Skip to content

Instantly share code, notes, and snippets.

@tuxology

tuxology/contextual-sca-tarpit.json

Created December 17, 2019 02:02
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save tuxology/2c996c8e050722d4e450f3f734404b10 to your computer and use it in GitHub Desktop.
Save tuxology/2c996c8e050722d4e450f3f734404b10 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
contextual-sca-tarpit.json
[
{
"groupId": "net.lingala.zip4j",
"artifactId": "zip4j",
"version": "1.3.2",
"callGraph": {
"cveId": "CVE-2018-1002202",
"versionRanges": [
"[0,1.3.3)"
],
"flow": [
{
"methodSignature": "net/lingala/zip4j/unzip/Unzip.initExtractFile(Lnet/lingala/zip4j/model/FileHeader;Ljava/lang/String;Lnet/lingala/zip4j/model/UnzipParameters;Ljava/lang/String;Lnet/lingala/zip4j/progress/ProgressMonitor;)V",
"flows": [
{
"fullName": "io.shiftleft.tarpit.FileUploader.doPost:void(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)",
"fileName": "io/shiftleft/tarpit/FileUploader.java",
"lineNumber": "43"
},
{
"fullName": "net.lingala.zip4j.core.ZipFile.extractFile:void(java.lang.String,java.lang.String)",
"fileName": "net/lingala/zip4j/core/ZipFile.java",
"lineNumber": "565"
},
{
"fullName": "net.lingala.zip4j.core.ZipFile.extractFile:void(net.lingala.zip4j.model.FileHeader,java.lang.String)",
"fileName": "net/lingala/zip4j/core/ZipFile.java",
"lineNumber": "499"
},
{
"fullName": "io.shiftleft.tarpit.util.Unzipper.unzipFile:void(java.lang.String,java.lang.String)",
"fileName": "io/shiftleft/tarpit/util/Unzipper.java",
"lineNumber": "15"
},
{
"fullName": "net.lingala.zip4j.core.ZipFile.extractFile:void(java.lang.String,java.lang.String,net.lingala.zip4j.model.UnzipParameters)",
"fileName": "net/lingala/zip4j/core/ZipFile.java",
"lineNumber": "586"
},
{
"fullName": "net.lingala.zip4j.core.ZipFile.extractFile:void(net.lingala.zip4j.model.FileHeader,java.lang.String,net.lingala.zip4j.model.UnzipParameters)",
"fileName": "net/lingala/zip4j/core/ZipFile.java",
"lineNumber": "516"
},
{
"fullName": "net.lingala.zip4j.model.FileHeader.extractFile:void(net.lingala.zip4j.model.ZipModel,java.lang.String,net.lingala.zip4j.progress.ProgressMonitor,boolean)",
"fileName": "net/lingala/zip4j/model/FileHeader.java",
"lineNumber": "249"
},
{
"fullName": "net.lingala.zip4j.core.ZipFile.extractAll:void(java.lang.String)",
"fileName": "net/lingala/zip4j/core/ZipFile.java",
"lineNumber": "450"
},
{
"fullName": "net.lingala.zip4j.core.ZipFile.extractFile:void(java.lang.String,java.lang.String,net.lingala.zip4j.model.UnzipParameters,java.lang.String)",
"fileName": "net/lingala/zip4j/core/ZipFile.java",
"lineNumber": "613"
},
{
"fullName": "net.lingala.zip4j.core.ZipFile.extractFile:void(net.lingala.zip4j.model.FileHeader,java.lang.String,net.lingala.zip4j.model.UnzipParameters,java.lang.String)",
"fileName": "net/lingala/zip4j/core/ZipFile.java",
"lineNumber": "531"
},
{
"fullName": "net.lingala.zip4j.model.FileHeader.extractFile:void(net.lingala.zip4j.model.ZipModel,java.lang.String,net.lingala.zip4j.model.UnzipParameters,net.lingala.zip4j.progress.ProgressMonitor,boolean)",
"fileName": "net/lingala/zip4j/model/FileHeader.java",
"lineNumber": "262"
},
{
"fullName": "net.lingala.zip4j.unzip.Unzip$1.run:void()",
"fileName": "net/lingala/zip4j/unzip/Unzip.java",
"lineNumber": "64"
},
{
"fullName": "net.lingala.zip4j.core.ZipFile.extractAll:void(java.lang.String,net.lingala.zip4j.model.UnzipParameters)",
"fileName": "net/lingala/zip4j/core/ZipFile.java",
"lineNumber": "465"
},
{
"fullName": "net.lingala.zip4j.unzip.Unzip$2.run:void()",
"fileName": "net/lingala/zip4j/unzip/Unzip.java",
"lineNumber": "108"
},
{
"fullName": "net.lingala.zip4j.model.FileHeader.extractFile:void(net.lingala.zip4j.model.ZipModel,java.lang.String,net.lingala.zip4j.model.UnzipParameters,java.lang.String,net.lingala.zip4j.progress.ProgressMonitor,boolean)",
"fileName": "net/lingala/zip4j/model/FileHeader.java",
"lineNumber": "279"
},
{
"fullName": "net.lingala.zip4j.unzip.Unzip.access$000:void(net.lingala.zip4j.unzip.Unzip,java.util.ArrayList,net.lingala.zip4j.model.UnzipParameters,net.lingala.zip4j.progress.ProgressMonitor,java.lang.String)",
"fileName": "net/lingala/zip4j/unzip/Unzip.java",
"lineNumber": "31"
},
{
"fullName": "net.lingala.zip4j.unzip.Unzip.extractAll:void(net.lingala.zip4j.model.UnzipParameters,java.lang.String,net.lingala.zip4j.progress.ProgressMonitor,boolean)",
"fileName": "net/lingala/zip4j/unzip/Unzip.java",
"lineNumber": "47"
},
{
"fullName": "net.lingala.zip4j.unzip.Unzip.access$100:void(net.lingala.zip4j.unzip.Unzip,net.lingala.zip4j.model.FileHeader,java.lang.String,net.lingala.zip4j.model.UnzipParameters,java.lang.String,net.lingala.zip4j.progress.ProgressMonitor)",
"fileName": "net/lingala/zip4j/unzip/Unzip.java",
"lineNumber": "31"
},
{
"fullName": "net.lingala.zip4j.unzip.Unzip.extractFile:void(net.lingala.zip4j.model.FileHeader,java.lang.String,net.lingala.zip4j.model.UnzipParameters,java.lang.String,net.lingala.zip4j.progress.ProgressMonitor,boolean)",
"fileName": "net/lingala/zip4j/unzip/Unzip.java",
"lineNumber": "94"
},
{
"fullName": "net.lingala.zip4j.unzip.Unzip.initExtractAll:void(java.util.ArrayList,net.lingala.zip4j.model.UnzipParameters,net.lingala.zip4j.progress.ProgressMonitor,java.lang.String)",
"fileName": "net/lingala/zip4j/unzip/Unzip.java",
"lineNumber": "80"
}
]
}
]
}
},
{
"groupId": "net.lingala.zip4j",
"artifactId": "zip4j",
"version": "1.3.2",
"callGraph": {
"cveId": "CVE-2018-1002202",
"versionRanges": [
"[0,1.3.3)"
],
"flow": [
{
"methodSignature": "net/lingala/zip4j/unzip/Unzip.checkOutputDirectoryStructure(Lnet/lingala/zip4j/model/FileHeader;Ljava/lang/String;Ljava/lang/String;)V",
"flows": [
{
"fullName": "io.shiftleft.tarpit.FileUploader.doPost:void(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)",
"fileName": "io/shiftleft/tarpit/FileUploader.java",
"lineNumber": "43"
},
{
"fullName": "net.lingala.zip4j.core.ZipFile.extractFile:void(java.lang.String,java.lang.String)",
"fileName": "net/lingala/zip4j/core/ZipFile.java",
"lineNumber": "565"
},
{
"fullName": "net.lingala.zip4j.core.ZipFile.extractFile:void(net.lingala.zip4j.model.FileHeader,java.lang.String)",
"fileName": "net/lingala/zip4j/core/ZipFile.java",
"lineNumber": "499"
},
{
"fullName": "io.shiftleft.tarpit.util.Unzipper.unzipFile:void(java.lang.String,java.lang.String)",
"fileName": "io/shiftleft/tarpit/util/Unzipper.java",
"lineNumber": "15"
},
{
"fullName": "net.lingala.zip4j.core.ZipFile.extractFile:void(java.lang.String,java.lang.String,net.lingala.zip4j.model.UnzipParameters)",
"fileName": "net/lingala/zip4j/core/ZipFile.java",
"lineNumber": "586"
},
{
"fullName": "net.lingala.zip4j.core.ZipFile.extractFile:void(net.lingala.zip4j.model.FileHeader,java.lang.String,net.lingala.zip4j.model.UnzipParameters)",
"fileName": "net/lingala/zip4j/core/ZipFile.java",
"lineNumber": "516"
},
{
"fullName": "net.lingala.zip4j.model.FileHeader.extractFile:void(net.lingala.zip4j.model.ZipModel,java.lang.String,net.lingala.zip4j.progress.ProgressMonitor,boolean)",
"fileName": "net/lingala/zip4j/model/FileHeader.java",
"lineNumber": "249"
},
{
"fullName": "net.lingala.zip4j.core.ZipFile.extractAll:void(java.lang.String)",
"fileName": "net/lingala/zip4j/core/ZipFile.java",
"lineNumber": "450"
},
{
"fullName": "net.lingala.zip4j.core.ZipFile.extractFile:void(java.lang.String,java.lang.String,net.lingala.zip4j.model.UnzipParameters,java.lang.String)",
"fileName": "net/lingala/zip4j/core/ZipFile.java",
"lineNumber": "613"
},
{
"fullName": "net.lingala.zip4j.core.ZipFile.extractFile:void(net.lingala.zip4j.model.FileHeader,java.lang.String,net.lingala.zip4j.model.UnzipParameters,java.lang.String)",
"fileName": "net/lingala/zip4j/core/ZipFile.java",
"lineNumber": "531"
},
{
"fullName": "net.lingala.zip4j.model.FileHeader.extractFile:void(net.lingala.zip4j.model.ZipModel,java.lang.String,net.lingala.zip4j.model.UnzipParameters,net.lingala.zip4j.progress.ProgressMonitor,boolean)",
"fileName": "net/lingala/zip4j/model/FileHeader.java",
"lineNumber": "262"
},
{
"fullName": "net.lingala.zip4j.unzip.Unzip$1.run:void()",
"fileName": "net/lingala/zip4j/unzip/Unzip.java",
"lineNumber": "64"
},
{
"fullName": "net.lingala.zip4j.core.ZipFile.extractAll:void(java.lang.String,net.lingala.zip4j.model.UnzipParameters)",
"fileName": "net/lingala/zip4j/core/ZipFile.java",
"lineNumber": "465"
},
{
"fullName": "net.lingala.zip4j.unzip.Unzip$2.run:void()",
"fileName": "net/lingala/zip4j/unzip/Unzip.java",
"lineNumber": "108"
},
{
"fullName": "net.lingala.zip4j.model.FileHeader.extractFile:void(net.lingala.zip4j.model.ZipModel,java.lang.String,net.lingala.zip4j.model.UnzipParameters,java.lang.String,net.lingala.zip4j.progress.ProgressMonitor,boolean)",
"fileName": "net/lingala/zip4j/model/FileHeader.java",
"lineNumber": "279"
},
{
"fullName": "net.lingala.zip4j.unzip.Unzip.access$000:void(net.lingala.zip4j.unzip.Unzip,java.util.ArrayList,net.lingala.zip4j.model.UnzipParameters,net.lingala.zip4j.progress.ProgressMonitor,java.lang.String)",
"fileName": "net/lingala/zip4j/unzip/Unzip.java",
"lineNumber": "31"
},
{
"fullName": "net.lingala.zip4j.unzip.Unzip.extractAll:void(net.lingala.zip4j.model.UnzipParameters,java.lang.String,net.lingala.zip4j.progress.ProgressMonitor,boolean)",
"fileName": "net/lingala/zip4j/unzip/Unzip.java",
"lineNumber": "47"
},
{
"fullName": "net.lingala.zip4j.unzip.Unzip.access$100:void(net.lingala.zip4j.unzip.Unzip,net.lingala.zip4j.model.FileHeader,java.lang.String,net.lingala.zip4j.model.UnzipParameters,java.lang.String,net.lingala.zip4j.progress.ProgressMonitor)",
"fileName": "net/lingala/zip4j/unzip/Unzip.java",
"lineNumber": "31"
},
{
"fullName": "net.lingala.zip4j.unzip.Unzip.extractFile:void(net.lingala.zip4j.model.FileHeader,java.lang.String,net.lingala.zip4j.model.UnzipParameters,java.lang.String,net.lingala.zip4j.progress.ProgressMonitor,boolean)",
"fileName": "net/lingala/zip4j/unzip/Unzip.java",
"lineNumber": "94"
},
{
"fullName": "net.lingala.zip4j.unzip.Unzip.initExtractAll:void(java.util.ArrayList,net.lingala.zip4j.model.UnzipParameters,net.lingala.zip4j.progress.ProgressMonitor,java.lang.String)",
"fileName": "net/lingala/zip4j/unzip/Unzip.java",
"lineNumber": "80"
},
{
"fullName": "net.lingala.zip4j.unzip.Unzip.initExtractFile:void(net.lingala.zip4j.model.FileHeader,java.lang.String,net.lingala.zip4j.model.UnzipParameters,java.lang.String,net.lingala.zip4j.progress.ProgressMonitor)",
"fileName": "net/lingala/zip4j/unzip/Unzip.java",
"lineNumber": "125"
}
]
}
]
}
},
{
"groupId": "com.fasterxml.jackson.core",
"artifactId": "jackson-databind",
"version": "2.8.7",
"callGraph": {
"cveId": "CVE-2017-7525",
"versionRanges": [
"(,2.7.9.1)",
"[2.7.9.2,2.7.9.3)",
"[2.7.9.3,2.8.10)",
"[2.8.12,2.9.3)"
],
"flow": [
{
"methodSignature": "com/fasterxml/jackson/databind/ObjectMapper.enableDefaultTyping()Lcom/fasterxml/jackson/databind/ObjectMapper;",
"flows": [
{
"fullName": "io.shiftleft.tarpit.model.UnusedObject.<clinit>:void()",
"fileName": "io/shiftleft/tarpit/model/UnusedObject.java",
"lineNumber": "7"
}
]
}
]
}
},
{
"groupId": "com.fasterxml.jackson.core",
"artifactId": "jackson-databind",
"version": "2.8.7",
"callGraph": {
"cveId": "CVE-2017-7525",
"versionRanges": [
"(,2.7.9.1)",
"[2.7.9.2,2.7.9.3)",
"[2.7.9.3,2.8.10)",
"[2.8.12,2.9.3)"
],
"flow": [
{
"methodSignature": "com/fasterxml/jackson/databind/ObjectMapper.readValue(Ljava/lang/String;Ljava/lang/Class;)Ljava/lang/Object;",
"flows": [
{
"fullName": "io.shiftleft.tarpit.OrderProcessor.doPost:void(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)",
"fileName": "io/shiftleft/tarpit/OrderProcessor.java",
"lineNumber": "76"
}
]
}
]
}
}
]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment