)]}'
{"id":"openstack%2Fossa~720291","triplet_id":"openstack%2Fossa~master~Id9a768d3cb3880c4d8f28a45adc924edb8b5dc4a","project":"openstack/ossa","branch":"master","topic":"c1-uuids","hashtags":[],"change_id":"Id9a768d3cb3880c4d8f28a45adc924edb8b5dc4a","subject":"Remove UUID guessing example from C1 report class","status":"MERGED","created":"2020-04-15 21:29:24.000000000","updated":"2020-05-21 15:24:34.000000000","submitted":"2020-05-21 15:22:54.000000000","submitter":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"total_comment_count":0,"unresolved_comment_count":0,"has_review_started":true,"submission_id":"720291-1590074574868-a134e064","meta_rev_id":"be0c56d2d3f89259fea4fc7060a42a12c95f1eb6","_number":720291,"virtual_id_number":720291,"owner":{"_account_id":5263,"name":"Jeremy Stanley","display_name":"fungi","email":"fungi@yuggoth.org","username":"fungi","status":"missing, presumed fed"},"actions":{},"labels":{"Verified":{"approved":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"all":[{"value":0,"_account_id":21420,"name":"Gage Hugo","email":"gagehugo@gmail.com","username":"ghugo"},{"tag":"autogenerated:zuul:gate","value":2,"date":"2020-05-21 15:22:54.000000000","post_submit":true,"permitted_voting_range":{"min":2,"max":2},"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]}],"values":{"-2":"Fails","-1":"Doesn\u0027t seem to work"," 0":"No score","+1":"Works for me","+2":"Verified"},"description":"","default_value":0,"optional":true},"Code-Review":{"approved":{"_account_id":21420,"name":"Gage Hugo","email":"gagehugo@gmail.com","username":"ghugo"},"all":[{"value":2,"date":"2020-04-25 02:47:11.000000000","_account_id":21420,"name":"Gage Hugo","email":"gagehugo@gmail.com","username":"ghugo"},{"value":0,"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]}],"values":{"-2":"Do not merge","-1":"This patch needs further work before it can be merged"," 0":"No score","+1":"Looks good to me, but someone else must approve","+2":"Looks good to me (core reviewer)"},"description":"","default_value":0,"optional":true},"Workflow":{"approved":{"_account_id":21420,"name":"Gage Hugo","email":"gagehugo@gmail.com","username":"ghugo"},"all":[{"value":1,"date":"2020-05-21 15:10:28.000000000","_account_id":21420,"name":"Gage Hugo","email":"gagehugo@gmail.com","username":"ghugo"},{"value":0,"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]}],"values":{"-1":"Work in progress"," 0":"Ready for reviews","+1":"Approved"},"description":"","default_value":0,"optional":true}},"removable_reviewers":[],"reviewers":{"REVIEWER":[{"_account_id":21420,"name":"Gage Hugo","email":"gagehugo@gmail.com","username":"ghugo"},{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]}]},"pending_reviewers":{},"reviewer_updates":[{"updated":"2020-05-21 15:10:28.000000000","updated_by":{"_account_id":21420,"name":"Gage Hugo","email":"gagehugo@gmail.com","username":"ghugo"},"reviewer":{"_account_id":21420,"name":"Gage Hugo","email":"gagehugo@gmail.com","username":"ghugo"},"state":"REVIEWER"},{"updated":"2020-05-21 15:22:54.000000000","updated_by":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"reviewer":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"state":"REVIEWER"}],"messages":[{"id":"0e658e628778f10b2f33b80dd89e728c0e453a45","author":{"_account_id":5263,"name":"Jeremy Stanley","display_name":"fungi","email":"fungi@yuggoth.org","username":"fungi","status":"missing, presumed fed"},"date":"2020-04-15 21:29:24.000000000","message":"Uploaded patch set 1.","accounts_in_message":[],"_revision_number":1},{"id":"a16dc7e64b9cb87b76bd1b61e727ea8b0ec36131","author":{"_account_id":5263,"name":"Jeremy Stanley","display_name":"fungi","email":"fungi@yuggoth.org","username":"fungi","status":"missing, presumed fed"},"date":"2020-04-15 21:32:23.000000000","message":"Uploaded patch set 2: Commit message was updated.","accounts_in_message":[],"_revision_number":2},{"id":"4e7b45fc7fcd5ba6cec0077aa8b95cc2acb537ad","tag":"autogenerated:zuul:check","author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"date":"2020-04-15 21:38:15.000000000","message":"Patch Set 2: Verified+1\n\nBuild succeeded (check pipeline).\n\n- openstack-tox-docs https://zuul.opendev.org/t/openstack/build/94240c2eb43a4dbbb328069826b3c006 : SUCCESS in 4m 40s","accounts_in_message":[],"_revision_number":2},{"id":"2460402ee681394256a3112140a3badfb379faa3","author":{"_account_id":21420,"name":"Gage Hugo","email":"gagehugo@gmail.com","username":"ghugo"},"date":"2020-04-25 02:47:11.000000000","message":"Patch Set 2: Code-Review+2","accounts_in_message":[],"_revision_number":2},{"id":"d007461b938ff505cad221d499fd6ecdc9522491","author":{"_account_id":21420,"name":"Gage Hugo","email":"gagehugo@gmail.com","username":"ghugo"},"date":"2020-05-21 15:10:28.000000000","message":"Patch Set 2: Workflow+1","accounts_in_message":[],"_revision_number":2},{"id":"c4a8e3e03ed2858468561967714c501045e7b8c6","tag":"autogenerated:zuul:gate","author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"date":"2020-05-21 15:11:49.000000000","message":"Patch Set 2: -Verified\n\nStarting gate jobs.","accounts_in_message":[],"_revision_number":2},{"id":"4fb585a158f0815c2f9d950efc92c3b0295ba595","author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"date":"2020-05-21 15:22:54.000000000","message":"Change has been successfully merged by Zuul","accounts_in_message":[],"_revision_number":2},{"id":"24a685d644fc4d3cbb512347a0112abc533cc810","tag":"autogenerated:zuul:gate","author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"date":"2020-05-21 15:22:54.000000000","message":"Patch Set 2: Verified+2\n\nBuild succeeded (gate pipeline).\n\n- openstack-tox-docs https://zuul.opendev.org/t/openstack/build/485811dd2ed342c191ad0f9a4ce1ade5 : SUCCESS in 6m 22s","accounts_in_message":[],"_revision_number":2},{"id":"b3512fb8a6517d6ab885bcf8458b5476c373cd84","tag":"autogenerated:zuul:promote","author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"date":"2020-05-21 15:24:34.000000000","message":"Patch Set 2:\n\nBuild succeeded (promote pipeline).\n\n- promote-security https://zuul.opendev.org/t/openstack/build/e276669e9b7b46ca9fd93a77afbf9fe7 : SUCCESS in 1m 23s","accounts_in_message":[],"_revision_number":2}],"current_revision_number":2,"current_revision":"8313bac0e2169e694c715692542dc32c4c5175e6","revisions":{"b6a4624821bc216fb161f5c6884831a31d4163dd":{"kind":"REWORK","_number":1,"created":"2020-04-15 21:29:24.000000000","uploader":{"_account_id":5263,"name":"Jeremy Stanley","display_name":"fungi","email":"fungi@yuggoth.org","username":"fungi","status":"missing, presumed fed"},"ref":"refs/changes/91/720291/1","fetch":{"anonymous http":{"url":"https://review.opendev.org/openstack/ossa","ref":"refs/changes/91/720291/1","commands":{"Checkout":"git fetch https://review.opendev.org/openstack/ossa refs/changes/91/720291/1 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://review.opendev.org/openstack/ossa refs/changes/91/720291/1 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://review.opendev.org/openstack/ossa refs/changes/91/720291/1 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://review.opendev.org/openstack/ossa refs/changes/91/720291/1"}}},"commit":{"parents":[{"commit":"e9563158842d8af15c4840944df2eb8a8a07d08b","subject":"Add OSSA-2020-002 (CVE-2020-9543)","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/ossa/commit/e9563158842d8af15c4840944df2eb8a8a07d08b"}]}],"author":{"name":"Jeremy Stanley","email":"fungi@yuggoth.org","date":"2020-04-15 21:26:28.000000000","tz":0},"committer":{"name":"Jeremy Stanley","email":"fungi@yuggoth.org","date":"2020-04-15 21:26:28.000000000","tz":0},"subject":"Remove UUID guessing example from C1 report class","message":"Remove UUID guessing example from C1 report class\n\nSeveral recent examples have made it clear that UUIDs for a variety\nof objects in various services\u0027 APIs are keyed with UUIDs which are\nnot safeguarded or we otherwise don\u0027t position this information as\nsensitive in obvious ways. We may still consider some reports a C1\nif they genuinely hinge on an attacker guessing or socially\nengineering an administrator to divulge an arbitrary type 4 UUID,\nbut this rule is not as solid an indicator of a C1 report as it was\nin 2015 when this example was originally added.\n\nChange-Id: Id9a768d3cb3880c4d8f28a45adc924edb8b5dc4a\n","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/ossa/commit/b6a4624821bc216fb161f5c6884831a31d4163dd"}],"resolve_conflicts_web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/ossa/commit/b6a4624821bc216fb161f5c6884831a31d4163dd"}]},"branch":"refs/heads/master"},"8313bac0e2169e694c715692542dc32c4c5175e6":{"kind":"NO_CODE_CHANGE","_number":2,"created":"2020-04-15 21:32:23.000000000","uploader":{"_account_id":5263,"name":"Jeremy Stanley","display_name":"fungi","email":"fungi@yuggoth.org","username":"fungi","status":"missing, presumed fed"},"ref":"refs/changes/91/720291/2","fetch":{"anonymous http":{"url":"https://review.opendev.org/openstack/ossa","ref":"refs/changes/91/720291/2","commands":{"Checkout":"git fetch https://review.opendev.org/openstack/ossa refs/changes/91/720291/2 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://review.opendev.org/openstack/ossa refs/changes/91/720291/2 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://review.opendev.org/openstack/ossa refs/changes/91/720291/2 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://review.opendev.org/openstack/ossa refs/changes/91/720291/2"}}},"commit":{"parents":[{"commit":"e9563158842d8af15c4840944df2eb8a8a07d08b","subject":"Add OSSA-2020-002 (CVE-2020-9543)","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/ossa/commit/e9563158842d8af15c4840944df2eb8a8a07d08b"}]}],"author":{"name":"Jeremy Stanley","email":"fungi@yuggoth.org","date":"2020-04-15 21:26:28.000000000","tz":0},"committer":{"name":"Jeremy Stanley","email":"fungi@yuggoth.org","date":"2020-04-15 21:31:27.000000000","tz":0},"subject":"Remove UUID guessing example from C1 report class","message":"Remove UUID guessing example from C1 report class\n\nSeveral recent examples have made it clear that some objects in\nvarious services\u0027 APIs are keyed with UUIDs which are not\nsafeguarded or we otherwise don\u0027t position this information as\nsensitive in obvious ways. We may still consider some reports a C1\nif they genuinely hinge on an attacker guessing or socially\nengineering an administrator to divulge an arbitrary type 4 UUID,\nbut this rule is not as solid an indicator of a C1 report as it was\nin 2015 when this example was originally added.\n\nChange-Id: Id9a768d3cb3880c4d8f28a45adc924edb8b5dc4a\n","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/ossa/commit/8313bac0e2169e694c715692542dc32c4c5175e6"}],"resolve_conflicts_web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/ossa/commit/8313bac0e2169e694c715692542dc32c4c5175e6"}]},"branch":"refs/heads/master"}},"requirements":[],"submit_records":[],"submit_requirements":[]}