feature: adds new severity high pattern CF-1779 (#167)

Author: pedrobpereira

.circleci/config.yml

@@ -2,7 +2,7 @@ version: 2.1
 
 orbs:
   codacy: codacy/[email protected]
-  codacy_plugins_test: codacy/plugins-test@2.0.11
+  codacy_plugins_test: codacy/plugins-test@2.1.0
 
 references:
   install_trivy_and_download_dbs: &install_trivy_and_download_dbs

docs/description/vulnerability.md

@@ -1,2 +1,2 @@
-## Insecure dependencies detection (critical and high severity)
-Detects insecure dependencies (critical and high severity) by checking the libraries declared in the package manager and flagging used library versions with known security vulnerabilities.
+## Insecure dependencies detection (critical severity)
+Detects insecure dependencies (critical severity) by checking the libraries declared in the package manager and flagging used library versions with known security vulnerabilities.

docs/description/vulnerability_high.md

@@ -0,0 +1,2 @@
+## Insecure dependencies detection (high severity)
+Detects insecure dependencies (high severity) by checking the libraries declared in the package manager and flagging used library versions with known security vulnerabilities.

docs/multiple-tests/all-patterns/patterns.xml

@@ -2,6 +2,7 @@
 <module name="root">
     <module name="secret" />
     <module name="vulnerability" />
+    <module name="vulnerability_high" />
     <module name="vulnerability_medium" />
     <module name="vulnerability_minor" />
 </module>

docs/multiple-tests/all-patterns/results.xml

@@ -28,10 +28,10 @@
             severity="error"
         />
         <error
-            source="vulnerability"
+            source="vulnerability_high"
             line="3"
             message="Insecure dependency maven/org.apache.seatunnel/[email protected] (CVE-2023-49198: Apache SeaTunnel SQL Injection vulnerability) (update to 1.0.1)"
-            severity="error"
+            severity="high"
         />
         <error
             source="vulnerability_medium"

docs/multiple-tests/pattern-vulnerability-high/patterns.xml

@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module name="root">
+    <module name="vulnerability_high" />
+</module>

docs/multiple-tests/pattern-vulnerability-high/results.xml

@@ -0,0 +1,187 @@
+<?xml version="1.0" encoding="utf-8"?>
+<checkstyle version="1.5">
+    <file name="dart/pubspec.lock">
+        <error
+            source="vulnerability_high"
+            line="20"
+            message="Insecure dependency pub/[email protected] (CVE-2021-31402: dio vulnerable to CRLF injection with HTTP method string) (update to 5.0.0)"
+            severity="high"
+        />
+    </file>
+    <file name="golang/go.mod">
+        <error
+            source="vulnerability_high"
+            line="8"
+            message="Insecure dependency golang/github.com/ollama/[email protected] (CVE-2024-12055: ollama: DoS using malicious gguf model file in ollama/ollama) (no fix available)"
+            severity="high"
+        />
+    </file>
+    <file name="golang/go.mod">
+        <error
+            source="vulnerability_high"
+            line="8"
+            message="Insecure dependency golang/github.com/ollama/[email protected] (CVE-2024-45436: Ollama can extract members of a ZIP archive outside of the parent directory) (update to 0.1.47)"
+            severity="high"
+        />
+    </file>
+    <file name="golang/go.mod">
+        <error
+            source="vulnerability_high"
+            line="8"
+            message="Insecure dependency golang/github.com/ollama/[email protected] (CVE-2024-8063: ollama: Divide by Zero in ollama/ollama) (no fix available)"
+            severity="high"
+        />
+    </file>
+    <file name="golang/go.mod">
+        <error
+            source="vulnerability_high"
+            line="8"
+            message="Insecure dependency golang/github.com/ollama/[email protected] (CVE-2025-0312: ollama: NULL Pointer Dereference in ollama/ollama) (no fix available)"
+            severity="high"
+        />
+    </file>
+    <file name="golang/go.mod">
+        <error
+            source="vulnerability_high"
+            line="8"
+            message="Insecure dependency golang/github.com/ollama/[email protected] (CVE-2025-0315: ollama: Allocation of Resources Without Limits or Throttling in ollama/ollama) (no fix available)"
+            severity="high"
+        />
+    </file>
+    <file name="golang/go.mod">
+        <error
+            source="vulnerability_high"
+            line="8"
+            message="Insecure dependency golang/github.com/ollama/[email protected] (CVE-2025-0317: ollama: Divide By Zero in ollama/ollama) (no fix available)"
+            severity="high"
+        />
+    </file>
+    <file name="golang/go.mod">
+        <error
+            source="vulnerability_high"
+            line="8"
+            message="Insecure dependency golang/github.com/ollama/[email protected] (CVE-2025-1975: ollama: Improper Validation of Array Index in ollama/ollama) (no fix available)"
+            severity="high"
+        />
+    </file>
+    <file name="golang/go.mod">
+        <error
+            source="vulnerability_high"
+            line="8"
+            message="Insecure dependency golang/github.com/ollama/[email protected] (CVE-2024-12886: ollama: Out-Of-Memory (OOM) Vulnerability in ollama/ollama) (no fix available)"
+            severity="high"
+        />
+    </file>
+    <file name="golang/go.mod">
+        <error
+            source="vulnerability_high"
+            line="7"
+            message="Insecure dependency golang/golang.org/x/[email protected] (CVE-2023-39325: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)) (update to 0.17.0)"
+            severity="high"
+        />
+    </file>
+    <file name="golang/go.mod">
+        <error
+            source="vulnerability_high"
+            line="5"
+            message="Insecure dependency golang/[email protected] (CVE-2023-45288: golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS) (update to 1.21.9)"
+            severity="high"
+        />
+    </file>
+    <file name="golang/go.mod">
+        <error
+            source="vulnerability_high"
+            line="5"
+            message="Insecure dependency golang/[email protected] (CVE-2024-34156: encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion) (update to 1.22.7)"
+            severity="high"
+        />
+    </file>
+    <file name="gradle/gradle.lockfile">
+        <error
+            source="vulnerability_high"
+            line="1"
+            message="Insecure dependency maven/org.apache.seatunnel/[email protected] (CVE-2023-49198: Apache SeaTunnel SQL Injection vulnerability) (update to 1.0.1)"
+            severity="high"
+        />
+    </file>
+    <file name="javascript/package-lock.json">
+        <error
+            source="vulnerability_high"
+            line="14"
+            message="Insecure dependency npm/[email protected] (CVE-2021-3749: nodejs-axios: Regular expression denial of service in trim function) (update to 0.21.2)"
+            severity="high"
+        />
+    </file>
+    <file name="javascript/package-lock.json">
+        <error
+            source="vulnerability_high"
+            line="14"
+            message="Insecure dependency npm/[email protected] (CVE-2025-27152: axios: Possible SSRF and Credential Leakage via Absolute URL in axios Requests) (update to 0.30.0)"
+            severity="high"
+        />
+    </file>
+    <file name="javascript/yarn.lock">
+        <error
+            source="vulnerability_high"
+            line="5"
+            message="Insecure dependency npm/[email protected] (CVE-2021-3749: nodejs-axios: Regular expression denial of service in trim function) (update to 0.21.2)"
+            severity="high"
+        />
+    </file>
+    <file name="javascript/yarn.lock">
+        <error
+            source="vulnerability_high"
+            line="5"
+            message="Insecure dependency npm/[email protected] (CVE-2025-27152: axios: Possible SSRF and Credential Leakage via Absolute URL in axios Requests) (update to 0.30.0)"
+            severity="high"
+        />
+    </file>
+    <file name="python/requirements.txt">
+        <error
+            source="vulnerability_high"
+            line="2"
+            message="Insecure dependency pypi/[email protected] (CVE-2023-1625: openstack-heat: information leak in API) (update to 20.0.0)"
+            severity="high"
+        />
+    </file>
+    <file name="scala/build.sbt.lock">
+        <error
+            source="vulnerability_high"
+            line="13"
+            message="Insecure dependency maven/ch.qos.logback/[email protected] (CVE-2023-6378: logback: serialization vulnerability in logback receiver) (update to 1.2.13)"
+            severity="high"
+        />
+    </file>
+    <file name="swift/Package.resolved">
+        <error
+            source="vulnerability_high"
+            line="67"
+            message="Insecure dependency swift/github.com/apple/[email protected] (CVE-2022-0618: Denial of service via HTTP/2 HEADERS frames padding) (update to 1.20)"
+            severity="high"
+        />
+    </file>
+    <file name="swift/Package.resolved">
+        <error
+            source="vulnerability_high"
+            line="67"
+            message="Insecure dependency swift/github.com/apple/[email protected] (CVE-2022-24666: swift-nio-http2 vulnerable to denial of service via invalid HTTP/2 HEADERS frame length) (update to 1.19.2)"
+            severity="high"
+        />
+    </file>
+    <file name="swift/Package.resolved">
+        <error
+            source="vulnerability_high"
+            line="67"
+            message="Insecure dependency swift/github.com/apple/[email protected] (CVE-2022-24667: swift-nio-http2 vulnerable to denial of service via mishandled HPACK variable length integer encoding) (update to 1.19.2)"
+            severity="high"
+        />
+    </file>
+    <file name="swift/Package.resolved">
+        <error
+            source="vulnerability_high"
+            line="67"
+            message="Insecure dependency swift/github.com/apple/[email protected] (CVE-2022-24668: swift-nio-http2 vulnerable to denial of service via ALTSVC or ORIGIN frames) (update to 1.19.2)"
+            severity="high"
+        />
+    </file>
+</checkstyle>