Skip to content

Commit

Permalink
chore: fix spelling errors (aquasecurity#2352)
Browse files Browse the repository at this point in the history
  • Loading branch information
jsoref authored Jun 20, 2022
1 parent 6f10352 commit d6d0a60
Show file tree
Hide file tree
Showing 22 changed files with 31 additions and 31 deletions.
2 changes: 1 addition & 1 deletion docs/community/maintainer/triage.md
Original file line number Diff line number Diff line change
Expand Up @@ -188,7 +188,7 @@ We use two labels [help wanted](https://github.com/aquasecurity/trivy/issues?q=i
and [good first issue](https://github.com/aquasecurity/trivy/issues?q=is%3Aopen+is%3Aissue+label%3A%22good+first+issue%22)
to identify issues that have been specially groomed for new contributors.

We have specific [guidelines](/docs/docs/advanced/contribd/contrib/help-wanted.md)
We have specific [guidelines](/docs/community/maintainer/help-wanted.md)
for how to use these labels. If you see an issue that satisfies these
guidelines, you can add the `help wanted` label and the `good first issue` label.
Please note that adding the `good first issue` label must also
Expand Down
2 changes: 1 addition & 1 deletion docs/docs/integrations/github-actions.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# GitHub Actions

- Here is the [Trivy Github Action][action]
- Here is the [Trivy GitHub Action][action]
- The Microsoft Azure team have written a [container-scan action][azure] that uses Trivy and Dockle
- For full control over the options specified to Trivy, this [blog post][blog] describes adding Trivy into your own GitHub action workflows

Expand Down
6 changes: 3 additions & 3 deletions docs/docs/integrations/gitlab-ci.md
Original file line number Diff line number Diff line change
Expand Up @@ -111,7 +111,7 @@ container_scanning:
[example]: https://gitlab.com/aquasecurity/trivy-ci-test/pipelines
[repository]: https://github.com/aquasecurity/trivy-ci-test
### Gitlab CI alternative template
### GitLab CI alternative template
Depending on the edition of gitlab you have or your desired workflow, the
container scanning template may not meet your needs. As an addition to the
Expand Down Expand Up @@ -174,8 +174,8 @@ be necessary to rename the artifact if you want to reuse the name. To then
combine the previous artifact with the output of trivy, the following `jq`
command can be used, `jq -s 'add' prev-codeclimate.json trivy-codeclimate.json > gl-codeclimate.json`.

### Gitlab CI alternative template example report
### GitLab CI alternative template example report

You'll be able to see a full report in the Gitlab pipeline code quality UI, where filesystem vulnerabilities and misconfigurations include links to the flagged files and image vulnerabilities report the image/os or runtime/library that the vulnerability originates from instead.
You'll be able to see a full report in the GitLab pipeline code quality UI, where filesystem vulnerabilities and misconfigurations include links to the flagged files and image vulnerabilities report the image/os or runtime/library that the vulnerability originates from instead.

![codequality](../../imgs/gitlab-codequality.png)
2 changes: 1 addition & 1 deletion docs/docs/kubernetes/cli/scanning.md
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ Filter by severity:
$ trivy k8s --severity=CRITICAL --report=all cluster
```

Filter by security check (Vulnerabilties, Secrets or Misconfigurations):
Filter by security check (Vulnerabilities, Secrets or Misconfigurations):

```
$ trivy k8s --security-checks=secret --report=summary cluster
Expand Down
4 changes: 2 additions & 2 deletions docs/docs/kubernetes/operator/troubleshooting.md
Original file line number Diff line number Diff line change
Expand Up @@ -65,11 +65,11 @@ Make sure that you are providing the right resources upon installing the Trivy O
If your pod is in `CrashLoopBackOff`, it is likely the case that the pod cannot be scheduled on the Kubernetes node that it is trying to schedule on.
In this case, you want to investigate further whether there is an issue with the node. It could for instance be the case that the node does not have sufficient resources.

## Reconcilation Error
## Reconciliation Error

It could happen that the pod appears to be running normally but does not reconcile the resources inside of your Kubernetes cluster.

Check the logs for reconcilation errors:
Check the logs for reconciliation errors:
```
kubectl logs deployment/trivy-operator -n trivy-system
```
Expand Down
2 changes: 1 addition & 1 deletion docs/docs/misconfiguration/custom/examples.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ See [here][k8s].

The custom policy is defined in `user.kubernetes.ID001` package.
You need to pass the package prefix you want to evaluate through `--namespaces` option.
In this case, the package prefix should be `user`, `user.kuberntes`, or `user.kubernetes.ID001`.
In this case, the package prefix should be `user`, `user.kubernetes`, or `user.kubernetes.ID001`.

### Dockerfile
See [here][dockerfile].
Expand Down
2 changes: 1 addition & 1 deletion docs/docs/misconfiguration/policy/builtin.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ Those policies are managed under [defsec repository][defsec].

For suggestions or issues regarding policy content, please open an issue under the [defsec][defsec] repository.

Helm Chart scanning will resolve the chart to Kubernetes manifests then run the [kubenetes][kubernetes] checks.
Helm Chart scanning will resolve the chart to Kubernetes manifests then run the [kubernetes][kubernetes] checks.

Ansible scanning is coming soon.

Expand Down
2 changes: 1 addition & 1 deletion docs/docs/vulnerability/scanning/git-repository.md
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,7 @@ Total: 20 (UNKNOWN: 3, LOW: 0, MEDIUM: 7, HIGH: 5, CRITICAL: 5)
| | | | | | 2.11.3. The ReDOS... |
+---------------------+------------------+----------+-------------------+------------------------+---------------------------------------+
| py | CVE-2020-29651 | HIGH | 1.8.0 | | python-py: ReDoS in the py.path.svnwc |
| | | | | | component via mailicious input |
| | | | | | component via malicious input |
| | | | | | to blame functionality... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-29651 |
+---------------------+------------------+----------+-------------------+------------------------+---------------------------------------+
Expand Down
6 changes: 3 additions & 3 deletions docs/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,17 +22,17 @@ All you need to do for scanning is to specify a target such as an image name of
<h1 id="demo">Demo</h1>
</div>

<figure style="text-aligh: center">
<figure style="text-align: center">
<img src="imgs/vuln-demo.gif" width="1000">
<figcaption>Demo: Vulnerability Detection</figcaption>
</figure>

<figure style="text-aligh: center">
<figure style="text-align: center">
<img src="imgs/misconf-demo.gif" width="1000">
<figcaption>Demo: Misconfiguration Detection</figcaption>
</figure>

<figure style="text-aligh: center">
<figure style="text-align: center">
<img src="imgs/secret-demo.gif" width="1000">
<figcaption>Demo: Secret Detection</figcaption>
</figure>
Expand Down
2 changes: 1 addition & 1 deletion helm/trivy/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ This chart bootstraps a Trivy deployment on a [Kubernetes](http://kubernetes.io)
- Kubernetes 1.12+
- Helm 3+

## Installing from the the Aqua Chart Repository
## Installing from the Aqua Chart Repository

```
helm repo add aquasecurity https://aquasecurity.github.io/helm-charts/
Expand Down
2 changes: 1 addition & 1 deletion integration/client_server_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -225,7 +225,7 @@ func TestClientServer(t *testing.T) {
golden: "testdata/mariner-1.0.json.golden",
},
{
name: "buxybox with Cargo.lock",
name: "busybox with Cargo.lock",
args: csArgs{
Input: "testdata/fixtures/images/busybox-with-lockfile.tar.gz",
},
Expand Down
2 changes: 1 addition & 1 deletion integration/standalone_tar_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -240,7 +240,7 @@ func TestTar(t *testing.T) {
golden: "testdata/mariner-1.0.json.golden",
},
{
name: "buxybox with Cargo.lock integration",
name: "busybox with Cargo.lock integration",
testArgs: args{
Format: "json",
Input: "testdata/fixtures/images/busybox-with-lockfile.tar.gz",
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/almalinux-8.json.golden
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@
"URL": "https://errata.almalinux.org/"
},
"Title": "openssl: Read buffer overruns processing ASN.1 strings",
"Description": "ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own \"d2i\" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the \"data\" and \"length\" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the \"data\" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).",
"Description": "ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are represented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own \"d2i\" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the \"data\" and \"length\" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the \"data\" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-125"
Expand Down
4 changes: 2 additions & 2 deletions integration/testdata/fixtures/db/vulnerability.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -887,7 +887,7 @@
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CweIDs:
- CWE-502
Description: A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.
Description: A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.
LastModifiedDate: 2020-10-17T12:15:00Z
PublishedDate: 2020-06-19T18:15:00Z
References:
Expand Down Expand Up @@ -998,7 +998,7 @@
V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
CweIDs:
- CWE-125
Description: ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).
Description: ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are represented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).
LastModifiedDate: 2022-01-06T09:15:00Z
PublishedDate: 2021-08-24T15:15:00Z
References:
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/fluentd-gems.json.golden
Original file line number Diff line number Diff line change
Expand Up @@ -186,7 +186,7 @@
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Arubygems"
},
"Title": "rubygem-activesupport: potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore",
"Description": "A deserialization of untrusted data vulnernerability exists in rails \u003c 5.2.4.3, rails \u003c 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.",
"Description": "A deserialization of untrusted data vulnerability exists in rails \u003c 5.2.4.3, rails \u003c 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.",
"Severity": "HIGH",
"CweIDs": [
"CWE-502"
Expand Down
Loading

0 comments on commit d6d0a60

Please sign in to comment.