Skip to content

Code Security Report: 107 high severity findings, 173 total findings #22

Open
Open
Code Security Report: 107 high severity findings, 173 total findings#22
Labels
code security findingsCode security findings detected by Mend
@mend-for-github-com

Description

@mend-for-github-com
mend-for-github-com
bot
opened on Dec 7, 2022

Code Security Report

Latest Scan: 2022-12-07 05:58pm
Total Findings: 173
Tested Project Files: 105
Detected Programming Languages: 2

  • Check this box to manually trigger a scan

Language: Java

Severity CWE Vulnerability Type Count
High CWE-89 SQL Injection 37
High CWE-643 XPath Injection 2
High CWE-94 Code Injection 2
High CWE-22 Path/Directory Traversal 11
High CWE-73 File Manipulation 1
High CWE-79 Cross-Site Scripting 54
Medium CWE-798 Hardcoded Password/Credentials 1
Medium CWE-338 Weak Pseudo-Random 1
Medium CWE-244 Heap Inspection 13
Medium CWE-501 Trust Boundary Violation 11
Medium CWE-209 Error Messages Information Exposure 3
Low CWE-601 Unvalidated/Open Redirect 1
Low CWE-916 Weak Hash Strength 1
Low CWE-113 HTTP Header Injection 3
Low CWE-20 Cookie Injection 4
Low CWE-20 Session Poisoning 11
Low CWE-941 Arbitrary Server Connection 14

Details

The below list presents the 20 most relevant findings that need your attention. To view information on the remaining findings, navigate to the Mend SAST Application.

SQL Injection (CWE-89) : 20

Findings

sqli/download_id_union.jsp:24

JavaVulnerableSASTGitHubTickets/src/main/webapp/vulnerability/sqli/download_id_union.jsp

Lines 19 to 24 in 9a24120

if(fileid!=null && !fileid.equals(""))
{
Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties"));
Statement stmt = con.createStatement();
ResultSet rs =null;
rs=stmt.executeQuery("select * from FilesList where fileid="+fileid);

Trace

JavaVulnerableSASTGitHubTickets/src/main/webapp/vulnerability/sqli/download_id_union.jsp

Line 18 in 9a24120

String fileid=request.getParameter("fileid");

JavaVulnerableSASTGitHubTickets/src/main/webapp/vulnerability/sqli/download_id_union.jsp

Line 24 in 9a24120

rs=stmt.executeQuery("select * from FilesList where fileid="+fileid);

sqli/download_id.jsp:24

JavaVulnerableSASTGitHubTickets/src/main/webapp/vulnerability/sqli/download_id.jsp

Lines 19 to 24 in 9a24120

if(fileid!=null && !fileid.equals(""))
{
Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties"));
Statement stmt = con.createStatement();
ResultSet rs =null;
rs=stmt.executeQuery("select * from FilesList where fileid="+fileid);

Trace

JavaVulnerableSASTGitHubTickets/src/main/webapp/vulnerability/sqli/download_id.jsp

Line 18 in 9a24120

String fileid=request.getParameter("fileid");

JavaVulnerableSASTGitHubTickets/src/main/webapp/vulnerability/sqli/download_id.jsp

Line 24 in 9a24120

rs=stmt.executeQuery("select * from FilesList where fileid="+fileid);

controller/Register.java:58

JavaVulnerableSASTGitHubTickets/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java

Lines 53 to 58 in 9a24120

{
if(con!=null && !con.isClosed())
{
Statement stmt = con.createStatement();
stmt.executeUpdate("INSERT into users(username, password, email, About,avatar,privilege,secretquestion,secret) values ('"+user+"','"+pass+"','"+email+"','"+about+"','default.jpg','user',1,'"+secret+"')");

Trace

JavaVulnerableSASTGitHubTickets/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java

Line 47 in 9a24120

String secret=request.getParameter("secret");

JavaVulnerableSASTGitHubTickets/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java

Line 58 in 9a24120

stmt.executeUpdate("INSERT into users(username, password, email, About,avatar,privilege,secretquestion,secret) values ('"+user+"','"+pass+"','"+email+"','"+about+"','default.jpg','user',1,'"+secret+"')");

controller/Register.java:58

JavaVulnerableSASTGitHubTickets/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java

Lines 53 to 58 in 9a24120

{
if(con!=null && !con.isClosed())
{
Statement stmt = con.createStatement();
stmt.executeUpdate("INSERT into users(username, password, email, About,avatar,privilege,secretquestion,secret) values ('"+user+"','"+pass+"','"+email+"','"+about+"','default.jpg','user',1,'"+secret+"')");

Trace

JavaVulnerableSASTGitHubTickets/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java

Line 46 in 9a24120

String about=request.getParameter("About");

JavaVulnerableSASTGitHubTickets/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java

Line 58 in 9a24120

stmt.executeUpdate("INSERT into users(username, password, email, About,avatar,privilege,secretquestion,secret) values ('"+user+"','"+pass+"','"+email+"','"+about+"','default.jpg','user',1,'"+secret+"')");

webapp/myprofile.jsp:29

JavaVulnerableSASTGitHubTickets/src/main/webapp/myprofile.jsp

Lines 24 to 29 in 9a24120

out.print("UserName : "+rs.getString("username")+"<br>");
out.print("Email : "+rs.getString("email")+"<br>");
out.print("About : "+rs.getString("about")+"<br>");
//Getting Card Details:
ResultSet rs1=stmt.executeQuery("select * from cards where id="+id);

Trace

JavaVulnerableSASTGitHubTickets/src/main/webapp/myprofile.jsp

Line 16 in 9a24120

String id=request.getParameter("id");

JavaVulnerableSASTGitHubTickets/src/main/webapp/myprofile.jsp

Line 29 in 9a24120

ResultSet rs1=stmt.executeQuery("select * from cards where id="+id);

controller/Register.java:58

JavaVulnerableSASTGitHubTickets/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java

Lines 53 to 58 in 9a24120

{
if(con!=null && !con.isClosed())
{
Statement stmt = con.createStatement();
stmt.executeUpdate("INSERT into users(username, password, email, About,avatar,privilege,secretquestion,secret) values ('"+user+"','"+pass+"','"+email+"','"+about+"','default.jpg','user',1,'"+secret+"')");

Trace

JavaVulnerableSASTGitHubTickets/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java

Line 44 in 9a24120

String pass=request.getParameter("password");

JavaVulnerableSASTGitHubTickets/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java

Line 58 in 9a24120

stmt.executeUpdate("INSERT into users(username, password, email, About,avatar,privilege,secretquestion,secret) values ('"+user+"','"+pass+"','"+email+"','"+about+"','default.jpg','user',1,'"+secret+"')");

csrf/changepassword.jsp:40

JavaVulnerableSASTGitHubTickets/src/main/webapp/vulnerability/csrf/changepassword.jsp

Lines 35 to 40 in 9a24120

if(pass!=null && confirmPass!=null && !pass.equals("") )
{
if(pass.equals(confirmPass) )
{
Statement stmt = con.createStatement();
stmt.executeUpdate("Update users set password='"+pass+"' where id="+id);

Trace

JavaVulnerableSASTGitHubTickets/src/main/webapp/vulnerability/csrf/changepassword.jsp

Line 33 in 9a24120

String pass=request.getParameter("password");

JavaVulnerableSASTGitHubTickets/src/main/webapp/vulnerability/csrf/changepassword.jsp

Line 40 in 9a24120

stmt.executeUpdate("Update users set password='"+pass+"' where id="+id);

vulnerability/forumposts.jsp:14

JavaVulnerableSASTGitHubTickets/src/main/webapp/vulnerability/forumposts.jsp

Lines 9 to 14 in 9a24120

String postid=request.getParameter("postid");
if(postid!=null)
{
Statement stmt = con.createStatement();
ResultSet rs =null;
rs=stmt.executeQuery("select * from posts where postid="+postid);

Trace

JavaVulnerableSASTGitHubTickets/src/main/webapp/vulnerability/forumposts.jsp

Line 9 in 9a24120

String postid=request.getParameter("postid");

JavaVulnerableSASTGitHubTickets/src/main/webapp/vulnerability/forumposts.jsp

Line 14 in 9a24120

rs=stmt.executeQuery("select * from posts where postid="+postid);

controller/Register.java:58

JavaVulnerableSASTGitHubTickets/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java

Lines 53 to 58 in 9a24120

{
if(con!=null && !con.isClosed())
{
Statement stmt = con.createStatement();
stmt.executeUpdate("INSERT into users(username, password, email, About,avatar,privilege,secretquestion,secret) values ('"+user+"','"+pass+"','"+email+"','"+about+"','default.jpg','user',1,'"+secret+"')");

Trace

JavaVulnerableSASTGitHubTickets/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java

Line 43 in 9a24120

String user=request.getParameter("username");

JavaVulnerableSASTGitHubTickets/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java

Line 58 in 9a24120

stmt.executeUpdate("INSERT into users(username, password, email, About,avatar,privilege,secretquestion,secret) values ('"+user+"','"+pass+"','"+email+"','"+about+"','default.jpg','user',1,'"+secret+"')");

admin/manageusers.jsp:14

JavaVulnerableSASTGitHubTickets/src/main/webapp/admin/manageusers.jsp

Lines 9 to 14 in 9a24120

Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties"));
Statement stmt = con.createStatement();
if(request.getParameter("delete")!=null)
{
String user=request.getParameter("user");
stmt.executeUpdate("Delete from users where username='"+user+"'");

Trace

JavaVulnerableSASTGitHubTickets/src/main/webapp/admin/manageusers.jsp

Line 13 in 9a24120

String user=request.getParameter("user");

JavaVulnerableSASTGitHubTickets/src/main/webapp/admin/manageusers.jsp

Line 14 in 9a24120

stmt.executeUpdate("Delete from users where username='"+user+"'");

controller/Register.java:58

JavaVulnerableSASTGitHubTickets/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java

Lines 53 to 58 in 9a24120

{
if(con!=null && !con.isClosed())
{
Statement stmt = con.createStatement();
stmt.executeUpdate("INSERT into users(username, password, email, About,avatar,privilege,secretquestion,secret) values ('"+user+"','"+pass+"','"+email+"','"+about+"','default.jpg','user',1,'"+secret+"')");

Trace

JavaVulnerableSASTGitHubTickets/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java

Line 45 in 9a24120

String email=request.getParameter("email");

JavaVulnerableSASTGitHubTickets/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java

Line 58 in 9a24120

stmt.executeUpdate("INSERT into users(username, password, email, About,avatar,privilege,secretquestion,secret) values ('"+user+"','"+pass+"','"+email+"','"+about+"','default.jpg','user',1,'"+secret+"')");

csrf/change-info.jsp:31

JavaVulnerableSASTGitHubTickets/src/main/webapp/vulnerability/csrf/change-info.jsp

Lines 26 to 31 in 9a24120

String info=request.getParameter("info");
String id=session.getAttribute("userid").toString();
if(info!=null && !info.equals("") && id!=null)
{
Statement stmt = con.createStatement();
stmt.executeUpdate("Update users set about='"+info+"' where id="+id);

Trace

JavaVulnerableSASTGitHubTickets/src/main/webapp/vulnerability/csrf/change-info.jsp

Line 26 in 9a24120

String info=request.getParameter("info");

JavaVulnerableSASTGitHubTickets/src/main/webapp/vulnerability/csrf/change-info.jsp

Line 31 in 9a24120

stmt.executeUpdate("Update users set about='"+info+"' where id="+id);

idor/change-email.jsp:32

JavaVulnerableSASTGitHubTickets/src/main/webapp/vulnerability/idor/change-email.jsp

Lines 27 to 32 in 9a24120

String email=request.getParameter("email");
String id=request.getParameter("id");
if(email!=null && !email.equals("") && id!=null)
{
Statement stmt = con.createStatement();
stmt.executeUpdate("Update users set email='"+email+"' where id="+id);

Trace

JavaVulnerableSASTGitHubTickets/src/main/webapp/vulnerability/idor/change-email.jsp

Line 28 in 9a24120

String id=request.getParameter("id");

JavaVulnerableSASTGitHubTickets/src/main/webapp/vulnerability/idor/change-email.jsp

Line 32 in 9a24120

stmt.executeUpdate("Update users set email='"+email+"' where id="+id);

vulnerability/UserDetails.jsp:13

JavaVulnerableSASTGitHubTickets/src/main/webapp/vulnerability/UserDetails.jsp

Lines 8 to 13 in 9a24120

String username=request.getParameter("username");
if(username!=null && !username.equals(""))
{
Statement stmt = con.createStatement();
ResultSet rs =null;
rs=stmt.executeQuery("select * from users where username='"+username+"'");

Trace

JavaVulnerableSASTGitHubTickets/src/main/webapp/vulnerability/UserDetails.jsp

Line 8 in 9a24120

String username=request.getParameter("username");

JavaVulnerableSASTGitHubTickets/src/main/webapp/vulnerability/UserDetails.jsp

Line 13 in 9a24120

rs=stmt.executeQuery("select * from users where username='"+username+"'");

admin/adminlogin.jsp:19

JavaVulnerableSASTGitHubTickets/src/main/webapp/admin/adminlogin.jsp

Lines 14 to 19 in 9a24120

{
if(con!=null && !con.isClosed())
{
ResultSet rs=null;
Statement stmt = con.createStatement();
rs=stmt.executeQuery("select * from users where username='"+user+"' and password='"+pass+"' and privilege='admin'");

Trace

JavaVulnerableSASTGitHubTickets/src/main/webapp/admin/adminlogin.jsp

Line 11 in 9a24120

String user=request.getParameter("username");

JavaVulnerableSASTGitHubTickets/src/main/webapp/admin/adminlogin.jsp

Line 19 in 9a24120

rs=stmt.executeQuery("select * from users where username='"+user+"' and password='"+pass+"' and privilege='admin'");

controller/Register.java:59

JavaVulnerableSASTGitHubTickets/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java

Lines 54 to 59 in 9a24120

if(con!=null && !con.isClosed())
{
Statement stmt = con.createStatement();
stmt.executeUpdate("INSERT into users(username, password, email, About,avatar,privilege,secretquestion,secret) values ('"+user+"','"+pass+"','"+email+"','"+about+"','default.jpg','user',1,'"+secret+"')");
stmt.executeUpdate("INSERT into UserMessages(recipient, sender, subject, msg) values ('"+user+"','admin','Hi','Hi<br/> This is admin of this page. <br/> Welcome to Our Forum')");

Trace

JavaVulnerableSASTGitHubTickets/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java

Line 43 in 9a24120

String user=request.getParameter("username");

JavaVulnerableSASTGitHubTickets/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java

Line 59 in 9a24120

stmt.executeUpdate("INSERT into UserMessages(recipient, sender, subject, msg) values ('"+user+"','admin','Hi','Hi<br/> This is admin of this page. <br/> Welcome to Our Forum')");

controller/LoginValidator.java:52

JavaVulnerableSASTGitHubTickets/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java

Lines 47 to 52 in 9a24120

Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties"));
if(con!=null && !con.isClosed())
{
ResultSet rs=null;
Statement stmt = con.createStatement();
rs=stmt.executeQuery("select * from users where username='"+user+"' and password='"+pass+"'");

Trace

JavaVulnerableSASTGitHubTickets/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java

Line 44 in 9a24120

String pass=request.getParameter("password").trim();

JavaVulnerableSASTGitHubTickets/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java

Line 52 in 9a24120

rs=stmt.executeQuery("select * from users where username='"+user+"' and password='"+pass+"'");

webapp/changeCardDetails.jsp:43

JavaVulnerableSASTGitHubTickets/src/main/webapp/changeCardDetails.jsp

Lines 38 to 43 in 9a24120

String cvv=request.getParameter("cvv");
String expirydate=request.getParameter("expirydate");
if(!cardno.equals("") && !cvv.equals("") && !expirydate.equals(""))
{
Statement stmt = con.createStatement();
stmt.executeUpdate("INSERT into cards(id,cardno, cvv,expirydate) values ('"+id+"','"+cardno+"','"+cvv+"','"+expirydate+"')");

Trace

JavaVulnerableSASTGitHubTickets/src/main/webapp/changeCardDetails.jsp

Line 39 in 9a24120

String expirydate=request.getParameter("expirydate");

JavaVulnerableSASTGitHubTickets/src/main/webapp/changeCardDetails.jsp

Line 43 in 9a24120

stmt.executeUpdate("INSERT into cards(id,cardno, cvv,expirydate) values ('"+id+"','"+cardno+"','"+cvv+"','"+expirydate+"')");

vulnerability/forum.jsp:48

JavaVulnerableSASTGitHubTickets/src/main/webapp/vulnerability/forum.jsp

Lines 43 to 48 in 9a24120

String title=request.getParameter("title");
if(con!=null && !con.isClosed())
{
Statement stmt = con.createStatement();
//Posting Content
stmt.executeUpdate("INSERT into posts(content,title,user) values ('"+content+"','"+title+"','"+user+"')");

Trace

JavaVulnerableSASTGitHubTickets/src/main/webapp/vulnerability/forum.jsp

Line 42 in 9a24120

String content=request.getParameter("content");

JavaVulnerableSASTGitHubTickets/src/main/webapp/vulnerability/forum.jsp

Line 48 in 9a24120

stmt.executeUpdate("INSERT into posts(content,title,user) values ('"+content+"','"+title+"','"+user+"')");

controller/LoginValidator.java:52

JavaVulnerableSASTGitHubTickets/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java

Lines 47 to 52 in 9a24120

Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties"));
if(con!=null && !con.isClosed())
{
ResultSet rs=null;
Statement stmt = con.createStatement();
rs=stmt.executeQuery("select * from users where username='"+user+"' and password='"+pass+"'");

Trace

JavaVulnerableSASTGitHubTickets/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java

Line 43 in 9a24120

String user=request.getParameter("username").trim();

JavaVulnerableSASTGitHubTickets/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java

Line 52 in 9a24120

rs=stmt.executeQuery("select * from users where username='"+user+"' and password='"+pass+"'");

Language: JavaScript / Node.js

Severity CWE Vulnerability Type Count
Medium CWE-798 Hardcoded Password/Credentials 3

Details

No high vulnerability findings detected. To view information on the remaining findings, navigate to the Mend SAST Application.

Metadata

Metadata

Assignees

No one assigned

    Labels

    code security findingsCode security findings detected by Mend

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions