Skip to content

style: normalize jsonl files (LF + trim) #12653

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 1 commit into
base: dev
Choose a base branch
from
Draft

style: normalize jsonl files (LF + trim) #12653

wants to merge 1 commit into from

Conversation

astounds
Copy link

I've split the formatting changes into separate commits (or PRs) by file type for safer review:

  • βœ… Each change is still whitespace-only (git diff -w shows empty)
  • πŸ“¦ Grouped by MIME type all .jsonl together
  • πŸ” Easier to revert/review per category

This commit only touches 4 jsonl file

@dryrunsecurity DryRunSecurity
Copy link

DryRun Security

This pull request contains two security findings: a hardcoded API key in a configuration file and an exposed blockchain contract address in documentation, both of which could potentially provide attackers with sensitive system information if the source code or documents are compromised.

Hardcoded API Key in unittests/scans/noseyparker/noseyparker_one_vul.jsonl
Vulnerability Hardcoded API Key
Description An API key was discovered in app/schema/config.py, which poses a significant security risk. Hardcoded credentials can be easily exposed if the source code is compromised or leaked. The key '32ui1ffdasfhu239b4df2ac6609a9919' could potentially provide unauthorized access to services or systems.

django-DefectDojo/unittests/scans/noseyparker/noseyparker_one_vul.jsonl

Line 1 in 1102048

{"type":"finding","rule_name":"Generic API Key","match_content":"32ui1ffdasfhu239b4df2ac6609a9919","num_matches":1,"matches":[{"provenance":[{"kind":"file","path":"./app/schema/config.py"},{"kind":"git_repo","repo_path":"./.git","commit_provenance":{"commit_kind":"first_seen","commit_metadata":{"commit_id":"0ee84b84c29924b210e3576fe9d1e8632948bedc","committer_name":"Princess Leia","committer_email":"leia@test.com","committer_timestamp":"1685495256 +0000","author_name":"Princess Leia","author_email":"leia@test.com","author_timestamp":"1685495256 +0000","message":"framework\n"},"blob_path":"app/schema/config.py"}}],"blob_metadata":{"id":"0ee84b84c29924b210e3576fe9d1e8632948bedc","num_bytes":664,"mime_essence":"text/plain","charset":null},"blob_id":"0ee84b84c29924b210e3576fe9d1e8632948bedc","location":{"offset_span":{"start":617,"end":660},"source_span":{"start":{"line":16,"column":17},"end":{"line":16,"column":59}}},"capture_group_index":1,"match_content":"32ui1ffdasfhu239b4df2ac6609a9919","snippet":{"before":"E = \"https://testwebsite.com\"\n ","matching":"API_KEY = \"32ui1ffdasfhu239b4df2ac6609a9919","after":"\"\n\n\n"},"rule_name":"Generic API Key"}]}

Hardcoded Contract Secret in unittests/scans/noseyparker/noseyparker_0_22_0_without_githistory.jsonl
Vulnerability Hardcoded Contract Secret
Description A blockchain contract address '0x8b72f7cbAD50620c46219ad676Ad9d3a5A273587' was exposed in a documentation file. Even in explanatory documents, revealing specific contract details can provide attackers with additional information about the system's infrastructure.

django-DefectDojo/unittests/scans/noseyparker/noseyparker_0_22_0_without_githistory.jsonl

Lines 3 to 6 in 1102048

{"finding_id":"d8bca20ca68b780e7d767742e9ac645c94fd9eef","rule_name":"Generic Password","rule_text_id":"np.generic.5","rule_structural_id":"4742a7e5266ce68dd5633ca6c2c634a4fa706673","groups":["WWpOQ2JHSnBRbnBhV0U1b1lsZFZQUW89"],"num_matches":1,"num_redundant_matches":0,"statuses":[],"comment":null,"mean_score":null,"matches":[{"provenance":[{"kind":"file","path":"./src/main/java/org/owasp/wrongsecrets/challenges/docker/authchallenge/Challenge37.java"}],"blob_metadata":{"id":"a8870a79c7187eee396159eb1d1b29c1a9f0cb7a","num_bytes":1439,"mime_essence":"application/octet-stream","charset":null},"blob_id":"a8870a79c7187eee396159eb1d1b29c1a9f0cb7a","location":{"offset_span":{"start":781,"end":818},"source_span":{"start":{"line":23,"column":31},"end":{"line":23,"column":67}}},"groups":["WWpOQ2JHSnBRbnBhV0U1b1lsZFZQUW89"],"snippet":{"before":"s is a challenge based on the idea of leaking a secret for an authenticated endpoint through a\n * ZAP configuration file.\n */\n@Slf4j\n@Component\npublic class Challenge37 extends FixedAnswerChallenge {\n\n private String secret;\n private static final String ","matching":"password = \"YjNCbGJpQnpaWE5oYldVPQo=\"","after":";\n\n public Challenge37(@Value(\"${DEFAULT37}\") String secret) {\n if (\"DEFAULT37\".equals(secret) || Strings.isNullOrEmpty(secret)) {\n this.secret = UUID.randomUUID().toString();\n } else {\n this.secret = secret;\n }\n }\n\n @Bean\n public Ba"},"structural_id":"f881cdead81e499145ee74abaeb4d2ddfa217a04","rule_structural_id":"4742a7e5266ce68dd5633ca6c2c634a4fa706673","rule_text_id":"np.generic.5","rule_name":"Generic Password","score":null,"comment":null,"status":null,"redundant_to":[]}]}
{"finding_id":"bc3208fe4063d948df9a64801e685f850ab88bf2","rule_name":"Generic Password","rule_text_id":"np.generic.5","rule_structural_id":"4742a7e5266ce68dd5633ca6c2c634a4fa706673","groups":["YW4zVXpSZz0="],"num_matches":1,"num_redundant_matches":0,"statuses":[],"comment":null,"mean_score":null,"matches":[{"provenance":[{"kind":"file","path":"./js/index.js"}],"blob_metadata":{"id":"d5a482b649e932ce49749c347ffed9a282e4855f","num_bytes":114,"mime_essence":"text/javascript","charset":null},"blob_id":"d5a482b649e932ce49749c347ffed9a282e4855f","location":{"offset_span":{"start":27,"end":48},"source_span":{"start":{"line":3,"column":6},"end":{"line":3,"column":26}}},"groups":["YW4zVXpSZz0="],"snippet":{"before":"\n function secret() {\n var ","matching":"password = \"an3UzRg=\"","after":" + 9 + \"vrR9\" + 6 + \"KSs=\" + 2 + \"ARBN\" + 7;\n return password;\n }\n"},"structural_id":"03f2c296a1469f1f6ea19ba04870ff258ed3f953","rule_structural_id":"4742a7e5266ce68dd5633ca6c2c634a4fa706673","rule_text_id":"np.generic.5","rule_name":"Generic Password","score":null,"comment":null,"status":null,"redundant_to":[]}]}
{"finding_id":"e7d9519d23104e0652bf3b718fd34b413e0ebb86","rule_name":"Generic Password","rule_text_id":"np.generic.5","rule_structural_id":"4742a7e5266ce68dd5633ca6c2c634a4fa706673","groups":["ZGVmYXVsdA=="],"num_matches":1,"num_redundant_matches":0,"statuses":[],"comment":null,"mean_score":null,"matches":[{"provenance":[{"kind":"file","path":"./Dockerfile"}],"blob_metadata":{"id":"af07fe7fdac96700fa5059405cf1f5a184194452","num_bytes":1223,"mime_essence":null,"charset":null},"blob_id":"af07fe7fdac96700fa5059405cf1f5a184194452","location":{"offset_span":{"start":55,"end":73},"source_span":{"start":{"line":3,"column":13},"end":{"line":3,"column":30}}},"groups":["ZGVmYXVsdA=="],"snippet":{"before":"FROM eclipse-temurin:23.0.1_11-jre-alpine\n\nARG argBased","matching":"Password=\"default\"","after":"\nARG argBasedVersion=\"1.10.0\"\nARG spring_profile=\"\"\nENV SPRING_PROFILES_ACTIVE=$spring_profile\nENV ARG_BASED_PASSWORD=$argBasedPassword\nENV APP_VERSION=$argBasedVersion\nENV DOCKER_ENV_PASSWORD=\"This is it\"\nENV AZURE_KEY_VAULT_ENABLED=false\nENV SPRINGDOC_UI"},"structural_id":"eb9fcb748e976f8dc139d4e2bf0dfe13f37f768e","rule_structural_id":"4742a7e5266ce68dd5633ca6c2c634a4fa706673","rule_text_id":"np.generic.5","rule_name":"Generic Password","score":null,"comment":null,"status":null,"redundant_to":[]}]}
{"finding_id":"1d56ba5ba541032ca531a3b07fbefd3d3a58df32","rule_name":"Generic Secret","rule_text_id":"np.generic.1","rule_structural_id":"3a961eccebcf7356ad803ec8e1a711d01801b9d7","groups":["MHg4YjcyZjdjYkFENTA2MjBjNDYyMTlhZDY3NkFkOWQzYTVBMjczNTg3"],"num_matches":1,"num_redundant_matches":0,"statuses":[],"comment":null,"mean_score":null,"matches":[{"provenance":[{"kind":"file","path":"./src/main/resources/explanations/challenge25.adoc"}],"blob_metadata":{"id":"12c6ab9a78813e5cf5aa45b505ad858217861a92","num_bytes":270,"mime_essence":null,"charset":null},"blob_id":"12c6ab9a78813e5cf5aa45b505ad858217861a92","location":{"offset_span":{"start":173,"end":241},"source_span":{"start":{"line":5,"column":56},"end":{"line":5,"column":123}}},"groups":["MHg4YjcyZjdjYkFENTA2MjBjNDYyMTlhZDY3NkFkOWQzYTVBMjczNTg3"],"snippet":{"before":"=== Secrets in smart contracts part 1\n\nOn public blockchains, everything that is written on-chain is world-readable.\n\nIn this challenge, you need to read the variable named ","matching":"secret from the contract `0x8b72f7cbAD50620c46219ad676Ad9d3a5A273587","after":"` on the Goerli EVM Testnet.\n"},"structural_id":"c290822f8c5e37199afe269b4367bb37d5aeed04","rule_structural_id":"3a961eccebcf7356ad803ec8e1a711d01801b9d7","rule_text_id":"np.generic.1","rule_name":"Generic Secret","score":null,"comment":null,"status":null,"redundant_to":[]}]}

All finding details can be found in the DryRun Security Dashboard.

@mtesauro mtesauro marked this pull request as draft June 22, 2025 17:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Maffooch Maffooch Awaiting requested review from Maffooch Maffooch is a code owner

@mtesauro mtesauro Awaiting requested review from mtesauro mtesauro is a code owner

At least 4 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
unittests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@astounds