From d298bd9b1aa7d617cada5b48c3ce6826505be3b5 Mon Sep 17 00:00:00 2001 From: omarudolley <58733599+omarudolley@users.noreply.github.com> Date: Fri, 26 May 2023 01:40:31 +0300 Subject: [PATCH 1/2] ignore nodejs vulnerabilities --- nodejs-base/ubuntu20.04-node14/.trivyignore | 7 +++++++ nodejs-base/ubuntu20.04-node16/.trivyignore | 7 +++++++ nodejs-base/ubuntu22.04-node16/.trivyignore | 6 ++++++ nodejs-base/ubuntu22.04-node18/.trivyignore | 6 ++++++ python-base/ubuntu20.04-python3.9-nginx-node/.trivyignore | 8 ++++++++ .../ubuntu22.04-python3.10-nginx-node/.trivyignore | 8 ++++++++ .../ubuntu22.04-python3.10-nginx-node18/.trivyignore | 8 ++++++++ 7 files changed, 50 insertions(+) create mode 100644 nodejs-base/ubuntu20.04-node14/.trivyignore create mode 100644 nodejs-base/ubuntu20.04-node16/.trivyignore diff --git a/nodejs-base/ubuntu20.04-node14/.trivyignore b/nodejs-base/ubuntu20.04-node14/.trivyignore new file mode 100644 index 0000000..5a9f879 --- /dev/null +++ b/nodejs-base/ubuntu20.04-node14/.trivyignore @@ -0,0 +1,7 @@ +#Nodejs vulnerabilities + +# X.400 address type confusion in X.509 GeneralName +CVE-2023-0286 + +# Regular Expression Denial of Service (ReDoS) vulnerability +CVE-2022-25881 \ No newline at end of file diff --git a/nodejs-base/ubuntu20.04-node16/.trivyignore b/nodejs-base/ubuntu20.04-node16/.trivyignore new file mode 100644 index 0000000..5a9f879 --- /dev/null +++ b/nodejs-base/ubuntu20.04-node16/.trivyignore @@ -0,0 +1,7 @@ +#Nodejs vulnerabilities + +# X.400 address type confusion in X.509 GeneralName +CVE-2023-0286 + +# Regular Expression Denial of Service (ReDoS) vulnerability +CVE-2022-25881 \ No newline at end of file diff --git a/nodejs-base/ubuntu22.04-node16/.trivyignore b/nodejs-base/ubuntu22.04-node16/.trivyignore index 7473b15..e7999c6 100644 --- a/nodejs-base/ubuntu22.04-node16/.trivyignore +++ b/nodejs-base/ubuntu22.04-node16/.trivyignore @@ -3,3 +3,9 @@ CVE-2021-3449 # Not parsing elliptic curve keys CVE-2022-0778 + +# X.400 address type confusion in X.509 GeneralName +CVE-2023-0286 + +# Regular Expression Denial of Service (ReDoS) vulnerability +CVE-2022-25881 \ No newline at end of file diff --git a/nodejs-base/ubuntu22.04-node18/.trivyignore b/nodejs-base/ubuntu22.04-node18/.trivyignore index 7473b15..e7999c6 100644 --- a/nodejs-base/ubuntu22.04-node18/.trivyignore +++ b/nodejs-base/ubuntu22.04-node18/.trivyignore @@ -3,3 +3,9 @@ CVE-2021-3449 # Not parsing elliptic curve keys CVE-2022-0778 + +# X.400 address type confusion in X.509 GeneralName +CVE-2023-0286 + +# Regular Expression Denial of Service (ReDoS) vulnerability +CVE-2022-25881 \ No newline at end of file diff --git a/python-base/ubuntu20.04-python3.9-nginx-node/.trivyignore b/python-base/ubuntu20.04-python3.9-nginx-node/.trivyignore index faffe90..f7de09d 100644 --- a/python-base/ubuntu20.04-python3.9-nginx-node/.trivyignore +++ b/python-base/ubuntu20.04-python3.9-nginx-node/.trivyignore @@ -1,2 +1,10 @@ # Not affected CVE-2022-42919 + +#Nodejs vulnerabilities + +# X.400 address type confusion in X.509 GeneralName +CVE-2023-0286 + +# Regular Expression Denial of Service (ReDoS) vulnerability +CVE-2022-25881 \ No newline at end of file diff --git a/python-base/ubuntu22.04-python3.10-nginx-node/.trivyignore b/python-base/ubuntu22.04-python3.10-nginx-node/.trivyignore index ba4e512..f1402a2 100644 --- a/python-base/ubuntu22.04-python3.10-nginx-node/.trivyignore +++ b/python-base/ubuntu22.04-python3.10-nginx-node/.trivyignore @@ -2,3 +2,11 @@ CVE-2022-42919 CVE-2021-3449 CVE-2022-0778 + +#Nodejs vulnerabilities + +# X.400 address type confusion in X.509 GeneralName +CVE-2023-0286 + +# Regular Expression Denial of Service (ReDoS) vulnerability +CVE-2022-25881 \ No newline at end of file diff --git a/python-base/ubuntu22.04-python3.10-nginx-node18/.trivyignore b/python-base/ubuntu22.04-python3.10-nginx-node18/.trivyignore index ba4e512..f1402a2 100644 --- a/python-base/ubuntu22.04-python3.10-nginx-node18/.trivyignore +++ b/python-base/ubuntu22.04-python3.10-nginx-node18/.trivyignore @@ -2,3 +2,11 @@ CVE-2022-42919 CVE-2021-3449 CVE-2022-0778 + +#Nodejs vulnerabilities + +# X.400 address type confusion in X.509 GeneralName +CVE-2023-0286 + +# Regular Expression Denial of Service (ReDoS) vulnerability +CVE-2022-25881 \ No newline at end of file From 0d31efe9bef603ea1a231dd713babf0a005f353a Mon Sep 17 00:00:00 2001 From: omarudolley <58733599+omarudolley@users.noreply.github.com> Date: Fri, 26 May 2023 11:09:59 +0300 Subject: [PATCH 2/2] update isort hook --- .github/workflows/keepalive.yaml | 4 ++-- .pre-commit-config.yaml | 2 +- nodejs-base/ubuntu20.04-node14/.trivyignore | 2 +- nodejs-base/ubuntu20.04-node16/.trivyignore | 2 +- nodejs-base/ubuntu22.04-node16/.trivyignore | 2 +- nodejs-base/ubuntu22.04-node18/.trivyignore | 2 +- python-base/ubuntu20.04-python3.9-nginx-node/.trivyignore | 2 +- python-base/ubuntu22.04-python3.10-nginx-node/.trivyignore | 2 +- python-base/ubuntu22.04-python3.10-nginx-node18/.trivyignore | 2 +- 9 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/keepalive.yaml b/.github/workflows/keepalive.yaml index 436057c..72021f3 100644 --- a/.github/workflows/keepalive.yaml +++ b/.github/workflows/keepalive.yaml @@ -32,8 +32,8 @@ jobs: # Reset repo state git checkout --orphan "${BRANCH}" date +%Y-%m-%dT%H:%M:%S > .github/keepalive.txt - git reset - git add .github/keepalive.txt + git reset + git add .github/keepalive.txt git commit --message "${MESSAGE}" git push -f --set-upstream origin "${BRANCH}" diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 1d12421..af220d4 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -8,7 +8,7 @@ repos: - id: shellcheck - repo: https://github.com/pycqa/isort - rev: 5.10.1 + rev: 5.12.0 hooks: - id: isort diff --git a/nodejs-base/ubuntu20.04-node14/.trivyignore b/nodejs-base/ubuntu20.04-node14/.trivyignore index 5a9f879..92db20b 100644 --- a/nodejs-base/ubuntu20.04-node14/.trivyignore +++ b/nodejs-base/ubuntu20.04-node14/.trivyignore @@ -4,4 +4,4 @@ CVE-2023-0286 # Regular Expression Denial of Service (ReDoS) vulnerability -CVE-2022-25881 \ No newline at end of file +CVE-2022-25881 diff --git a/nodejs-base/ubuntu20.04-node16/.trivyignore b/nodejs-base/ubuntu20.04-node16/.trivyignore index 5a9f879..92db20b 100644 --- a/nodejs-base/ubuntu20.04-node16/.trivyignore +++ b/nodejs-base/ubuntu20.04-node16/.trivyignore @@ -4,4 +4,4 @@ CVE-2023-0286 # Regular Expression Denial of Service (ReDoS) vulnerability -CVE-2022-25881 \ No newline at end of file +CVE-2022-25881 diff --git a/nodejs-base/ubuntu22.04-node16/.trivyignore b/nodejs-base/ubuntu22.04-node16/.trivyignore index e7999c6..c2a69ad 100644 --- a/nodejs-base/ubuntu22.04-node16/.trivyignore +++ b/nodejs-base/ubuntu22.04-node16/.trivyignore @@ -8,4 +8,4 @@ CVE-2022-0778 CVE-2023-0286 # Regular Expression Denial of Service (ReDoS) vulnerability -CVE-2022-25881 \ No newline at end of file +CVE-2022-25881 diff --git a/nodejs-base/ubuntu22.04-node18/.trivyignore b/nodejs-base/ubuntu22.04-node18/.trivyignore index e7999c6..c2a69ad 100644 --- a/nodejs-base/ubuntu22.04-node18/.trivyignore +++ b/nodejs-base/ubuntu22.04-node18/.trivyignore @@ -8,4 +8,4 @@ CVE-2022-0778 CVE-2023-0286 # Regular Expression Denial of Service (ReDoS) vulnerability -CVE-2022-25881 \ No newline at end of file +CVE-2022-25881 diff --git a/python-base/ubuntu20.04-python3.9-nginx-node/.trivyignore b/python-base/ubuntu20.04-python3.9-nginx-node/.trivyignore index f7de09d..cc83c12 100644 --- a/python-base/ubuntu20.04-python3.9-nginx-node/.trivyignore +++ b/python-base/ubuntu20.04-python3.9-nginx-node/.trivyignore @@ -7,4 +7,4 @@ CVE-2022-42919 CVE-2023-0286 # Regular Expression Denial of Service (ReDoS) vulnerability -CVE-2022-25881 \ No newline at end of file +CVE-2022-25881 diff --git a/python-base/ubuntu22.04-python3.10-nginx-node/.trivyignore b/python-base/ubuntu22.04-python3.10-nginx-node/.trivyignore index f1402a2..b4d5091 100644 --- a/python-base/ubuntu22.04-python3.10-nginx-node/.trivyignore +++ b/python-base/ubuntu22.04-python3.10-nginx-node/.trivyignore @@ -9,4 +9,4 @@ CVE-2022-0778 CVE-2023-0286 # Regular Expression Denial of Service (ReDoS) vulnerability -CVE-2022-25881 \ No newline at end of file +CVE-2022-25881 diff --git a/python-base/ubuntu22.04-python3.10-nginx-node18/.trivyignore b/python-base/ubuntu22.04-python3.10-nginx-node18/.trivyignore index f1402a2..b4d5091 100644 --- a/python-base/ubuntu22.04-python3.10-nginx-node18/.trivyignore +++ b/python-base/ubuntu22.04-python3.10-nginx-node18/.trivyignore @@ -9,4 +9,4 @@ CVE-2022-0778 CVE-2023-0286 # Regular Expression Denial of Service (ReDoS) vulnerability -CVE-2022-25881 \ No newline at end of file +CVE-2022-25881