Get Ignored Violations

Xray REST APIs

Products
JFrog Xray
Content Type
REST API
ft:sourceType
Paligo

Description: Gets a list of all Ignored violations on a watch.

Applicable Environment: JFrog SaaS,  Self-Hosted

Since: 3.11

Security: Requires a "Manage Watches" role to be set on the User or Group level.

Usage: GET /xray/api/v1/violations/ignored/{watch_name}

Consumes: N/A

Produces: application/JSON

Path Parameters:

Name

Type

Mandatory/Optional

Description

watch_name

string

Required

The name of the watch to retrieve violations

Query Parameters:

Name

Type

Mandatory/Optional

Description

limit

string

Optional

Limit of violations to retrieve (default: 500)

offset

string

Optional

Offset for pagination (default: 1)

order_by

string

Optional

Order the violations by severity or updated (default: updated)

Request Body: N/A

Response Body:

Name

Type

Description

violations_count

integer

Total count of ignored violations

violations

array[ViolationObj]

Array of ignored violations

ViolationObj:

Name

Type

Description

violation_id

string

The ID of the violation

description

string

Description of the violation

severity

string

Severity level of the violation

type

string

Type of violation

infected_components

array[string]

List of infected components

created

string

Timestamp of when the violation was created

watch_name

string

Name of the watch associated with the violation

matched_policies

array[PolicyObj]

List of policies matched with the violation

impacted_artifacts

array[string]

List of impacted artifacts

issue_id

string

ID of the issue

ignore_rule_info

IgnoreRuleInfoObj

Information about the ignore rule

extended_information

ExtendedInfoObj

Extended information about the violation

applicability

null or array[ApplicabilityObj]

Details about the applicability of the violation

applicability_details

array[ApplicabilityDetailsObj]

Applicability details

PolicyObj:

Name

Type

Description

policy

string

Name of the policy

rule

string

Rule applied

is_blocking

boolean

Indicates if the policy is blocking (true/false)

is_ignored

boolean

Indicates if the policy is ignored (true/false)

IgnoreRuleInfoObj:

Name

Type

Description

ignore_rule_type

string

Type of ignore rule (e.g., Ignore Permanently)

author

string

Author of the ignore rule

created

integer

Timestamp when the ignore rule was created

id

string

ID of the ignore rule

notes

string

Additional notes about the ignore rule

is_expired

boolean

Indicates if the ignore rule is expired

expires_at

string

Date and time when the ignore rule expires (if applicable)RFC 3339 timestamp format: <YYYY-MM-DDTHH:MM:SSZ>

ExtendedInfoObj:

Name

Type

Description

short_description

string

Short description of the vulnerability

full_description

string

Full description of the vulnerability

jfrog_research_severity

string

Severity of the vulnerability according to JFrog research

jfrog_research_severity_reasons

array[ReasonObj]

Reasons for JFrog research severity

remediation

string

Remediation steps for the vulnerability

ReasonObj:

Name

Type

Description

name

string

Name of the reason

description

string

Description of the reason

is_positive

boolean

Indicates if the reason is positive (true/false)

ApplicabilityObj:

Name

Type

Description

scanner_available

boolean

Indicates if the scanner is available for checking the applicability of the vulnerability

component_id

string

Identifier of the component

source_comp_id

string

Identifier of the source component

cve_id

string

Common Vulnerabilities and Exposures identifier

scan_status

integer

Status of the scan for applicability

applicability

boolean

Indicates if the vulnerability is applicable

scanner_explanation

string

Explanation provided by the scanner for applicability

evidence

null orarray[EvidenceObj]

Evidence related to the applicability of the vulnerability

info

string

Additional information about the applicability

details

null or array[DetailsObj]

Additional details about the applicability

ApplicabilityDetailsObj:

Name

Type

Description

component_id

string

Component id of the artifact

source_comp_id

string

Component id of the vulnerable package

vulnerability_id

string

CVE id

result

Contextual Analysis result enum

Contextual Analysis result

EvidenceObj:

Name

Type

Description

column_names

array[string]

Names of the columns in the evidence

rows

array[array[string]]

Rows of evidence

DetailsObj:

Name

Type

Description

file_path

string

Path to the file

details

string

Additional details about the applicability

Response codes:

Status code

Description

200

OK

400

Parsing/validation error

401

Unauthorized

403

Forbidden

500

Failed to get ignored violations

Successful Response Example:

{
  "violations_count": 1,
  "violations": [
    {
      "violation_id": "1742877329343852544",
      "description": "The GNU General Public License Version 2",
      "severity": "High",
      "type": "License",
      "infected_components": [
        "alpine://3.15:libstdc++:10.3.1_git20211027-r0",
        "alpine://3.15:g++:10.3.1_git20211027-r0",
        "alpine://3.15:libgphobos:10.3.1_git20211027-r0",
        "gav://javax.vecmath:vecmath:1.5.2",
        "alpine://3.15:libgcc:10.3.1_git20211027-r0",
        "alpine://3.15:gcc:10.3.1_git20211027-r0",
        "gav://javax.annotation:javax.annotation-api:1.3.2",
        "alpine://3.15:libatomic:10.3.1_git20211027-r0",
        "alpine://3.15:libgomp:10.3.1_git20211027-r0"
      ],
      "created": "2024-01-04T11:55:11Z",
      "watch_name": "demo",
      "matched_policies": [
        {
          "policy": "demo-license",
          "rule": "ban-GPL&LGPL",
          "is_blocking": false,
          "is_ignored": true
        }
      ],
      "issue_id": "GPL-2.0",
      "impacted_artifacts": [
        "default/ockers/ics/latest/"
      ],
      "ignore_rule_info": {
        "id": "93989214-d2db-4692-6e3e-7dbc39f1bc17",
        "author": "usera",
        "created": 1708770133,
        "notes": "test",
        "is_expired": false,
        "expires_at": "2024-02-25T21:59:59Z"
      },
      "applicability": null
    }
  ]
}

Get Ignored Violation in a Watch in Projects Example

GET /xray/api/v1/violations/ignored/proj-watch?projectKey=<project_key>&?limit={limit}&order_by={order_by}&offset={offset}

CVE Research and Enrichment Response Example

{
    "violations_count": 3,
    "violations": [
        {
            "violation_id": "1764742097225699328",
            "description": "spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer",
            "severity": "High",
            "type": "Security",
            "infected_components": [
                "gav://org.springframework.boot:spring-boot:2.2.6.RELEASE"
            ],
            "created": "2024-03-04T19:57:57Z",
            "watch_name": "watch-name",
            "matched_policies": [
                {
                    "policy": "policy-name",
                    "rule": "rule-name",
                    "is_blocking": false,
                    "is_ignored": true
                }
            ],
            "issue_id": "XRAY-202749",
            "impacted_artifacts": [
                "default/maven-local/student-services-security-0.0.1-20230711.143048-1_8db924.jar"
            ],
            "ignore_rule_info": {
                "id": "b03fd7b9-ea42-41b5-62e4-cdbc4b1c067f",
                "ignore_rule_type": "Ignore Permanently",
                "author": "admin",
                "created": 1709582260,
                "notes": "Ignore notes",
                "is_expired": false
            },
            "extended_information": {
                "short_description": "Improper temporary directory management in Spring Boot can lead to local privilege escalation.",
                "full_description": "[Spring Boot](https://spring.io/projects/spring-boot) is a project that is built on the top of the Spring Framework. It provides an easier and faster way to set up, configure, and run both simple and web-based applications. Spring Boot is the combination of the Spring Framework and an embedded application server such as Tomcat or Jetty. When the application instantiates a web server, it creates by default a work directory for configuration files, class files and others. \n\nSpring Boot is vulnerable to temporary directory hijacking. The temporary directory creation function [`createTempDir`](https://github.com/spring-projects/spring-boot/blob/ce70e7d768977242a8ea6f93188388f273be5851/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/server/AbstractConfigurableWebServerFactory.java#L165-L177) deletes the temporary directory first, and then creates it again so that it will be empty and clean. A local attacker can monitor the Spring Boot process, catch the deletion of a temporary directory and start a race to create the directory before Spring Boot dies. If successful, the attacker will be the owner of the directory and will be able to dump and modify any created temporary files.\nThis can potentially lead to application takeover (running code with the privileges of Spring Boot) if the temporary directory contains important files such as configuration files, class files and others.\n\nNote: Spring Boot Autoconfiguration's popular annotations `@SpringBootApplication` and `@EnableAutoConfiguration` are instantiating a web server at runtime. Thus, if one of the annotations is present, it always makes the application vulnerable for this CVE.",
                "jfrog_research_severity": "Medium",
                "jfrog_research_severity_reasons": [
                    {
                        "name": "The issue is trivial to exploit and does not require a published writeup or PoC",
                        "description": "Requires the attacker to create a temporary directory before the Spring Boot process",
                        "is_positive": false
                    },
                    {
                        "name": "The issue can only be exploited by an attacker that can execute code on the vulnerable machine (excluding exceedingly rare circumstances)",
                        "description": "The attacker should be able to monitor temporary directories",
                        "is_positive": true
                    },
                    {
                        "name": "The impact of exploiting the issue depends on the context of surrounding software. A severe impact such as RCE is not guaranteed.",
                        "description": "The impact depends on the contents of the hijacked directory",
                        "is_positive": true
                    },
                    {
                        "name": "The issue has a detailed technical explanation published, that can aid in exploit development",
                        "is_positive": false
                    }
                ],
                "remediation": "##### Deployment mitigations\n\nSetting the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability for all operating systems as follows:\n```\nexport _JAVA_OPTIONS=-Djava.io.tmpdir=/my/tmp/dir\n```"
            },
            "applicability": [
                {
                    "scanner_available": true,
                    "component_id": "gav://com.in28minutes.springboot:student-services-security:0.0.1-SNAPSHOT",
                    "source_comp_id": "gav://org.springframework.boot:spring-boot:2.2.6.RELEASE",
                    "cve_id": "CVE-2022-27772",
                    "scan_status": 1,
                    "applicability": true,
                    "scanner_explanation": "<p>The scanner checks whether the vulnerable inner function <code>AbstractConfigurableWebServerFactory.createTempDir()</code> is called, <br />\nby checking whether any of the following external functions are called:</p>\n<ul>\n<li><code>JettyServletWebServerFactory.getWebServer()</code></li>\n<li><code>TomcatServletWebServerFactory.getWebServer()</code></li>\n<li><code>UndertowServletWebServerFactory.getWebServer()</code></li>\n<li><code>TomcatReactiveWebServerFactory.getWebServer()</code></li>\n</ul>\n<p>It additionally checks whether the <code>@SpringBootApplication</code> or <code>@EnableAutoConfiguration</code> annotations are used, since Spring-Boot-based web servers also lead to the vulnerable inner function.</p>",
                    "evidence": [
                        {
                            "column_names": [
                                "Path",
                                "Location",
                                "Issue Found"
                            ],
                            "rows": [
                                [
                                    "/BOOT-INF/classes/com/in28minutes/springboot/StudentServicesApplication.class",
                                    "StudentServicesApplication",
                                    "The vulnerable @SpringBootApplication class annotation is used"
                                ]
                            ]
                        }
                    ],
                    "info": "The vulnerable @SpringBootApplication class annotation is used",
                    "details": [
                        {
                            "file_path": "/BOOT-INF/classes/com/in28minutes/springboot/StudentServicesApplication.class",
                            "details": "Location: StudentServicesApplication, Issue Found: The vulnerable @SpringBootApplication class annotation is used"
                        }
                    ]
                }
            ],
            "applicability_details": [
                {
                    "component_id": "gav://com.in28minutes.springboot:student-services-security:0.0.1-SNAPSHOT",
                    "source_comp_id": "gav://org.springframework.boot:spring-boot:2.2.6.RELEASE",
                    "vulnerability_id": "CVE-2022-27772",
                    "result": "applicable"
                }
            ]
        },
        {
            "violation_id": "1764742097427025920",
            "description": "Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack.",
            "severity": "Medium",
            "type": "Security",
            "infected_components": [
                "gav://org.springframework.security:spring-security-core:5.2.2.RELEASE"
            ],
            "created": "2024-03-04T19:57:58Z",
            "watch_name": "watch-name",
            "matched_policies": [
                {
                    "policy": "policy-name",
                    "rule": "rule-name",
                    "is_blocking": false,
                    "is_ignored": true
                }
            ],
            "issue_id": "XRAY-98355",
            "impacted_artifacts": [
                "default/maven-local/student-services-security-0.0.1-20230711.143048-1_8db924.jar"
            ],
            "ignore_rule_info": {
                "id": "b03fd7b9-ea42-41b5-62e4-cdbc4b1c067f",
                "ignore_rule_type": "Ignore Permanently",
                "author": "admin",
                "created": 1709582260,
                "notes": "Ignore notes",
                "is_expired": false
            },
            "applicability": null,
            "applicability_details": [
                {
                    "component_id": "gav://com.in28minutes.springboot:student-services-security:0.0.1-SNAPSHOT",
                    "source_comp_id": "",
                    "vulnerability_id": "CVE-2020-5408",
                    "result": "not_covered"
                }
            ]
        },
        {
            "violation_id": "1764742097791930368",
            "description": "Pivotal Spring Framework before 6.0.0 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required.\n\nMaintainers recommend investigating alternative components or a potential mitigating control. Version 4.2.6 and 3.2.17 contain [enhanced documentation](https://github.com/spring-projects/spring-framework/commit/5cbe90b2cd91b866a5a9586e460f311860e11cfa) advising users to take precautions against unsafe Java deserialization, version 5.3.0 [deprecate the impacted classes](https://github.com/spring-projects/spring-framework/issues/25379) and version 6.0.0 [removed it entirely](https://github.com/spring-projects/spring-framework/issues/27422).",
            "severity": "Critical",
            "type": "Security",
            "infected_components": [
                "gav://org.springframework:spring-web:5.2.5.RELEASE"
            ],
            "created": "2024-03-04T19:57:58Z",
            "watch_name": "watch-name",
            "matched_policies": [
                {
                    "policy": "policy-name",
                    "rule": "rule-name",
                    "is_blocking": false,
                    "is_ignored": true
                }
            ],
            "issue_id": "XRAY-125778",
            "impacted_artifacts": [
                "default/maven-local/student-services-security-0.0.1-20230711.143048-1_8db924.jar"
            ],
            "ignore_rule_info": {
                "id": "b03fd7b9-ea42-41b5-62e4-cdbc4b1c067f",
                "ignore_rule_type": "Ignore Permanently",
                "author": "admin",
                "created": 1709582260,
                "notes": "Ignore notes",
                "is_expired": false
            },
            "extended_information": {
                "short_description": "Unsafe deserialization in Spring RemoteInvocationSerializingExporter could lead to remote code execution.",
                "full_description": "Spring-based applications that export service beans as endpoints using classes that extend the [RemoteInvocationSerializingExporter](https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/remoting/rmi/RemoteInvocationSerializingExporter.html) class are vulnerable to Java deserialization attacks which could lead to RCE (Remote Code Execution). As of 2016, this vulnerability is still not fixed, as the Pivotal team (the maintainers of the Spring framework) disputed it as a security vulnerability in Spring itself and decided not to issue a fix. Instead, they deprecated `HttpInvokerServiceExporter` and `SimpleHttpInvokerServiceExporter`, the potentially vulnerable exporter classes that extend `RemoteInvocationSerializingExporter` and warned application developers not to use them when exposed to untrusted user input (see \"WARNING\" in the [documentation](https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/remoting/httpinvoker/HttpInvokerServiceExporter.html)). Applications that do not use the above classes can safely ignore this vulnerability.",
                "jfrog_research_severity": "Critical",
                "jfrog_research_severity_reasons": [
                    {
                        "name": "Exploitation of the issue is only possible when the vulnerable component is used in a specific manner. The attacker has to perform per-target research to determine the vulnerable attack vector",
                        "description": "The attacker must find a request that is handled by a class extending `RemoteInvocationSerializingExporter`",
                        "is_positive": true
                    },
                    {
                        "name": "The issue results in a severe impact (such as remote code execution)",
                        "description": "Remote code execution",
                        "is_positive": false
                    },
                    {
                        "name": "The issue has an exploit published",
                        "description": "An RMI exploit can be generated by frameworks such as [ysoserial](https://github.com/frohoff/ysoserial/tree/master/src)",
                        "is_positive": false
                    },
                    {
                        "name": "The issue has a detailed technical explanation published, that can aid in exploit development",
                        "description": "The original advisory contains a technical writeup",
                        "is_positive": false
                    }
                ],
                "remediation": "##### Deployment mitigations\n\nDo not use Java serialization for external endpoints (Do not extend the `RemoteInvocationSerializingExporter` class)"
            },
            "applicability": [
                {
                    "scanner_available": true,
                    "component_id": "gav://com.in28minutes.springboot:student-services-security:0.0.1-SNAPSHOT",
                    "source_comp_id": "gav://org.springframework:spring-web:5.2.5.RELEASE",
                    "cve_id": "CVE-2016-1000027",
                    "scan_status": 1,
                    "applicability": false,
                    "scanner_explanation": "<p>The scanner checks whether the vulnerable class <code>(Simple)HttpInvokerServiceExporter</code> is instantiated.</p>",
                    "evidence": null,
                    "info": "The vulnerable class (Simple)HttpInvokerServiceExporter is never instantiated",
                    "details": null
                }
            ],
            "applicability_details": [
                {
                    "component_id": "gav://com.in28minutes.springboot:student-services-security:0.0.1-SNAPSHOT",
                    "source_comp_id": "gav://org.springframework:spring-web:5.2.5.RELEASE",
                    "vulnerability_id": "CVE-2016-1000027",
                    "result": "not_applicable"
                }
            ]
        }
    ]
}