View-Based-Reverse-Engineering
diff --git a/‎acmeair-acmeair/model_gs/snyk/acmeair.json
Lines changed: 210 additions & 0 deletions b/‎acmeair-acmeair/model_gs/snyk/acmeair.json
Lines changed: 210 additions & 0 deletions
diff --git a/‎anilallewar-microservices-basics-spring-boot/model_gs/uml/componentDiagram.puml
Lines changed: 26 additions & 37 deletions b/‎anilallewar-microservices-basics-spring-boot/model_gs/uml/componentDiagram.puml
Lines changed: 26 additions & 37 deletions
@@ -0,0 +1,210 @@
+{
+  "ok": false,
+  "vulnerabilities": [
+    {
+      "id": "SNYK-JAVA-JUNIT-1017047",
+      "title": "Information Exposure",
+      "CVSSv3": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:R",
+      "credit": [
+        "Jonathan Leitschuh"
+      ],
+      "semver": {
+        "vulnerable": [
+          "[4.7,4.13.1)"
+        ]
+      },
+      "exploit": "Proof of Concept",
+      "fixedIn": [
+        "4.13.1"
+      ],
+      "patches": [],
+      "insights": {
+        "triageAdvice": "This vulnerability is only applicable on Linux operating systems"
+      },
+      "language": "java",
+      "severity": "low",
+      "cvssScore": 2.9,
+      "functions": [
+        {
+          "version": [
+            "[4.7,4.11-beta-1)"
+          ],
+          "functionId": {
+            "filePath": "org/junit/rules/TemporaryFolder.java",
+            "className": "TemporaryFolder",
+            "functionName": "newFolder"
+          }
+        },
+        {
+          "version": [
+            "[4.11-beta-1,4.13.1)"
+          ],
+          "functionId": {
+            "filePath": "org/junit/rules/TemporaryFolder.java",
+            "className": "TemporaryFolder",
+            "functionName": "createTemporaryFolderIn"
+          }
+        }
+      ],
+      "malicious": false,
+      "isDisputed": false,
+      "moduleName": "junit:junit",
+      "references": [
+        {
+          "url": "https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae",
+          "title": "GitHub Commit"
+        },
+        {
+          "url": "https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp",
+          "title": "POC: GitHub Advisory"
+        }
+      ],
+      "cvssDetails": [
+        {
+          "assigner": "NVD",
+          "severity": "medium",
+          "cvssV3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
+          "cvssV3BaseScore": 5.5,
+          "modificationTime": "2024-03-11T09:49:11.114404Z"
+        },
+        {
+          "assigner": "Red Hat",
+          "severity": "medium",
+          "cvssV3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+          "cvssV3BaseScore": 4,
+          "modificationTime": "2024-03-11T09:52:05.359911Z"
+        }
+      ],
+      "cvssSources": [
+        {
+          "type": "primary",
+          "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:R",
+          "assigner": "Snyk",
+          "severity": "low",
+          "baseScore": 2.9,
+          "cvssVersion": "3.1",
+          "modificationTime": "2024-03-06T14:02:14.725467Z"
+        },
+        {
+          "type": "secondary",
+          "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
+          "assigner": "NVD",
+          "severity": "medium",
+          "baseScore": 5.5,
+          "cvssVersion": "3.1",
+          "modificationTime": "2024-03-11T09:49:11.114404Z"
+        },
+        {
+          "type": "secondary",
+          "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+          "assigner": "Red Hat",
+          "severity": "medium",
+          "baseScore": 4,
+          "cvssVersion": "3.1",
+          "modificationTime": "2024-03-11T09:52:05.359911Z"
+        }
+      ],
+      "description": "## Overview\n[junit:junit](https://mvnrepository.com/artifact/junit/junit) is an unit testing framework for Java\n\nAffected versions of this package are vulnerable to Information Exposure. The JUnit4 test rule `TemporaryFolder` contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system.\r\n\r\n*Note:* This vulnerability does not allow other users to overwrite the contents of these directories or files.\r\nThis only affects Unix like systems.\n## Remediation\nUpgrade `junit:junit` to version 4.13.1 or higher.\n## References\n- [GitHub Commit](https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae)\n- [POC: GitHub Advisory](https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp)\n",
+      "epssDetails": {
+        "percentile": "0.30006",
+        "probability": "0.00066",
+        "modelVersion": "v2023.03.01"
+      },
+      "identifiers": {
+        "CVE": [
+          "CVE-2020-15250"
+        ],
+        "CWE": [
+          "CWE-200"
+        ],
+        "GHSA": [
+          "GHSA-269g-pwp5-87pp"
+        ]
+      },
+      "packageName": "junit:junit",
+      "proprietary": true,
+      "creationTime": "2020-10-12T10:07:32.302340Z",
+      "functions_new": [
+        {
+          "version": [
+            "[4.7,4.11-beta-1)"
+          ],
+          "functionId": {
+            "className": "org.junit.rules.TemporaryFolder",
+            "functionName": "newFolder"
+          }
+        },
+        {
+          "version": [
+            "[4.11-beta-1,4.13.1)"
+          ],
+          "functionId": {
+            "className": "org.junit.rules.TemporaryFolder",
+            "functionName": "createTemporaryFolderIn"
+          }
+        }
+      ],
+      "alternativeIds": [],
+      "disclosureTime": "2020-10-12T10:07:30Z",
+      "exploitDetails": {
+        "sources": [
+          "Snyk"
+        ],
+        "maturityLevels": [
+          {
+            "type": "secondary",
+            "level": "Proof of Concept",
+            "format": "CVSSv3"
+          },
+          {
+            "type": "primary",
+            "level": "Proof of Concept",
+            "format": "CVSSv4"
+          }
+        ]
+      },
+      "packageManager": "maven",
+      "mavenModuleName": {
+        "groupId": "junit",
+        "artifactId": "junit"
+      },
+      "publicationTime": "2020-10-13T14:27:37Z",
+      "severityBasedOn": "CVSS",
+      "modificationTime": "2024-03-11T09:52:05.359911Z",
+      "socialTrendAlert": false,
+      "severityWithCritical": "low",
+      "packagePopularityRank": 99,
+      "from": [
+        "acmeair/acmeair@acmeair/acmeair#f16122729873ef0449ea276dfb2d2a1d45bebb40",
+        "com.googlecode.json-simple:json-simple@1.1.1",
+        "junit:junit@4.10"
+      ],
+      "upgradePath": [
+        false,
+        false,
+        "junit:junit@4.13.1"
+      ],
+      "version": "4.10",
+      "name": "junit:junit",
+      "isUpgradable": false,
+      "isPatchable": false,
+      "isPinnable": false
+    }
+  ],
+  "numDependencies": 9,
+  "severityMap": {
+    "critical": 0,
+    "high": 0,
+    "medium": 0,
+    "low": 1
+  },
+  "packageManager": "gradle",
+  "summary": "1 vulnerable dependency path",
+  "filesystemPolicy": false,
+  "filtered": {
+    "ignore": [],
+    "patch": []
+  },
+  "uniqueCount": 1,
+  "path": "https://github.com/acmeair/acmeair"
+}
@@ -18,59 +18,49 @@ interface "/user-service" as generalInterface1
 
 interface "/comments" as CommentsInterface
 
+component [task-webservice] as task {
+    portin " " as TaskIn1
 
+    component [CommentsService] as CommentsService
+    component [TaskController] as TaskController
+    portout " " as TaskOut1
 
-component [task-webservice] as task {
-	portin " " as TaskIn1
-	'portin " " as TaskIn2
-	component [CommentsService] as CommentsService
-	component [TaskController] as TaskController
-	portout " " as TaskOut1
-	
-	'taskInterface -- TaskIn2
-	'TaskIn2 -- TaskController
-	generalInterface -- TaskIn1
-	TaskIn1 -- TaskController
-	TaskController ..> CommentsService : requires
-	CommentsService .. TaskOut1
-	TaskOut1 ..> CommentsInterface : requires
+
+    generalInterface -- TaskIn1
+    TaskIn1 -- TaskController
+    TaskController ..> CommentsService : requires
+    CommentsService .. TaskOut1
+    TaskOut1 ..> CommentsInterface : requires
 }
 
 component [comments-webservice] as comments {
-	portin " " as commentsIn1
-	component [CommentsController] as CommentsController
-	
-	CommentsInterface -- commentsIn1
-	commentsIn1 -- CommentsController
-}
+    portin " " as commentsIn1
+    component [CommentsController] as CommentsController
 
-component [user-webservice] as user {
-	portin " " as UserIn1
-	component [UserController] as UserController
-	
-	generalInterface1 -- UserIn1
-	UserIn1 -- UserController
+    CommentsInterface -- commentsIn1
+    commentsIn1 -- CommentsController
 }
 
+component [user-webservice] as user {
+    portin " " as UserIn1
+    component [UserController] as UserController
 
-
-'interface "/usertask" as taskInterface
-
-
+    generalInterface1 -- UserIn1
+    UserIn1 -- UserController
+}
 
 interface "/userauth" as authInterface
 
 component [auth-server] as auth {
-	portin " " as authIn
-	component [AuthUserController] as AuthUserController
-	authInterface -- authIn
-	authIn -- AuthUserController
+    portin " " as authIn
+    component [AuthUserController] as AuthUserController
+    authInterface -- authIn
+    authIn -- AuthUserController
 }
 
 gateway ..> generalInterface : depends on
 gateway ..> generalInterface1 : depends on
 gateway ..> CommentsInterface : depends on
-'gateway ..> taskInterface : depends on
 gateway ..> authInterface : depends on
 
 comments ..> config : use
@@ -93,5 +83,4 @@ comments ..> zipkin : Sends Tracing Data
 task ..> zipkin : Sends Tracing Data
 user ..> zipkin : Sends Tracing Data
 
-
-@enduml
+@enduml