",
+ "verbosity_level": 2
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/forecast/forecast.py",
+ "line": 117,
+ "column": 34,
+ "event": "property_access",
+ "message": "Accessing a property of null-like value \"filter_fields\".",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 115| # filter queries based on access",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 116| if access_key != \"default\":",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 117|-> for q_param, filt in filter_fields.items():",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 118| access = query_params.get_access(q_param, list())",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 119| if access:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_missing_cpu_limit",
+ "cwe": 400,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "bd065bc998507281439f97ad9f687963f5cad6a9",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 122,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container does not have a set CPU limit, allowing it to exhaust all CPU resources or cause excessive cloud usage bills.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 122,
+ "event": "remediation",
+ "message": "Each container defined in either the `containers` or `initContainers` blocks should have a `resources.limits.cpu` field to restrict CPU usage. Note that unlike the `requests.cpu` field that set the initial CPU allocated for a container, `limits.cpu` sets a hard limit for the maximum CPU that can be consumed by the container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 120| image: ${IMAGE}:${IMAGE_TAG}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 121| initContainers:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 122|-> - command:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 123| - /bin/bash",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 124| - -c",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_missing_memory_limit",
+ "cwe": 400,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "137c96387ea58449acfbfac505e69907f6d90d55",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 122,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container does not have a set memory limit, allowing it to exhaust all memory resources or cause excessive cloud usage bills.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 122,
+ "event": "remediation",
+ "message": "Each container defined in either the `containers` or `initContainers` blocks should have a `resources.limits.memory` field to restrict memory usage. Note that unlike the `requests.memory` field that sets the initial memory allocated for a container, `limits.memory` sets a hard limit for the maximum amount of memory that can be consumed by the container.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 120| image: ${IMAGE}:${IMAGE_TAG}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 121| initContainers:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 122|-> - command:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 123| - /bin/bash",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 124| - -c",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_running_as_root",
+ "cwe": 269,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f5122eb74ebc3e93e5fb12b71eb9d433d34d46a1",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dev/containers/postgresql/Dockerfile",
+ "line": 1,
+ "event": "Sigma main event",
+ "message": "The Docker container is configured to run as the root user.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dev/containers/postgresql/Dockerfile",
+ "line": 1,
+ "event": "remediation",
+ "message": "Explicitly set the last `USER` value to a non-root user to prevent the container from running in a privileged context.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1|-> from postgres:14",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3| ARG USER_ID=999",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "2e071390b31f8422b56dac5a37ebeb8199fb5509",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 28,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 28,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 26| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 27| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 28|-> key: django-secret-key",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 29| name: koku-secret",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 30| optional: false",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "41d700e42374812833b50b831854011f36e52061",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 86,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 86,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 84| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 85| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 86|-> key: ${GLITCHTIP_KEY_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 87| name: ${GLITCHTIP_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 88| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "41d700e42374812833b50b831854011f36e52061",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 309,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 309,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 307| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 308| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 309|-> key: ${GLITCHTIP_KEY_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 310| name: ${GLITCHTIP_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 311| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "2e071390b31f8422b56dac5a37ebeb8199fb5509",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 413,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 413,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 411| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 412| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 413|-> key: django-secret-key",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 414| name: koku-secret",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 415| optional: false",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "fd4c006009993962eeac3e7ce7c9b48f858ab280",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 437,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 437,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 435| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 436| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 437|-> key: psk",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 438| name: ${SOURCES_PSK_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 439| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "41d700e42374812833b50b831854011f36e52061",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 641,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 641,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 639| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 640| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 641|-> key: ${GLITCHTIP_KEY_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 642| name: ${GLITCHTIP_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 643| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "fd4c006009993962eeac3e7ce7c9b48f858ab280",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 763,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 763,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 761| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 762| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 763|-> key: psk",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 764| name: ${SOURCES_PSK_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 765| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "2e071390b31f8422b56dac5a37ebeb8199fb5509",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 769,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 769,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 767| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 768| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 769|-> key: django-secret-key",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 770| name: koku-secret",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 771| optional: false",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "41d700e42374812833b50b831854011f36e52061",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 825,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 825,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 823| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 824| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 825|-> key: ${GLITCHTIP_KEY_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 826| name: ${GLITCHTIP_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 827| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "fd4c006009993962eeac3e7ce7c9b48f858ab280",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 930,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 930,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 928| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 929| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 930|-> key: psk",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 931| name: ${SOURCES_PSK_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 932| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "2e071390b31f8422b56dac5a37ebeb8199fb5509",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 936,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 936,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 934| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 935| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 936|-> key: django-secret-key",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 937| name: koku-secret",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 938| optional: false",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "41d700e42374812833b50b831854011f36e52061",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 988,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 988,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 986| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 987| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 988|-> key: ${GLITCHTIP_KEY_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 989| name: ${GLITCHTIP_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 990| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "fd4c006009993962eeac3e7ce7c9b48f858ab280",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 1100,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 1100,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1098| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1099| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1100|-> key: psk",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1101| name: ${SOURCES_PSK_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1102| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "41d700e42374812833b50b831854011f36e52061",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 1132,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 1132,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1130| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1131| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1132|-> key: ${GLITCHTIP_KEY_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1133| name: ${GLITCHTIP_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1134| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "fd4c006009993962eeac3e7ce7c9b48f858ab280",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 1276,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 1276,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1274| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1275| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1276|-> key: psk",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1277| name: ${SOURCES_PSK_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1278| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "41d700e42374812833b50b831854011f36e52061",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 1308,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 1308,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1306| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1307| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1308|-> key: ${GLITCHTIP_KEY_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1309| name: ${GLITCHTIP_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1310| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "fd4c006009993962eeac3e7ce7c9b48f858ab280",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 1462,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 1462,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1460| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1461| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1462|-> key: psk",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1463| name: ${SOURCES_PSK_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1464| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "41d700e42374812833b50b831854011f36e52061",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 1490,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 1490,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1488| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1489| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1490|-> key: ${GLITCHTIP_KEY_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1491| name: ${GLITCHTIP_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1492| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "fd4c006009993962eeac3e7ce7c9b48f858ab280",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 1640,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 1640,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1638| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1639| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1640|-> key: psk",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1641| name: ${SOURCES_PSK_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1642| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "41d700e42374812833b50b831854011f36e52061",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 1674,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 1674,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1672| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1673| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1674|-> key: ${GLITCHTIP_KEY_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1675| name: ${GLITCHTIP_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1676| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "fd4c006009993962eeac3e7ce7c9b48f858ab280",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 1826,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 1826,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1824| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1825| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1826|-> key: psk",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1827| name: ${SOURCES_PSK_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1828| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "41d700e42374812833b50b831854011f36e52061",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 1860,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 1860,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1858| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1859| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1860|-> key: ${GLITCHTIP_KEY_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1861| name: ${GLITCHTIP_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1862| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "fd4c006009993962eeac3e7ce7c9b48f858ab280",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 2012,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 2012,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2010| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2011| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2012|-> key: psk",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2013| name: ${SOURCES_PSK_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2014| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "41d700e42374812833b50b831854011f36e52061",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 2044,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 2044,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2042| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2043| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2044|-> key: ${GLITCHTIP_KEY_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2045| name: ${GLITCHTIP_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2046| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "fd4c006009993962eeac3e7ce7c9b48f858ab280",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 2196,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 2196,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2194| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2195| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2196|-> key: psk",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2197| name: ${SOURCES_PSK_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2198| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "41d700e42374812833b50b831854011f36e52061",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 2228,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 2228,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2226| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2227| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2228|-> key: ${GLITCHTIP_KEY_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2229| name: ${GLITCHTIP_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2230| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "fd4c006009993962eeac3e7ce7c9b48f858ab280",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 2380,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 2380,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2378| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2379| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2380|-> key: psk",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2381| name: ${SOURCES_PSK_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2382| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "41d700e42374812833b50b831854011f36e52061",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 2414,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 2414,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2412| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2413| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2414|-> key: ${GLITCHTIP_KEY_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2415| name: ${GLITCHTIP_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2416| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "fd4c006009993962eeac3e7ce7c9b48f858ab280",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 2570,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 2570,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2568| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2569| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2570|-> key: psk",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2571| name: ${SOURCES_PSK_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2572| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "41d700e42374812833b50b831854011f36e52061",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 2604,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 2604,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2602| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2603| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2604|-> key: ${GLITCHTIP_KEY_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2605| name: ${GLITCHTIP_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2606| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "fd4c006009993962eeac3e7ce7c9b48f858ab280",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 2760,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 2760,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2758| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2759| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2760|-> key: psk",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2761| name: ${SOURCES_PSK_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2762| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "41d700e42374812833b50b831854011f36e52061",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 2792,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 2792,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2790| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2791| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2792|-> key: ${GLITCHTIP_KEY_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2793| name: ${GLITCHTIP_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2794| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "fd4c006009993962eeac3e7ce7c9b48f858ab280",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 2942,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 2942,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2940| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2941| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2942|-> key: psk",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2943| name: ${SOURCES_PSK_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2944| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "41d700e42374812833b50b831854011f36e52061",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 2974,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 2974,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2972| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2973| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2974|-> key: ${GLITCHTIP_KEY_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2975| name: ${GLITCHTIP_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2976| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "fd4c006009993962eeac3e7ce7c9b48f858ab280",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 3124,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 3124,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3122| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3123| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3124|-> key: psk",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3125| name: ${SOURCES_PSK_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3126| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "41d700e42374812833b50b831854011f36e52061",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 3156,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 3156,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3154| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3155| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3156|-> key: ${GLITCHTIP_KEY_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3157| name: ${GLITCHTIP_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3158| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "fd4c006009993962eeac3e7ce7c9b48f858ab280",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 3310,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 3310,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3308| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3309| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3310|-> key: psk",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3311| name: ${SOURCES_PSK_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3312| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "41d700e42374812833b50b831854011f36e52061",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 3342,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 3342,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3340| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3341| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3342|-> key: ${GLITCHTIP_KEY_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3343| name: ${GLITCHTIP_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3344| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "fd4c006009993962eeac3e7ce7c9b48f858ab280",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 3496,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 3496,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3494| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3495| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3496|-> key: psk",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3497| name: ${SOURCES_PSK_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3498| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "41d700e42374812833b50b831854011f36e52061",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 3530,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 3530,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3528| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3529| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3530|-> key: ${GLITCHTIP_KEY_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3531| name: ${GLITCHTIP_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3532| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "fd4c006009993962eeac3e7ce7c9b48f858ab280",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 3676,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 3676,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3674| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3675| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3676|-> key: psk",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3677| name: ${SOURCES_PSK_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3678| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "41d700e42374812833b50b831854011f36e52061",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 3712,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 3712,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3710| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3711| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3712|-> key: ${GLITCHTIP_KEY_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3713| name: ${GLITCHTIP_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3714| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "fd4c006009993962eeac3e7ce7c9b48f858ab280",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 3850,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 3850,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3848| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3849| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3850|-> key: psk",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3851| name: ${SOURCES_PSK_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3852| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.container_storing_secret_in_environment_variable",
+ "cwe": 526,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "41d700e42374812833b50b831854011f36e52061",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 3886,
+ "event": "Sigma main event",
+ "message": "The Kubernetes container stores secrets in environment variables, which could be leaked if the environment is logged.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 3886,
+ "event": "remediation",
+ "message": "Provide access to secrets via volume mounts instead of setting `valueFrom.secretKeyRef` in `env`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3884| valueFrom:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3885| secretKeyRef:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3886|-> key: ${GLITCHTIP_KEY_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3887| name: ${GLITCHTIP_SECRET_NAME}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3888| optional: true",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.custom_resource_in_default_namespace",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "8eb9dd6fe8ced70d56e49c559797a0345bcab0eb",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dashboards/grafana-dashboard-insights-hccm-postgresql.configmap.yaml",
+ "line": 979,
+ "event": "Sigma main event",
+ "message": "The Kubernetes resource uses the `default` namespace by either omitting the `metadata.namespace` field or by explicitly setting the value to `default`. This can cause conflicts with other services and prevents granular access control.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dashboards/grafana-dashboard-insights-hccm-postgresql.configmap.yaml",
+ "line": 979,
+ "event": "remediation",
+ "message": "Explicitly set the resource's `metadata.namespace` field to a namespace other than `default`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 977| kind: ConfigMap",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 978| metadata:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 979|-> name: grafana-dashboard-clouddot-insights-hccm-postgresql",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 980| labels:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 981| grafana_dashboard: \"true\"",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.custom_resource_in_default_namespace",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "e6da80d2ba601107e16d5f4d4c06a5c205eeab6d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dashboards/grafana-dashboard-insights-hccm-redis.configmap.yaml",
+ "line": 1315,
+ "event": "Sigma main event",
+ "message": "The Kubernetes resource uses the `default` namespace by either omitting the `metadata.namespace` field or by explicitly setting the value to `default`. This can cause conflicts with other services and prevents granular access control.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dashboards/grafana-dashboard-insights-hccm-redis.configmap.yaml",
+ "line": 1315,
+ "event": "remediation",
+ "message": "Explicitly set the resource's `metadata.namespace` field to a namespace other than `default`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1313| kind: ConfigMap",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1314| metadata:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1315|-> name: grafana-dashboard-clouddot-insights-hccm-redis",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1316| labels:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1317| grafana_dashboard: \"true\"",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.custom_resource_in_default_namespace",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "87455d9dae41fdb88ca351f90b09b17496516ca7",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dashboards/grafana-dashboard-insights-hccm-trino.configmap.yaml",
+ "line": 1304,
+ "event": "Sigma main event",
+ "message": "The Kubernetes resource uses the `default` namespace by either omitting the `metadata.namespace` field or by explicitly setting the value to `default`. This can cause conflicts with other services and prevents granular access control.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dashboards/grafana-dashboard-insights-hccm-trino.configmap.yaml",
+ "line": 1304,
+ "event": "remediation",
+ "message": "Explicitly set the resource's `metadata.namespace` field to a namespace other than `default`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1302| kind: ConfigMap",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1303| metadata:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1304|-> name: grafana-dashboard-clouddot-insights-hccm-trino",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1305| labels:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1306| grafana_dashboard: \"true\"",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.custom_resource_in_default_namespace",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "60267981eafe9c68b1fd9d346af2d5fa15eb7b29",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dashboards/grafana-dashboard-insights-hccm.configmap.yaml",
+ "line": 5164,
+ "event": "Sigma main event",
+ "message": "The Kubernetes resource uses the `default` namespace by either omitting the `metadata.namespace` field or by explicitly setting the value to `default`. This can cause conflicts with other services and prevents granular access control.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dashboards/grafana-dashboard-insights-hccm.configmap.yaml",
+ "line": 5164,
+ "event": "remediation",
+ "message": "Explicitly set the resource's `metadata.namespace` field to a namespace other than `default`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 5162| kind: ConfigMap",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 5163| metadata:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 5164|-> name: grafana-dashboard-clouddot-insights-hccm",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 5165| labels:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 5166| grafana_dashboard: \"true\"",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.custom_resource_in_default_namespace",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "d32f9f4675189c964eb56b044813235f7cde5b3e",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 4,
+ "event": "Sigma main event",
+ "message": "The Kubernetes resource uses the `default` namespace by either omitting the `metadata.namespace` field or by explicitly setting the value to `default`. This can cause conflicts with other services and prevents granular access control.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/clowdapp.yaml",
+ "line": 4,
+ "event": "remediation",
+ "message": "Explicitly set the resource's `metadata.namespace` field to a namespace other than `default`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2| kind: Template",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3| metadata:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 4|-> name: koku",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 5| objects:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 6| - apiVersion: cloud.redhat.com/v1alpha1",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.custom_resource_in_default_namespace",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "157e5c791dd48b63063e5682ddd936e7a0e447d3",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/kustomize/base/base.yaml",
+ "line": 4,
+ "event": "Sigma main event",
+ "message": "The Kubernetes resource uses the `default` namespace by either omitting the `metadata.namespace` field or by explicitly setting the value to `default`. This can cause conflicts with other services and prevents granular access control.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/deploy/kustomize/base/base.yaml",
+ "line": 4,
+ "event": "remediation",
+ "message": "Explicitly set the resource's `metadata.namespace` field to a namespace other than `default`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2| kind: Template",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3| metadata:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 4|-> name: koku",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 5| objects:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 6| # ====================================================",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.custom_resource_in_default_namespace",
+ "cwe": 284,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "077bbd1abe5354b8b0b2d2136adae44c639941c0",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dev/scripts/e2e-secrets.yml",
+ "line": 4,
+ "event": "Sigma main event",
+ "message": "The Kubernetes resource uses the `default` namespace by either omitting the `metadata.namespace` field or by explicitly setting the value to `default`. This can cause conflicts with other services and prevents granular access control.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dev/scripts/e2e-secrets.yml",
+ "line": 4,
+ "event": "remediation",
+ "message": "Explicitly set the resource's `metadata.namespace` field to a namespace other than `default`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2| apiVersion: v1",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3| metadata:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 4|-> name: koku-secrets-template",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 5| annotations:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 6| openshift.io/display-name: \"Koku\"",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.default_allow_all_authz_policy",
+ "cwe": 862,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "79fc26f0599e33beea668ab567c13af950ea7587",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1,
+ "event": "Sigma main event",
+ "message": "The API does not have a global security scheme, indicating a default allow-all configuration. Any API operations without an explicit security scheme will allow unauthorized requests.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1,
+ "event": "remediation",
+ "message": "The global security field should contain one or more security schemes, for example `{'security':[{'OAuth2':['read','write']}]}`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1|-> {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2| \"openapi\": \"3.0.0\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3| \"info\": {",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.default_allow_all_authz_policy",
+ "cwe": 862,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "3c7aaab079997a03c6677d37a3a13fef3961f3fa",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 1,
+ "event": "Sigma main event",
+ "message": "The API does not have a global security scheme, indicating a default allow-all configuration. Any API operations without an explicit security scheme will allow unauthorized requests.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 1,
+ "event": "remediation",
+ "message": "The global security field should contain one or more security schemes, for example `{'security':[{'OAuth2':['read','write']}]}`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1|-> {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2| \"openapi\": \"3.0.0\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3| \"info\": {",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.hardcoded_secret",
+ "cwe": 798,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "c2cc2738dc5a384ca43b6c4d0d1c1d6d751469fc",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dev/scripts/test_customer.yaml",
+ "line": 13,
+ "event": "Sigma main event",
+ "message": "A secret, such as a password, cryptographic key, or token is stored in plaintext directly in the source code, in an application's properties, or configuration file. Users with access to the secret may then use the secret to access resources that they otherwise would not have access to. Secret type: Token (generic).",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dev/scripts/test_customer.yaml",
+ "line": 13,
+ "event": "remediation",
+ "message": "Avoid setting sensitive configuration values as string literals. Instead, these values should be set using variables with the sensitive data loaded from an encrypted file or a secret store.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 11| authentication:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 12| credentials:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 13|-> iam_token: '11111111-1111-1111-1111-11111111'",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 14| billing_source:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 15| data_source:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.hardcoded_secret",
+ "cwe": 798,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "df135c8edb8a0e03111ac4a3a5a5e63dabcf3751",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dev/scripts/test_customer.yaml",
+ "line": 52,
+ "event": "Sigma main event",
+ "message": "A secret, such as a password, cryptographic key, or token is stored in plaintext directly in the source code, in an application's properties, or configuration file. Users with access to the secret may then use the secret to access resources that they otherwise would not have access to. Secret type: Secret (generic).",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dev/scripts/test_customer.yaml",
+ "line": 52,
+ "event": "remediation",
+ "message": "Avoid setting sensitive configuration values as string literals. Instead, these values should be set using variables with the sensitive data loaded from an encrypted file or a secret store.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 50| tenant_id: '22222222-2222-2222-2222-22222222'",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 51| client_id: '33333333-3333-3333-3333-33333333'",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 52|-> client_secret: 'MyPassW0rd!'",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 53| billing_source:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 54| data_source:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.hardcoded_secret",
+ "cwe": 798,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "df135c8edb8a0e03111ac4a3a5a5e63dabcf3751",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dev/scripts/test_customer.yaml",
+ "line": 69,
+ "event": "Sigma main event",
+ "message": "A secret, such as a password, cryptographic key, or token is stored in plaintext directly in the source code, in an application's properties, or configuration file. Users with access to the secret may then use the secret to access resources that they otherwise would not have access to. Secret type: Secret (generic).",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dev/scripts/test_customer.yaml",
+ "line": 69,
+ "event": "remediation",
+ "message": "Avoid setting sensitive configuration values as string literals. Instead, these values should be set using variables with the sensitive data loaded from an encrypted file or a secret store.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 67| tenant_id: '22222222-2222-2222-2222-22222223'",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 68| client_id: '33333333-3333-3333-3333-33333334'",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 69|-> client_secret: 'MyPassW0rd!'",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 70| billing_source:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 71| data_source:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.hardcoded_secret",
+ "cwe": 798,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "bb42cc478b718ef9726fcf54d73b65bf256f4d7a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/tox.ini",
+ "line": 34,
+ "event": "Sigma main event",
+ "message": "A secret, such as a password, cryptographic key, or token is stored in plaintext directly in the source code, in an application's properties, or configuration file. Users with access to the secret may then use the secret to access resources that they otherwise would not have access to. Secret type: Password (generic).",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/tox.ini",
+ "line": 34,
+ "event": "remediation",
+ "message": "Avoid setting sensitive configuration values as string literals. Instead, these values should be set using variables with the sensitive data loaded from an encrypted file or a secret store.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 32| DATABASE_USER=koku_tester",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 33| DATABASE_PASSWORD={env:DATABASE_PASSWORD:''}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 34|-> ACCOUNT_ENHANCED_METRICS={env:ACCOUNT_ENHANCED_METRICS:True}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 35| prometheus_multiproc_dir=/tmp",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 36| TRINO_DATE_STEP={env:TRINO_DATE_STEP:31}",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.hardcoded_secret",
+ "cwe": 798,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "ea11f14272b0d69196646d9b0ab91b5ddb3e7171",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/tox.ini",
+ "line": 61,
+ "event": "Sigma main event",
+ "message": "A secret, such as a password, cryptographic key, or token is stored in plaintext directly in the source code, in an application's properties, or configuration file. Users with access to the secret may then use the secret to access resources that they otherwise would not have access to. Secret type: Password (generic).",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/tox.ini",
+ "line": 61,
+ "event": "remediation",
+ "message": "Avoid setting sensitive configuration values as string literals. Instead, these values should be set using variables with the sensitive data loaded from an encrypted file or a secret store.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 59| DATABASE_USER=koku_tester",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 60| DATABASE_PASSWORD={env:DATABASE_PASSWORD:''}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 61|-> PROMETHEUS_MULTIPROC_DIR=/tmp",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 62| UNLEASH_HOST={env:UNLEASH_HOST:localhost}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 63| deps =",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.improper_use_of_add_command",
+ "cwe": 676,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a01ff8b079d056267a515e33ebd3ce49d9b704b8",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/Dockerfile",
+ "line": 94,
+ "event": "Sigma main event",
+ "message": "The Dockerfile uses the `ADD` command to add a local non-tar file or to fetch a remote file into the Docker container. The best use for the `ADD` command is to extract local tar files into Docker containers.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/Dockerfile",
+ "line": 94,
+ "event": "remediation",
+ "message": "For local non-tar files use the `COPY` command. For remote URLs use `curl` or `wget` to manually download the file and then use the `COPY` command to copy the file to the correct location.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 92| ENV VIRTUAL_ENV=${APP_ROOT}/.venv",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 93| ENV \\",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 94|-> # Add the koku virtual env bin to the front of PATH.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 95| # This activates the virtual env for all subsequent python calls.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 96| PATH=\"$VIRTUAL_ENV/bin:$PATH\" \\",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 97,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 97,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 95| \"description\": \"Return download file async task ID.\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 96| \"parameters\": [],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 97|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 98| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 99| \"description\": \"The celery task ID of the download task\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "284a0c14d604dd6f255443d1fffaac53ac097d2f",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 113,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 113,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 111| ]",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 112| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 113|-> \"parameters\": [",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 114| {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 115| \"name\": \"provider_uuid\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 175,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 175,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 173| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 174| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 175|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 176| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 177| \"description\": \"List of tag keys\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 205,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 205,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 203| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 204| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 205|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 206| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 207| \"description\": \"List of tag keys\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "b2b66b9fd0c05fd0951c52b4444a6e5cb93cefca",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 221,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 221,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 219| ]",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 220| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 221|-> \"parameters\": []",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 222| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 223| \"/expired_data/\": {",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 228,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 228,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 226| \"description\": \"Return simulated expired data.\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 227| \"parameters\": [],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 228|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 229| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 230| \"description\": \"Simulate the deletion expired data\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 248,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 248,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 246| \"description\": \"Return expired data.\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 247| \"parameters\": [],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 248|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 249| \"204\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 250| \"description\": \"Delete expired data\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "b2b66b9fd0c05fd0951c52b4444a6e5cb93cefca",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 264,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 264,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 262| ]",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 263| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 264|-> \"parameters\": []",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 265| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 266| \"/hcs_report_data/\": {",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 325,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 325,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 323| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 324| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 325|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 326| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 327| \"description\": \"HCS report task has been queued\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 414,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 414,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 412| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 413| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 414|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 415| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 416| \"description\": \"HCS Finalization task has been queued\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 510,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 510,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 508| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 509| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 510|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 511| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 512| \"description\": \"Data summary task has been queued\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 582,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 582,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 580| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 581| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 582|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 583| \"204\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 584| \"description\": \"Data deletion task has been queued\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "b2b66b9fd0c05fd0951c52b4444a6e5cb93cefca",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 598,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 598,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 596| ]",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 597| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 598|-> \"parameters\": []",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 599| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 600| \"/sources/\": {",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 723,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 723,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 721| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 722| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 723|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 724| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 725| \"description\": \"A paginated list of source objects\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 755,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 755,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 753| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 754| }],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 755|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 756| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 757| \"description\": \"A Source object\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 805,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 805,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 803| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 804| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 805|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 806| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 807| \"description\": \"A Source object\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 845,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 845,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 843| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 844| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 845|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 846| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 847| \"description\": \"\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "b2b66b9fd0c05fd0951c52b4444a6e5cb93cefca",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 861,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 861,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 859| ]",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 860| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 861|-> \"parameters\": []",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 862| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 863| \"/update_cost_model_costs/\": {",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 890,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 890,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 888| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 889| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 890|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 891| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 892| \"description\": \"Update derived cost\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "b2b66b9fd0c05fd0951c52b4444a6e5cb93cefca",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 906,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 906,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 904| ]",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 905| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 906|-> \"parameters\": []",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 907| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 908| \"/update_openshift_on_cloud/\": {",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 967,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 967,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 965| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 966| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 967|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 968| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 969| \"description\": \"Data summary task has been queued\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "b2b66b9fd0c05fd0951c52b4444a6e5cb93cefca",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 983,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 983,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 981| ]",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 982| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 983|-> \"parameters\": []",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 984| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 985| \"/report/process/openshift_on_cloud/\": {",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1044,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1044,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1042| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1043| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1044|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1045| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1046| \"description\": \"Data processing task has been queued\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "b2b66b9fd0c05fd0951c52b4444a6e5cb93cefca",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1060,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1060,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1058| ]",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1059| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1060|-> \"parameters\": []",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1061| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1062| \"/notification/\": {",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1080,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1080,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1078| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1079| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1080|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1081| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1082| \"description\": \"The celery task ID of the notification task\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1115,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1115,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1113| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1114| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1115|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1116| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1117| \"description\": \"The celery task ID of the crawl account hierarchy task\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1158,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1158,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1156| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1157| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1158|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1159| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1160| \"description\": \"Return tree json.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "b2b66b9fd0c05fd0951c52b4444a6e5cb93cefca",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1174,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1174,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1172| ]",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1173| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1174|-> \"parameters\": []",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1175| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1176| \"/running_celery_tasks/\": {",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1181,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1181,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1179| \"operationId\": \"runningCeleryTasks\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1180| \"description\": \"Returns a list of running celery tasks.\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1181|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1182| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1183| \"description\": \"Returns a list of running celery tasks.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1203,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1203,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1201| \"operationId\": \"celeryQueueLength\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1202| \"description\": \"Returns a dictionary of queues with queue length.\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1203|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1204| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1205| \"description\": \"Returns a dictionary of queues with their associated lengths.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1235,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1235,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1233| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1234| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1235|-> \"responses\":{",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1236| \"200\":{",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1237| \"description\": \"Returns the number of tasks cleared the celery queue.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1257,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1257,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1255| \"operationId\": \"dbPerformanceDbVersion\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1256| \"description\": \"Returns a HTML document showing the database version.\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1257|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1258| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1259| \"description\": \"Returns a HTML document showing the database version.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1276,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1276,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1274| \"operationId\": \"dbPerformanceDbSettings\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1275| \"description\": \"Returns a HTML document showing the database software settings.\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1276|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1277| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1278| \"description\": \"Returns a HTML document showing the database software settings.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1330,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1330,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1328| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1329| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1330|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1331| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1332| \"description\": \"Returns a HTML document showing query statement statistics if the pg_stat_statements extension has been installed.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1410,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1410,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1408| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1409| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1410|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1411| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1412| \"description\": \"Returns a HTML document showing current connection activity.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1464,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1464,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1462| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1463| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1464|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1465| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1466| \"description\": \"Returns a HTML document showing any blocking locks and processes that are blocked by them.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1518,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1518,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1516| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1517| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1518|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1519| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1520| \"description\": \"Returns a HTML document showing current connection activity.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1537,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1537,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1535| \"operationId\": \"dbPerformanceExplainQuery\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1536| \"description\": \"Returns a HTML document interface to submit a query for the database to explain.\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1537|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1538| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1539| \"description\": \"Returns a HTML document interface to submit a query for the database to explain.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1577,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1577,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1575| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1576| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1577|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1578| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1579| \"description\": \"Return Plans.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1623,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1623,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1621| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1622| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1623|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1624| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1625| \"description\": \"Returns a dictionary with cost mappings for continuity checks\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1646,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1646,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1644| \"description\": \"Update and return list of exchange rates\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1645| \"parameters\": [],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1646|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1647| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1648| \"description\": \"Returns a dictionary of exchange rates after update\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1762,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1762,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1760| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1761| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1762|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1763| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1764| \"description\": \"An object describing manifest information\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1806,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1806,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1804| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1805| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1806|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1807| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1808| \"description\": \"An object describing manifest information\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1881,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1881,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1879| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1880| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1881|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1882| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1883| \"description\": \"An object describing manifest information\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1921,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1921,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1919| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1920| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1921|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1922| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1923| \"description\": \"Query result.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1961,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1961,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1959| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1960| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1961|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1962| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1963| \"description\": \"JSON with query result.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 2059,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 2059,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2057| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2058| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2059|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2060| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2061| \"description\": \"Returns a dictionary with cost mappings for continuity checks\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 2114,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 2114,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2112| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2113| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2114|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2115| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2116| \"description\": \"Returns a dictionary with cost mappings for continuity checks\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 2137,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 2137,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2135| \"description\": \"Returns the additional context for a specific provider.\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2136| \"parameters\": [],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2137|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2138| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2139| \"description\": \"The additional context field.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f8eb085b9fc5744e0c1a575292b66e0ea7983e7d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 2168,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 2168,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2166| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2167| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2168|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2169| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2170| \"description\": \"The additional context field.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "284a0c14d604dd6f255443d1fffaac53ac097d2f",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 2184,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 2184,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2182| ]",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2183| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2184|-> \"parameters\": [",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2185| {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2186| \"name\": \"provider_uuid\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "233c04b6a29ba7bc0ae2da8a5a2f8f16abe4bb8b",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 40,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 40,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 38| \"required\": true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 39| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 40|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 41| \"201\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 42| \"description\": \"An object describing the source\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "233c04b6a29ba7bc0ae2da8a5a2f8f16abe4bb8b",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 97,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 97,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 95| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 96| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 97|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 98| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 99| \"description\": \"A paginated list of source objects\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "233c04b6a29ba7bc0ae2da8a5a2f8f16abe4bb8b",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 139,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 139,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 137| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 138| }],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 139|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 140| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 141| \"description\": \"A Source object\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "233c04b6a29ba7bc0ae2da8a5a2f8f16abe4bb8b",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 202,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 202,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 200| \"required\": true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 201| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 202|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 203| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 204| \"description\": \"A Source object\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "233c04b6a29ba7bc0ae2da8a5a2f8f16abe4bb8b",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 252,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 252,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 250| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 251| }],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 252|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 253| \"204\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 254| \"description\": \"Source deleted\"",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "233c04b6a29ba7bc0ae2da8a5a2f8f16abe4bb8b",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 306,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 306,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 304| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 305| }],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 306|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 307| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 308| \"description\": \"The status of the source\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_default_response_object",
+ "cwe": 391,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "233c04b6a29ba7bc0ae2da8a5a2f8f16abe4bb8b",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 370,
+ "event": "Sigma main event",
+ "message": "The API operation does not have a default response object and may encounter an unexpected state resulting in unpredictable behavior, such as returning stack traces or verbose error messages.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 370,
+ "event": "remediation",
+ "message": "Audit the operation's configuration for handling unexpected server states. In the OpenAPI spec file, this is configured by a `responses` field with a `default` response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 368| \"required\": true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 369| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 370|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 371| \"204\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 372| \"description\": \"Status update event was successfully queued.\"",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.missing_tls",
+ "cwe": 319,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "31044ca9f40067b921354798ea36533f60a2008a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dev/containers/trino/etc/config.properties",
+ "line": 4,
+ "event": "Sigma main event",
+ "message": "The application is configured to use a URI with an unencrypted protocol such as `ftp`, `http`, `redis`, or `ws`. Sensitive data transmitted over insecure communication channels can be read and modified by attackers.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dev/containers/trino/etc/config.properties",
+ "line": 4,
+ "event": "remediation",
+ "message": "Configure the URI to use a secure protocol with TLS protections.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2| node-scheduler.include-coordinator=true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3| http-server.http.port=8080",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 4|-> discovery.uri=http://trino:8080",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 5| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 6| jmx.rmiserver.port=10000",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 97,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 97,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 95| \"description\": \"Return download file async task ID.\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 96| \"parameters\": [],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 97|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 98| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 99| \"description\": \"The celery task ID of the download task\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 175,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 175,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 173| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 174| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 175|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 176| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 177| \"description\": \"List of tag keys\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 205,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 205,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 203| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 204| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 205|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 206| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 207| \"description\": \"List of tag keys\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 228,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 228,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 226| \"description\": \"Return simulated expired data.\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 227| \"parameters\": [],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 228|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 229| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 230| \"description\": \"Simulate the deletion expired data\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 248,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 248,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 246| \"description\": \"Return expired data.\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 247| \"parameters\": [],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 248|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 249| \"204\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 250| \"description\": \"Delete expired data\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 325,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 325,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 323| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 324| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 325|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 326| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 327| \"description\": \"HCS report task has been queued\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 414,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 414,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 412| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 413| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 414|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 415| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 416| \"description\": \"HCS Finalization task has been queued\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 510,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 510,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 508| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 509| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 510|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 511| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 512| \"description\": \"Data summary task has been queued\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 582,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 582,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 580| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 581| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 582|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 583| \"204\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 584| \"description\": \"Data deletion task has been queued\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 723,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 723,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 721| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 722| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 723|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 724| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 725| \"description\": \"A paginated list of source objects\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 755,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 755,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 753| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 754| }],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 755|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 756| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 757| \"description\": \"A Source object\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 805,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 805,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 803| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 804| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 805|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 806| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 807| \"description\": \"A Source object\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 845,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 845,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 843| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 844| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 845|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 846| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 847| \"description\": \"\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 890,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 890,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 888| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 889| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 890|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 891| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 892| \"description\": \"Update derived cost\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 967,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 967,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 965| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 966| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 967|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 968| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 969| \"description\": \"Data summary task has been queued\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1044,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1044,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1042| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1043| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1044|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1045| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1046| \"description\": \"Data processing task has been queued\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1080,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1080,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1078| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1079| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1080|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1081| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1082| \"description\": \"The celery task ID of the notification task\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1115,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1115,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1113| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1114| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1115|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1116| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1117| \"description\": \"The celery task ID of the crawl account hierarchy task\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1158,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1158,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1156| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1157| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1158|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1159| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1160| \"description\": \"Return tree json.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1181,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1181,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1179| \"operationId\": \"runningCeleryTasks\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1180| \"description\": \"Returns a list of running celery tasks.\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1181|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1182| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1183| \"description\": \"Returns a list of running celery tasks.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1203,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1203,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1201| \"operationId\": \"celeryQueueLength\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1202| \"description\": \"Returns a dictionary of queues with queue length.\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1203|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1204| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1205| \"description\": \"Returns a dictionary of queues with their associated lengths.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1235,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1235,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1233| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1234| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1235|-> \"responses\":{",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1236| \"200\":{",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1237| \"description\": \"Returns the number of tasks cleared the celery queue.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1257,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1257,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1255| \"operationId\": \"dbPerformanceDbVersion\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1256| \"description\": \"Returns a HTML document showing the database version.\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1257|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1258| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1259| \"description\": \"Returns a HTML document showing the database version.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1276,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1276,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1274| \"operationId\": \"dbPerformanceDbSettings\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1275| \"description\": \"Returns a HTML document showing the database software settings.\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1276|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1277| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1278| \"description\": \"Returns a HTML document showing the database software settings.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1330,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1330,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1328| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1329| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1330|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1331| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1332| \"description\": \"Returns a HTML document showing query statement statistics if the pg_stat_statements extension has been installed.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1410,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1410,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1408| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1409| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1410|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1411| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1412| \"description\": \"Returns a HTML document showing current connection activity.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1464,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1464,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1462| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1463| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1464|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1465| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1466| \"description\": \"Returns a HTML document showing any blocking locks and processes that are blocked by them.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1518,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1518,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1516| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1517| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1518|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1519| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1520| \"description\": \"Returns a HTML document showing current connection activity.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1537,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1537,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1535| \"operationId\": \"dbPerformanceExplainQuery\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1536| \"description\": \"Returns a HTML document interface to submit a query for the database to explain.\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1537|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1538| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1539| \"description\": \"Returns a HTML document interface to submit a query for the database to explain.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1577,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1577,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1575| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1576| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1577|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1578| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1579| \"description\": \"Return Plans.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1623,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1623,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1621| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1622| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1623|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1624| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1625| \"description\": \"Returns a dictionary with cost mappings for continuity checks\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1646,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1646,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1644| \"description\": \"Update and return list of exchange rates\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1645| \"parameters\": [],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1646|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1647| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1648| \"description\": \"Returns a dictionary of exchange rates after update\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1762,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1762,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1760| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1761| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1762|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1763| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1764| \"description\": \"An object describing manifest information\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1806,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1806,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1804| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1805| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1806|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1807| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1808| \"description\": \"An object describing manifest information\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1881,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1881,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1879| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1880| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1881|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1882| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1883| \"description\": \"An object describing manifest information\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1921,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1921,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1919| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1920| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1921|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1922| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1923| \"description\": \"Query result.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1961,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 1961,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1959| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1960| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1961|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1962| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1963| \"description\": \"JSON with query result.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 2059,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 2059,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2057| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2058| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2059|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2060| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2061| \"description\": \"Returns a dictionary with cost mappings for continuity checks\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 2114,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 2114,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2112| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2113| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2114|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2115| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2116| \"description\": \"Returns a dictionary with cost mappings for continuity checks\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 2137,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 2137,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2135| \"description\": \"Returns the additional context for a specific provider.\",",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2136| \"parameters\": [],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2137|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2138| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2139| \"description\": \"The additional context field.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "a8b2ef5553a1d1a67c24217841c912a2b638ce1a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 2168,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/openapi.json",
+ "line": 2168,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2166| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2167| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2168|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2169| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2170| \"description\": \"The additional context field.\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "0368f4f66e9da743522ed540a6dd6b73fdddc365",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 40,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 40,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 38| \"required\": true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 39| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 40|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 41| \"201\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 42| \"description\": \"An object describing the source\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "0368f4f66e9da743522ed540a6dd6b73fdddc365",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 97,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 97,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 95| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 96| ],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 97|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 98| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 99| \"description\": \"A paginated list of source objects\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "0368f4f66e9da743522ed540a6dd6b73fdddc365",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 139,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 139,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 137| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 138| }],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 139|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 140| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 141| \"description\": \"A Source object\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "0368f4f66e9da743522ed540a6dd6b73fdddc365",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 202,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 202,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 200| \"required\": true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 201| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 202|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 203| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 204| \"description\": \"A Source object\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "0368f4f66e9da743522ed540a6dd6b73fdddc365",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 252,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 252,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 250| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 251| }],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 252|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 253| \"204\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 254| \"description\": \"Source deleted\"",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "0368f4f66e9da743522ed540a6dd6b73fdddc365",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 306,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 306,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 304| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 305| }],",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 306|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 307| \"200\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 308| \"description\": \"The status of the source\",",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.no_rate_limiting",
+ "cwe": 307,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "0368f4f66e9da743522ed540a6dd6b73fdddc365",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 370,
+ "event": "Sigma main event",
+ "message": "The text spec file defines an operation that does not include a `429 Too Many Requests` response object, indicating no rate limiting. An attacker can submit a large number of request over a short period of time to exhaust API resources or facilitate brute force attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/sources/openapi.json",
+ "line": 370,
+ "event": "remediation",
+ "message": "Audit the use of rate limiting controls. This is configured by including a `429 Too Many Requests` or similar response object.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 368| \"required\": true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 369| },",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 370|-> \"responses\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 371| \"204\": {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 372| \"description\": \"Status update event was successfully queued.\"",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.shell_missing_pipefail",
+ "cwe": 755,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "18f5de80314c2e542c859629a8683623f69905fd",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/grafana/Dockerfile-grafana",
+ "line": 6,
+ "event": "Sigma main event",
+ "message": "The Dockerfile command directs output through the pipe operator `|` without enabling the shell option `pipefail`. As a result, the exit code will be determined by the success or failure of the last command, ignoring any upstream failures in the pipe chain. This can result in unexpected behavior due to undetected build failures.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/grafana/Dockerfile-grafana",
+ "line": 6,
+ "event": "remediation",
+ "message": "Explicitly set the `pipefail` option for the current shell context when using the pipe operator `|`.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 4| USER grafana",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 5| COPY --chown=grafana:root grafana.db.sql /var/lib/grafana/grafana.db.sql",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 6|-> RUN cat /var/lib/grafana/grafana.db.sql | sqlite3 /var/lib/grafana/grafana.db && rm /var/lib/grafana/grafana.db.sql",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "f0a612596a7e349129632cc9afdd97192e1557b9",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/Dockerfile",
+ "line": 1,
+ "event": "Sigma main event",
+ "message": "The Dockerfile `FROM` instruction does not pin the docker image to a stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which may affect application reliability or introduce security vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/Dockerfile",
+ "line": 1,
+ "event": "remediation",
+ "message": "Explicitly pin the image version to a stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1|-> FROM registry.access.redhat.com/ubi8/ubi-minimal:latest AS base",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3| USER root",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "4d4628274034bcfdc13b08c08ee75f7eaa87921f",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/Dockerfile",
+ "line": 66,
+ "event": "Sigma main event",
+ "message": "The Dockerfile `FROM` instruction does not pin the docker image to a stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which may affect application reliability or introduce security vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/Dockerfile",
+ "line": 66,
+ "event": "remediation",
+ "message": "Explicitly pin the image version to a stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 64| ARG TARGETARCH",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 65| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 66|-> FROM stage-${TARGETARCH} AS final",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 67| # PIPENV_DEV is set to true in the docker-compose allowing",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 68| # local builds to install the dev dependencies",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SIGMA.unspecified_software_version",
+ "cwe": 829,
+ "function": "null",
+ "language": "text",
+ "tool": "coverity",
+ "hash_v1": "497062b9a21759cd0ab8feebd1e4101a1c201dea",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/grafana/Dockerfile-grafana",
+ "line": 1,
+ "event": "Sigma main event",
+ "message": "The Dockerfile `FROM` instruction does not pin the docker image to a stable version. Pinning the version of the base image will make the container being built more predictable. Relying on the latest version may silently inherit newer packages, which may affect application reliability or introduce security vulnerabilities.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "project-koku-koku-cbe5e5c/grafana/Dockerfile-grafana",
+ "line": 1,
+ "event": "remediation",
+ "message": "Explicitly pin the image version to a stable version.",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1|-> FROM grafana/grafana:latest",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2| USER root",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3| RUN apk add sqlite",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "cwe": 571,
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "5e08187da7fd3d9e46deafcd808cf89fc4d5a5c7",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/build_deploy.sh",
+ "line": 23,
+ "column": 8,
+ "event": "warning[SC2155]",
+ "message": "Declare and assign separately to avoid masking return values.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 21| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 22| # Create tmp dir to store data in during job run (do NOT store in $WORKSPACE)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 23|-> export TMP_JOB_DIR=$(mktemp -d -p \"$HOME\" -t \"jenkins-${JOB_NAME}-${BUILD_NUMBER}-XXXXXX\")",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 24| echo \"job tmp dir location: $TMP_JOB_DIR\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 25| ",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "cwe": 571,
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "a7cba7bb88d0ee8f31df6d189a5457f071f28fac",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/ci/functions.sh",
+ "line": 92,
+ "column": 12,
+ "event": "warning[SC2155]",
+ "message": "Declare and assign separately to avoid masking return values.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 90| _install_bonfire_tools",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 91| source ${CICD_ROOT}/_common_deploy_logic.sh",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 92|-> export NAMESPACE=$(bonfire namespace reserve --duration ${RESERVATION_TIMEOUT})",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 93| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 94| oc get secret/koku-aws -o json -n ephemeral-base | jq -r '.data' > aws-creds.json",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "cwe": 457,
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "9d29d4dba0b8b3c917d1603bbe76807b6db9dc68",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/ci/functions.sh",
+ "line": 109,
+ "column": 58,
+ "event": "warning[SC2154]",
+ "message": "ghprbActualCommit is referenced but not assigned.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 107| ${APP_NAME} \\",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 108| --ref-env insights-production \\",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 109|-> --set-template-ref ${APP_NAME}/${COMPONENT_NAME}=${ghprbActualCommit} \\",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 110| --set-image-tag ${IMAGE}=${IMAGE_TAG} \\",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 111| --namespace ${NAMESPACE} \\",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "cwe": 88,
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "1614a06ea6342272da22b865144e02189480a1af",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dev/containers/postgresql/99_postgresql_conf.sh",
+ "line": 50,
+ "column": 18,
+ "event": "error[SC2068]",
+ "message": "Double quote array expansions to avoid re-splitting elements.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 48| # Parse $_PG_CREATE_DATABASES by ',' into a bash array variable -- \"dbname|owner,dbname|owner...\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 49| IFS=, read -a _databases <<<${_PG_CREATE_DATABASES}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 50|-> for _database in ${_databases[@]}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 51| do",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 52| # parse $_database by '|' into discrete variables -- \"dbname|owner\"",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "cwe": 569,
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "18b64ce2adc4f69a9aaf137de06372371cb2643d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dev/scripts/common/logging.sh",
+ "line": 17,
+ "column": 16,
+ "event": "warning[SC2124]",
+ "message": "Assigning an array to a string! Assign as array, or use * instead of @ to concatenate.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 15| log(){",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 16| local _tag_name=${1}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 17|-> local _msg=${@:2}",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 18| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 19| printf \"${TS}${TIMESTAMP} ${TAG}[${_tag_name}\\t] ${_msg}\\n\"",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "cwe": 138,
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "cee9118866075fc827fc5999a53a805cb9b7acec",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dev/scripts/common/logging.sh",
+ "line": 24,
+ "column": 25,
+ "event": "error[SC2145]",
+ "message": "Argument mixes string and array. Use * or separate argument.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 22| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 23| log-info() {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 24|-> log \"INFO\" \"${INFO} $@\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 25| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 26| ",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "cwe": 138,
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "e815d251c6a058a45a1b9a09741dd395898f03a2",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dev/scripts/common/logging.sh",
+ "line": 28,
+ "column": 28,
+ "event": "error[SC2145]",
+ "message": "Argument mixes string and array. Use * or separate argument.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 26| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 27| log-warn() {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 28|-> log \"WARNING\" \"${WARN} $@\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 29| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 30| ",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "cwe": 138,
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "e38c2f9fe8410b810f95ae96cf8d469b7d9045a7",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dev/scripts/common/logging.sh",
+ "line": 32,
+ "column": 25,
+ "event": "error[SC2145]",
+ "message": "Argument mixes string and array. Use * or separate argument.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 30| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 31| log-err() {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 32|-> log \"ERROR\" \"${ERR} $@\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 33| }",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 34| ",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "cwe": 571,
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "5bd92c2266f239d66f57571743552fe2944c59ba",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dev/scripts/common/logging.sh",
+ "line": 36,
+ "column": 11,
+ "event": "warning[SC2155]",
+ "message": "Declare and assign separately to avoid masking return values.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 34| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 35| log-debug() {",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 36|-> local _debug=$(tr '[:upper:]' '[:lower:]' <<<\"$DEBUG\")",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 37| if [[ ! -z \"${DEBUG}\" && ${_debug} == true ]];then",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 38| log \"DEBUG\" \"${TRACE} $@\"",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "cwe": 138,
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "3b745e7599743a7c631fcb7babe7153c3b67f8b7",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dev/scripts/common/logging.sh",
+ "line": 38,
+ "column": 31,
+ "event": "error[SC2145]",
+ "message": "Argument mixes string and array. Use * or separate argument.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 36| local _debug=$(tr '[:upper:]' '[:lower:]' <<<\"$DEBUG\")",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 37| if [[ ! -z \"${DEBUG}\" && ${_debug} == true ]];then",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 38|-> log \"DEBUG\" \"${TRACE} $@\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 39| fi",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 40| }",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "cwe": 563,
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "af62b8b2cbd13667db26281412c0f4ed9cca9dac",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dev/scripts/e2e-deploy.sh",
+ "line": 114,
+ "column": 10,
+ "event": "warning[SC2034]",
+ "message": "JUNK appears unused. Verify use (or export if used externally).",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 112| ************************",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 113| EOF",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 114|-> read JUNK",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 115| fi",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 116| ",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "77fc5241b98a3d47fe86d2486ce0d0001ff79c8b",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dev/scripts/genssc",
+ "line": 15,
+ "column": 4,
+ "event": "warning[SC3010]",
+ "message": "In POSIX sh, [[ ]] is undefined.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 13| fi",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 14| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 15|-> if [[ -z \"${KOKU_PATH}\" ]]",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 16| then",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 17| echo \"ERROR: Environment variable KOKU_PATH must be set\" >&2",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "7c89f4a3abe73494f190cb39cd92ca40a8c512f2",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dev/scripts/genssc",
+ "line": 27,
+ "column": 1,
+ "event": "warning[SC3010]",
+ "message": "In POSIX sh, [[ ]] is undefined.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 25| CSR_FILE=\"${KEY_DIR}\"/koku.csr",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 26| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 27|-> [[ ! -d \"${KEY_DIR}\" ]] && mkdir -p \"${KEY_DIR}\" || true",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 28| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 29| sudo rm -rf \"${CERT_FILE}\" \"${KEY_FILE}\" \"${CSR_FILE}\"",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "99de7e8b67b9def8a4566e76dc4858f008b15655",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/dev/scripts/genssc",
+ "line": 36,
+ "column": 4,
+ "event": "warning[SC3010]",
+ "message": "In POSIX sh, [[ ]] is undefined.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 34| RC=$?",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 35| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 36|-> if [[ ${RC} -ne 0 ]]",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 37| then",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 38| echo \"Self-Signed Certificate creation failed!\" >&2",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "2f50ff50fba28268904f4cd0dd1cba4c87642aae",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/run_server.sh",
+ "line": 4,
+ "column": 4,
+ "event": "warning[SC3010]",
+ "message": "In POSIX sh, [[ ]] is undefined.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 2| sleep 5",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 3| python koku/manage.py migrate_schemas",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 4|-> if [[ -z \"$RUN_GUNICORN\" ]]; then",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 5| DJANGO_READ_DOT_ENV_FILE=True python koku/manage.py runserver 0.0.0.0:8000",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 6| else",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "cwe": 88,
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "085b0ce1498fca92db21fca4ce175d5660b513b5",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/scripts/run_migrations.sh",
+ "line": 147,
+ "column": 16,
+ "event": "error[SC2068]",
+ "message": "Double quote array expansions to avoid re-splitting elements.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 145| fi",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 146| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 147|-> for _op in ${_MIG_OPS[@]}; do",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 148| if [[ ${_op} != \"${_NOOP}\" ]]; then",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 149| _app=${_op%%:*}",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "cwe": 88,
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "84d469899ebb84433f4ebebfef15a13a5f46b92d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/scripts/run_migrations.sh",
+ "line": 174,
+ "column": 11,
+ "event": "error[SC2068]",
+ "message": "Double quote array expansions to avoid re-splitting elements.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 172| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 173| # Check to see if any CLI args will override the env var",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 174|-> arg_check $@",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 175| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 176| # Check to see if bash is compatible",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "cwe": 563,
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "41264ab9820ae6a27c6487fea790eeba0ddc840e",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/smoke_test.sh",
+ "line": 7,
+ "column": 1,
+ "event": "warning[SC2034]",
+ "message": "COMPONENTS appears unused. Verify use (or export if used externally).",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 5| APP_NAME=\"hccm\" # name of app-sre \"application\" folder this component lives in",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 6| COMPONENT_NAME=\"koku\" # name of app-sre \"resourceTemplate\" in deploy.yaml for this component",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 7|-> COMPONENTS=\"hive-metastore koku trino\" # specific components to deploy (optional, default: all)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 8| COMPONENTS_W_RESOURCES=\"hive-metastore koku trino\" # components which should preserve resource settings (optional, default: none)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 9| IQE_PLUGINS=\"cost_management\"",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "cwe": 563,
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "758c6ec52c56debc82ba4314107d626e6ea9b093",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/smoke_test.sh",
+ "line": 8,
+ "column": 1,
+ "event": "warning[SC2034]",
+ "message": "COMPONENTS_W_RESOURCES appears unused. Verify use (or export if used externally).",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 6| COMPONENT_NAME=\"koku\" # name of app-sre \"resourceTemplate\" in deploy.yaml for this component",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 7| COMPONENTS=\"hive-metastore koku trino\" # specific components to deploy (optional, default: all)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 8|-> COMPONENTS_W_RESOURCES=\"hive-metastore koku trino\" # components which should preserve resource settings (optional, default: none)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 9| IQE_PLUGINS=\"cost_management\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 10| IQE_MARKER_EXPRESSION=\"cost_smoke\"",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "cwe": 563,
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "2d627380f50ce60a5a1c9041d7214c1bf3392fe1",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/smoke_test.sh",
+ "line": 9,
+ "column": 1,
+ "event": "warning[SC2034]",
+ "message": "IQE_PLUGINS appears unused. Verify use (or export if used externally).",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 7| COMPONENTS=\"hive-metastore koku trino\" # specific components to deploy (optional, default: all)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 8| COMPONENTS_W_RESOURCES=\"hive-metastore koku trino\" # components which should preserve resource settings (optional, default: none)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 9|-> IQE_PLUGINS=\"cost_management\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 10| IQE_MARKER_EXPRESSION=\"cost_smoke\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 11| IQE_FILTER_EXPRESSION=\"\"",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "cwe": 563,
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "1ae31636a8d008b196c0e2a67c12746a5ca9cd58",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/smoke_test.sh",
+ "line": 10,
+ "column": 1,
+ "event": "warning[SC2034]",
+ "message": "IQE_MARKER_EXPRESSION appears unused. Verify use (or export if used externally).",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 8| COMPONENTS_W_RESOURCES=\"hive-metastore koku trino\" # components which should preserve resource settings (optional, default: none)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 9| IQE_PLUGINS=\"cost_management\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 10|-> IQE_MARKER_EXPRESSION=\"cost_smoke\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 11| IQE_FILTER_EXPRESSION=\"\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 12| IQE_CJI_TIMEOUT=\"5h\"",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "cwe": 563,
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "8acf90a9b61a32e3a3df8e69170ca31697b1c4fc",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/smoke_test.sh",
+ "line": 11,
+ "column": 1,
+ "event": "warning[SC2034]",
+ "message": "IQE_FILTER_EXPRESSION appears unused. Verify use (or export if used externally).",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 9| IQE_PLUGINS=\"cost_management\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 10| IQE_MARKER_EXPRESSION=\"cost_smoke\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 11|-> IQE_FILTER_EXPRESSION=\"\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 12| IQE_CJI_TIMEOUT=\"5h\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 13| IQE_ENV_VARS=\"JOB_NAME=${JOB_NAME},BUILD_NUMBER=${BUILD_NUMBER}\"",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "cwe": 563,
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "4c4c4bfebaaccc0b5c266e213c3d0ec6c5199b1e",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/smoke_test.sh",
+ "line": 12,
+ "column": 1,
+ "event": "warning[SC2034]",
+ "message": "IQE_CJI_TIMEOUT appears unused. Verify use (or export if used externally).",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 10| IQE_MARKER_EXPRESSION=\"cost_smoke\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 11| IQE_FILTER_EXPRESSION=\"\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 12|-> IQE_CJI_TIMEOUT=\"5h\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 13| IQE_ENV_VARS=\"JOB_NAME=${JOB_NAME},BUILD_NUMBER=${BUILD_NUMBER}\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 14| ",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "cwe": 563,
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "4af60bb6ada6d2dd276933816ac682a520606d49",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/smoke_test.sh",
+ "line": 13,
+ "column": 1,
+ "event": "warning[SC2034]",
+ "message": "IQE_ENV_VARS appears unused. Verify use (or export if used externally).",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 11| IQE_FILTER_EXPRESSION=\"\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 12| IQE_CJI_TIMEOUT=\"5h\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 13|-> IQE_ENV_VARS=\"JOB_NAME=${JOB_NAME},BUILD_NUMBER=${BUILD_NUMBER}\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 14| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 15| # Get bonfire helper scripts",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "cwe": 571,
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "5959e3a3444f7f3ff88be677eb4c919ee0c9418d",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/smoke_test.sh",
+ "line": 25,
+ "column": 8,
+ "event": "warning[SC2155]",
+ "message": "Declare and assign separately to avoid masking return values.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 23| set -x",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 24| export BONFIRE_NS_REQUESTER=\"${JOB_NAME}-${BUILD_NUMBER}\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 25|-> export NAMESPACE=$(bonfire namespace reserve --duration 6h)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 26| SMOKE_NAMESPACE=$NAMESPACE",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 27| ",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "cwe": 563,
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "0f029c34cf4a16db914e450cf5d5f140a065ec14",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/smoke_test.sh",
+ "line": 26,
+ "column": 1,
+ "event": "warning[SC2034]",
+ "message": "SMOKE_NAMESPACE appears unused. Verify use (or export if used externally).",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 24| export BONFIRE_NS_REQUESTER=\"${JOB_NAME}-${BUILD_NUMBER}\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 25| export NAMESPACE=$(bonfire namespace reserve --duration 6h)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 26|-> SMOKE_NAMESPACE=$NAMESPACE",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 27| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 28| oc get secret/koku-aws -o json -n ephemeral-base | jq -r '.data' > aws-creds.json",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SHELLCHECK_WARNING",
+ "cwe": 563,
+ "language": "shell",
+ "tool": "shellcheck",
+ "hash_v1": "7d2a300807c72086f4633e7362afa9c4c0c6a92f",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/smoke_test.sh",
+ "line": 37,
+ "column": 1,
+ "event": "warning[SC2034]",
+ "message": "IQE_IBUTSU_SOURCE appears unused. Verify use (or export if used externally).",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 35| OCI_CONFIG_EPH=$(jq -r '.\"oci-config\"' < oci-creds.json)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 36| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 37|-> IQE_IBUTSU_SOURCE=\"cost-ephemeral-${IMAGE_TAG}\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 38| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 39| bonfire deploy \\",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 89,
+ "tool": "snyk-code",
+ "hash_v1": "f75560dcd652ef38ca98fac0abfe88acd53ee08b",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/processor/tasks.py",
+ "line": 1082,
+ "column": 21,
+ "h_size": 14,
+ "event": "warning[python/Sqli]",
+ "message": "Unsanitized input from an environment variable flows into execute, where it is used in an SQL query. This may result in an SQL Injection vulnerability.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1080| if scale_factor != zero:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1081| alter_count += 1",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1082|-> cursor.execute(sql, value)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1083| LOG.info(sql_log)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1084| LOG.info(cursor.statusmessage)",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 89,
+ "tool": "snyk-code",
+ "hash_v1": "e410f7418818374429acf69ad0f4eebfc812041a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/management/commands/migrate_trino_tables.py",
+ "line": 176,
+ "column": 17,
+ "h_size": 27,
+ "event": "warning[python/Sqli]",
+ "message": "Unsanitized input from a database flows into run_trino_sql, where it is used in an SQL query. This may result in an SQL Injection vulnerability.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 174| if partitions_to_drop:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 175| LOG.info(f\"*** dropping partition from tables for schema {schema} ***\")",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 176|-> drop_partitions_from_tables(partitions_to_drop, schema)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 177| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 178| ",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 89,
+ "tool": "snyk-code",
+ "hash_v1": "7ca1fb6a6c055a08477f0a8a92a0266d20d95a1e",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/management/commands/migrate_trino_tables.py",
+ "line": 259,
+ "column": 26,
+ "h_size": 13,
+ "event": "warning[python/Sqli]",
+ "message": "Unsanitized input from a database flows into run_trino_sql, where it is used in an SQL query. This may result in an SQL Injection vulnerability.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 257| for i in range(0, partition_count, limit):",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 258| sql = f\"SELECT DISTINCT {part.partition_column} FROM {part.table} OFFSET {i} LIMIT {limit}\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 259|-> result = run_trino_sql(sql, schema)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 260| partitions = [res[0] for res in result]",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 261| ",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 89,
+ "tool": "snyk-code",
+ "hash_v1": "7ca1fb6a6c055a08477f0a8a92a0266d20d95a1e",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/management/commands/migrate_trino_tables.py",
+ "line": 265,
+ "column": 30,
+ "h_size": 13,
+ "event": "warning[python/Sqli]",
+ "message": "Unsanitized input from a database flows into run_trino_sql, where it is used in an SQL query. This may result in an SQL Injection vulnerability.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 263| LOG.info(f\"*** Deleting {part.table} partition {part.partition_column} = {partition} ***\")",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 264| sql = f\"DELETE FROM {part.table} WHERE {part.partition_column} = '{partition}'\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 265|-> result = run_trino_sql(sql, schema)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 266| LOG.info(f\"DELETE PARTITION result: {result}\")",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 267| except Exception as e:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 89,
+ "tool": "snyk-code",
+ "hash_v1": "2d8b44d1e7c9d3cc0cf8f1962ac1f928cf7b719e",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/koku/pg_partition.py",
+ "line": 62,
+ "column": 9,
+ "h_size": 14,
+ "event": "warning[python/Sqli]",
+ "message": "Unsanitized input from a database flows into execute, where it is used in an SQL query. This may result in an SQL Injection vulnerability.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 60| LOG.debug(f\"SQL: {cursor.mogrify(sql, params).decode('utf-8')}\")",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 61| # print(cursor.mogrify(sql, params).decode('utf-8') + '\\n', file=SQLFILE, flush=True)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 62|-> cursor.execute(sql, params)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 63| return cursor",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 64| else:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 89,
+ "tool": "snyk-code",
+ "hash_v1": "3036b46c10f4a9cb862bd7e901ad6c38183431fe",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/koku/pg_partition.py",
+ "line": 1044,
+ "column": 17,
+ "h_size": 12,
+ "event": "warning[python/Sqli]",
+ "message": "Unsanitized input from a database flows into execute, where it is used in an SQL query. This may result in an SQL Injection vulnerability.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1042| else:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1043| LOG.info(f\"Applying constraint {cdef.constraint_name}\")",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1044|-> conn_execute(cdef.alter_add_constraint())",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1045| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1046| def __create_indexes(self):",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 89,
+ "tool": "snyk-code",
+ "hash_v1": "d7b7de0b2e9c75408d197875155866ab655b8510",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/koku/pg_partition.py",
+ "line": 1053,
+ "column": 17,
+ "h_size": 12,
+ "event": "warning[python/Sqli]",
+ "message": "Unsanitized input from a database flows into execute, where it is used in an SQL query. This may result in an SQL Injection vulnerability.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1051| else:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1052| LOG.info(f\"Applying index definition for {idef.index_name}\")",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1053|-> conn_execute(idef.create())",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1054| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1055| def __get_partition_start_values(self, params):",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 89,
+ "tool": "snyk-code",
+ "hash_v1": "a617a8a268674f3760babb96ca9e2f1de71bfc2a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/koku/pg_partition.py",
+ "line": 1181,
+ "column": 13,
+ "h_size": 12,
+ "event": "warning[python/Sqli]",
+ "message": "Unsanitized input from a database flows into execute, where it is used in an SQL query. This may result in an SQL Injection vulnerability.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1179| partition_name = f\"{self.partitioned_table_name}_{newpart.strftime('%Y_%m')}\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1180| LOG.info(f\"Creating partition {self.target_schema}.{partition_name}\")",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1181|-> conn_execute(sqltmpl.format(table_partition=partition_name), params)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1182| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1183| params = (",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 89,
+ "tool": "snyk-code",
+ "hash_v1": "5f7d81c6954f8b80f9a0b00f49c19921a9d36b8f",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/koku/pg_partition.py",
+ "line": 1289,
+ "column": 13,
+ "h_size": 12,
+ "event": "warning[python/Sqli]",
+ "message": "Unsanitized input from a database flows into execute, where it is used in an SQL query. This may result in an SQL Injection vulnerability.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1287| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1288| LOG.debug(f\"SQL = {sql} PARAMS = {params}\")",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1289|-> conn_execute(sql, params)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1290| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1291| self.partitioned_table_name = self.source_table_name",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 89,
+ "tool": "snyk-code",
+ "hash_v1": "ace0d83896d9c03e9b9007c74efac44dcc273c57",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/koku/pg_partition.py",
+ "line": 1354,
+ "column": 13,
+ "h_size": 12,
+ "event": "warning[python/Sqli]",
+ "message": "Unsanitized input from a database flows into execute, where it is used in an SQL query. This may result in an SQL Injection vulnerability.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1352| LOG.info(\"Executing batch rename commands\")",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1353| for sql in sql_actions:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1354|-> conn_execute(sql)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1355| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1356| LOG.info(\"Executing update command\")",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 89,
+ "tool": "snyk-code",
+ "hash_v1": "e176ba6597d617acc06cee9f3cc25b10b3f4a098",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/koku/pg_partition.py",
+ "line": 1365,
+ "column": 13,
+ "h_size": 12,
+ "event": "warning[python/Sqli]",
+ "message": "Unsanitized input from a database flows into execute, where it is used in an SQL query. This may result in an SQL Injection vulnerability.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1363| LOG.info(\"Creating any views\")",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1364| for vdef in self.view_iter(self.VIEW_CREATE_ORDER):",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1365|-> conn_execute(vdef.create())",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1366| if vdef.indexes:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1367| LOG.info(\"Creating view indexes\")",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 89,
+ "tool": "snyk-code",
+ "hash_v1": "64a06df892626f1722fe5342dde1a70f839b8b30",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/koku/pg_partition.py",
+ "line": 1369,
+ "column": 21,
+ "h_size": 12,
+ "event": "warning[python/Sqli]",
+ "message": "Unsanitized input from a database flows into execute, where it is used in an SQL query. This may result in an SQL Injection vulnerability.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1367| LOG.info(\"Creating view indexes\")",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1368| for view_ix in vdef.indexes:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1369|-> conn_execute(view_ix.create())",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1370| conn_execute(vdef.alter_owner())",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1371| ",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 89,
+ "tool": "snyk-code",
+ "hash_v1": "b723eaf9e7edd2718ecab1b637369d0dd0f60992",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/koku/pg_partition.py",
+ "line": 1370,
+ "column": 13,
+ "h_size": 12,
+ "event": "warning[python/Sqli]",
+ "message": "Unsanitized input from a database flows into execute, where it is used in an SQL query. This may result in an SQL Injection vulnerability.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1368| for view_ix in vdef.indexes:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1369| conn_execute(view_ix.create())",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1370|-> conn_execute(vdef.alter_owner())",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1371| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1372| def __refresh_views(self):",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 89,
+ "tool": "snyk-code",
+ "hash_v1": "9b650c9120307f656f0758d67b10fd0f3dc7dccc",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/koku/pg_partition.py",
+ "line": 1628,
+ "column": 21,
+ "h_size": 12,
+ "event": "warning[python/Sqli]",
+ "message": "Unsanitized input from a database flows into execute, where it is used in an SQL query. This may result in an SQL Injection vulnerability.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1626| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1627| # Move data into new partition",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1628|-> conn_execute(mv_recs_sql.format(full_partition_name), (p_from, p_to), _conn=self.conn)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1629| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1630| # Re-attach partition with actual bounds",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 89,
+ "tool": "snyk-code",
+ "hash_v1": "b6eaf566f6d362e10546c38fcf2f89ee3b33b03f",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/koku/pg_partition.py",
+ "line": 1747,
+ "column": 9,
+ "h_size": 11,
+ "event": "warning[python/Sqli]",
+ "message": "Unsanitized input from a database flows into execute, where it is used in an SQL query. This may result in an SQL Injection vulnerability.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1745| \"\"\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1746| with transaction.get_connection().cursor() as cur:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1747|-> cur.execute(chk_sql)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1748| res = cur.fetchone()",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1749| ",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 89,
+ "tool": "snyk-code",
+ "hash_v1": "272b53e44497a39248879ce1597af16963a44d44",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/koku/pg_partition.py",
+ "line": 1798,
+ "column": 9,
+ "h_size": 11,
+ "event": "warning[python/Sqli]",
+ "message": "Unsanitized input from a database flows into execute, where it is used in an SQL query. This may result in an SQL Injection vulnerability.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1796| with transaction.get_connection().cursor() as cur:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1797| LOG.info(f\"Copy data from {source_partition.table_name} to {target_partition.table_name} where {conditions}\")",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1798|-> cur.execute(mv_sql)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1799| cp_recs = cur.rowcount",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1800| LOG.info(f\"Copied {cp_recs} records\")",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 89,
+ "tool": "snyk-code",
+ "hash_v1": "72cc8e73ba2a1aa7bf15aa5a00384cb6a13de490",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/koku/pg_partition.py",
+ "line": 1802,
+ "column": 9,
+ "h_size": 11,
+ "event": "warning[python/Sqli]",
+ "message": "Unsanitized input from a database flows into execute, where it is used in an SQL query. This may result in an SQL Injection vulnerability.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1800| LOG.info(f\"Copied {cp_recs} records\")",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1801| LOG.info(f\"Delete data from {source_partition.table_name} where {conditions}\")",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1802|-> cur.execute(dl_sql)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1803| dl_recs = cur.rowcount",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1804| LOG.info(f\"Deleted {dl_recs} records\")",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 89,
+ "tool": "snyk-code",
+ "hash_v1": "4e2bd1169fa0ec93dbb574244e11efd6da6a3ab9",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/koku/pg_partition.py",
+ "line": 1923,
+ "column": 40,
+ "h_size": 23,
+ "event": "warning[python/Sqli]",
+ "message": "Unsanitized input from a database flows into execute, where it is used in an SQL query. This may result in an SQL Injection vulnerability.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1921| newpart_vals[\"partition_parameters\"][\"to\"] = str(needed_partition + month_interval)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1922| # Successfully creating a new record will also create the partition",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1923|-> newpart, created = get_or_create_partition(newpart_vals, _default_partition=default_part)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1924| LOG.debug(f\"partition = {newpart}\")",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 1925| LOG.debug(f\"created = {created}\")",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 89,
+ "tool": "snyk-code",
+ "hash_v1": "54902828ee7b6550f1d22e66a6f4c8921937bc4a",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/management/commands/migrate_trino_tables.py",
+ "line": 199,
+ "column": 17,
+ "h_size": 11,
+ "event": "warning[python/Sqli]",
+ "message": "Unsanitized input from a database flows into execute, where it is used in an SQL query. This may result in an SQL Injection vulnerability.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 197| with trino_db.connect(schema=schema) as conn:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 198| cur = conn.cursor()",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 199|-> cur.execute(sql)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 200| return cur.fetchall()",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 201| except TrinoExternalError as err:",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 89,
+ "tool": "snyk-code",
+ "hash_v1": "2cc29f7b05d31f59e9a6b1d75045e41fa719b1d5",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/management/commands/migrate_serial_to_identity_columns.py",
+ "line": 162,
+ "column": 13,
+ "h_size": 14,
+ "event": "warning[python/Sqli]",
+ "message": "Unsanitized input from a database flows into execute, where it is used in an SQL query. This may result in an SQL Injection vulnerability.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 160| cursor.execute(query)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 161| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 162|-> cursor.execute(f\"DROP SEQUENCE {sequence_name}\")",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 163| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 164| # Change column to identity",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 89,
+ "tool": "snyk-code",
+ "hash_v1": "f0b13bf8384a1ebee78c889f58f54b672a73d030",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/api/migrations/0047_update_django_migration_sequences.py",
+ "line": 49,
+ "column": 13,
+ "h_size": 11,
+ "event": "warning[python/Sqli]",
+ "message": "Unsanitized input from a database flows into execute, where it is used in an SQL query. This may result in an SQL Injection vulnerability.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 47| for rec in res:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 48| LOG.info(f\"Getting max pk value from the {rec['namesp']} {rec['tabname']} table...\")",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 49|-> cur.execute(max_pk_val.format(rec[\"namesp\"], rec[\"tabname\"]))",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 50| new_sequence_val = (cur.fetchone() or [1])[0]",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 51| ",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 79,
+ "tool": "snyk-code",
+ "hash_v1": "4b5f78e75070fa1ddd7025c935d16dc59abd6163",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/api/db_performance/dbp_views.py",
+ "line": 138,
+ "column": 12,
+ "h_size": 13,
+ "event": "warning[python/Jinja2AutoEscapeFalse]",
+ "message": "jinja2.Template is called with no autoescape argument (autoescaping is disabled by default). This increases the risk of Cross-Site Scripting (XSS) attacks.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 136| ):",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 137| menu = get_menu(url_name)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 138|-> tmpl = JinjaTemplate(open(os.path.join(TEMPLATE_PATH, template)).read())",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 139| return tmpl.render(",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 140| db_performance_menu=menu,",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 918,
+ "tool": "snyk-code",
+ "hash_v1": "25f829d4092f7def95bff2528001455a914f8b07",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/api/ingest_ocp_payload.py",
+ "line": 78,
+ "column": 12,
+ "h_size": 12,
+ "event": "warning[python/Ssrf]",
+ "message": "Unsanitized input from an uploaded file flows into requests.put, where it is used as an URL to perform a request. This may result in a Server Side Request Forgery vulnerability.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 76| def upload_file_to_s3(signature, data): # pragma: no cover",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 77| \"\"\"Upload file to s3.\"\"\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 78|-> return requests.put(signature, data=data)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 79| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 80| ",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 918,
+ "tool": "snyk-code",
+ "hash_v1": "22dfec64c0c97335e3d4faca57fd38c342e430f8",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/api/ingest_ocp_payload.py",
+ "line": 104,
+ "column": 19,
+ "h_size": 17,
+ "event": "warning[python/Ssrf]",
+ "message": "Unsanitized input from an uploaded file flows into requests.put, where it is used as an URL to perform a request. This may result in a Server Side Request Forgery vulnerability.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 102| response_data[\"payload-name\"].append(payload_name)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 103| s3_signature = get_s3_signature(settings.S3_ENDPOINT, payload_name, method=\"put_object\")",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 104|-> res = upload_file_to_s3(s3_signature, data=file.file)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 105| if res.status_code == HTTPStatus.OK:",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 106| response_data[\"upload\"] = \"success\"",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 918,
+ "tool": "snyk-code",
+ "hash_v1": "f05a7c7eddf177d772008f1f1c3a79e8b7d8e083",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/api/trino.py",
+ "line": 82,
+ "column": 24,
+ "h_size": 12,
+ "event": "warning[python/Ssrf]",
+ "message": "Unsanitized input from an HTTP parameter flows into requests.get, where it is used as an URL to perform a request. This may result in a Server Side Request Forgery vulnerability.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 80| api_str = f\"http://{settings.TRINO_HOST}:{settings.TRINO_PORT}/ui/api/{api_service}\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 81| LOG.info(f\"Running Trino UI API service for endpoint: {api_str}\")",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 82|-> response = requests.get(api_str)",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 83| return Response({\"api_service_name\": api_service, \"trino_response\": response.json()})",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 84| errmsg = \"Must provide a valid parameter and trino-ui api service.\"",
+ "verbosity_level": 1
+ }
+ ]
+ },
+ {
+ "checker": "SNYK_CODE_WARNING",
+ "cwe": 916,
+ "tool": "snyk-code",
+ "hash_v1": "758514670441ad8dc3e4fcae03f05e2fef9d50b4",
+ "key_event_idx": 0,
+ "events": [
+ {
+ "file_name": "project-koku-koku-cbe5e5c/koku/masu/util/ibm/common.py",
+ "line": 11,
+ "column": 12,
+ "h_size": 42,
+ "event": "note[python/InsecureHash]",
+ "message": "hashlib.md5 is insecure. Consider changing it to a secure hashing algorithm.",
+ "verbosity_level": 0
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 9| def generate_etag(param):",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 10| \"\"\"Generate etag for IBM Cloud report.\"\"\"",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 11|-> return hashlib.md5(str(param).encode()).hexdigest()",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 12| ",
+ "verbosity_level": 1
+ },
+ {
+ "file_name": "",
+ "line": 0,
+ "event": "#",
+ "message": " 13| ",
+ "verbosity_level": 1
+ }
+ ]
+ }
+ ]
+}
diff --git a/tests/csfilter-kfp/0002-args.txt b/tests/csfilter-kfp/0002-args.txt
new file mode 100644
index 00000000..df0dc91b
--- /dev/null
+++ b/tests/csfilter-kfp/0002-args.txt
@@ -0,0 +1 @@
+--kfp-git-url https://github.com/csutils/kfp.git --project-nvr passt-network-binding-plugin-sidecar-rhel9-container-v4.99.0-216 --verbose --dry-run
diff --git a/tests/csfilter-kfp/0002-stdout.txt b/tests/csfilter-kfp/0002-stdout.txt
new file mode 100644
index 00000000..ed41c273
--- /dev/null
+++ b/tests/csfilter-kfp/0002-stdout.txt
@@ -0,0 +1,24 @@
+set -e
+set -o pipefail
+shopt -s nullglob
+export td=$(mktemp -d /tmp/tmp-csfilter-kfp.XXXXXXXXXX)
+trap "rm -fr '${td}'" EXIT
+set -x
+git clone --depth 1 https://github.com/csutils/kfp.git ${td}/kfp
+touch "${td}/empty.err"
+(cd "${td}/kfp" && csgrep --mode=json --remove-duplicates ${td}/empty.err */ignore.err */true-positives-ignore.err >"${td}/kfp.json")
+csgrep --mode=json >"${td}/input.json"
+path_filter() {
+ ep="${td}/kfp/passt-network-binding-plugin-sidecar-rhel9-container/exclude-paths.txt"
+ re=
+ while read line; do
+ re="${re}|(${line})"
+ done < <(grep -Esv "^(#|\\$)" "$ep")
+ if test -n "$re"; then
+ csgrep --mode=json --invert-match --path="${re#|}"
+ else
+ cat
+ fi
+}
+csdiff --show-internal "${td}/kfp.json" "${td}/input.json" | path_filter >${td}/output.json
+csgrep --mode=json "${td}/output.json" --set-scan-prop="known-false-positives-git-url:https://github.com/csutils/kfp.git"
diff --git a/tests/csfilter-kfp/0003-args.txt b/tests/csfilter-kfp/0003-args.txt
new file mode 100644
index 00000000..63065c0d
--- /dev/null
+++ b/tests/csfilter-kfp/0003-args.txt
@@ -0,0 +1 @@
+--kfp-git-url https://github.com/csutils/kfp.git#96408af024db801c3cb6ebda2bff47fe6c45ad09 --record-excluded excluded.json --json-output --dry-run scan-results.json
diff --git a/tests/csfilter-kfp/0003-stdout.txt b/tests/csfilter-kfp/0003-stdout.txt
new file mode 100644
index 00000000..9f644c58
--- /dev/null
+++ b/tests/csfilter-kfp/0003-stdout.txt
@@ -0,0 +1,16 @@
+set -e
+set -o pipefail
+shopt -s nullglob
+export td=$(mktemp -d /tmp/tmp-csfilter-kfp.XXXXXXXXXX)
+trap "rm -fr '${td}'" EXIT
+git clone https://github.com/csutils/kfp.git ${td}/kfp
+(cd ${td}/kfp && git reset -q --hard 96408af024db801c3cb6ebda2bff47fe6c45ad09)
+touch "${td}/empty.err"
+(cd "${td}/kfp" && csgrep --mode=json --remove-duplicates ${td}/empty.err */ignore.err */true-positives-ignore.err >"${td}/kfp.json")
+csgrep --mode=json scan-results.json >"${td}/input.json"
+path_filter() {
+ cat
+}
+csdiff --show-internal "${td}/kfp.json" "${td}/input.json" | path_filter >${td}/output.json
+csdiff "${td}/output.json" "${td}/input.json" >"excluded.json"
+csgrep --mode=json "${td}/output.json" --set-scan-prop="known-false-positives-git-url:https://github.com/csutils/kfp.git#96408af024db801c3cb6ebda2bff47fe6c45ad09"
diff --git a/tests/csfilter-kfp/CMakeLists.txt b/tests/csfilter-kfp/CMakeLists.txt
new file mode 100644
index 00000000..8c5dd2fa
--- /dev/null
+++ b/tests/csfilter-kfp/CMakeLists.txt
@@ -0,0 +1,37 @@
+# Copyright (C) 2024 Red Hat, Inc.
+#
+# This file is part of csdiff.
+#
+# csdiff is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# any later version.
+#
+# csdiff is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with csdiff. If not, see .
+
+# a generic template for csfilter-kpf tests
+macro(test_csfilter_kfp tst)
+ set(test_data_prefix "${CMAKE_CURRENT_SOURCE_DIR}/${tst}")
+ set(cmd "set -o pipefail && ${CMAKE_SOURCE_DIR}/src/csfilter-kfp")
+ file(READ ${test_data_prefix}-args.txt args)
+ string(REPLACE "\n" "" args "${args}")
+ set(cmd "${cmd} ${args}")
+ if(EXISTS "${test_data_prefix}-stdin.txt")
+ set(cmd "${cmd} <${test_data_prefix}-stdin.txt")
+ endif()
+ set(cmd "${cmd} | ${diffcmd} ${test_data_prefix}-stdout.txt -")
+ add_test_wrap("csfilter-kfp-${tst}" "${cmd}")
+endmacro()
+
+# use a glob search to add all tests
+file(GLOB test_args RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} *-args.txt)
+foreach(args ${test_args})
+ string(REGEX REPLACE "-args.txt$" "" test "${args}")
+ test_csfilter_kfp(${test})
+endforeach()
diff --git a/tests/csfilter-kfp/sync.sh b/tests/csfilter-kfp/sync.sh
new file mode 100755
index 00000000..bbe8aac8
--- /dev/null
+++ b/tests/csfilter-kfp/sync.sh
@@ -0,0 +1,24 @@
+#!/bin/zsh
+set -exo pipefail
+
+# set path to project root
+PROJECT_ROOT="../.."
+
+# prefer the locally built csdiff binaries over the system-provided ones
+export PATH="$PROJECT_ROOT/csdiff_build/src:$PATH"
+
+# import ${JSFILTER_CMD}
+. ../test-lib.sh
+
+if [[ $# -eq 0 ]]; then
+ tests=( *-args.txt )
+else
+ tests=( "$@" )
+fi
+
+for tst in "${tests[@]}"; do
+ tst=${tst%-args.txt}
+ cmd="$PROJECT_ROOT/src/csfilter-kfp $(<${tst}-args.txt)"
+ test -e "${tst}-stdin.txt" && cmd="${cmd} ${tst}-stdin.txt"
+ eval "$cmd" | eval "${JSFILTER_CMD}" > ${tst}-stdout.txt
+done