Code Security Report: 22 high severity findings, 937 total findings

[mend-for-github-com]

Code Security Report

Scan Metadata

Latest Scan: 2023-05-18 03:51am
Total Findings: 937 | New Findings: 0 | Resolved Findings: 0
Tested Project Files: 588
Detected Programming Languages: 3 (JavaScript / Node.js, Android Java, C/C++ (Beta))

• Check this box to manually trigger a scan

Most Relevant Findings

The below list presents the 10 most relevant findings that need your attention. To view information on the remaining findings, navigate to the Mend SAST Application.

Severity	Vulnerability Type	CWE	File	Data Flows	Date
High	External Data In SQL Queries	CWE-89	Insecure_Data_Storage2.java:54	1	2023-04-19 06:32pm
More info SecurityShepherd/src/MobileShepherd/InsecureData2/app/src/main/java/com/mobshep/insecuredata2/Insecure_Data_Storage2.java Lines 49 to 54 in 9ef42d6 } public void createDatabase() { try { passwordDB = this.openOrCreateDatabase("passwordDB", MODE_PRIVATE, null); passwordDB.execSQL("CREATE TABLE IF NOT EXISTS passwordDB " + 1 Data Flow/s detected View Data Flow 1 SecurityShepherd/src/MobileShepherd/InsecureData2/app/src/main/java/com/mobshep/insecuredata2/Insecure_Data_Storage2.java Line 54 in 9ef42d6 passwordDB.execSQL("CREATE TABLE IF NOT EXISTS passwordDB " +
High	External Data In SQL Queries	CWE-89	Insecure_Data_Storage2.java:89	1	2023-04-19 06:32pm
More info SecurityShepherd/src/MobileShepherd/MobileShepherd/app/src/main/java/com/mobshep/mobileshepherd/Insecure_Data_Storage2.java Lines 84 to 89 in 9ef42d6 public void createDatabase() { try { String path = DB_PATH + DB_NAME; passwordDB = this.openOrCreateDatabase(path, MODE_PRIVATE, null); passwordDB.execSQL("CREATE TABLE IF NOT EXISTS passwordDB " + 1 Data Flow/s detected View Data Flow 1 SecurityShepherd/src/MobileShepherd/MobileShepherd/app/src/main/java/com/mobshep/mobileshepherd/Insecure_Data_Storage2.java Line 89 in 9ef42d6 passwordDB.execSQL("CREATE TABLE IF NOT EXISTS passwordDB " +
High	External Data In SQL Queries	CWE-89	SecretProvider.java:186	1	2023-04-19 06:32pm
More info SecurityShepherd/src/MobileShepherd/CProviderLeakage/app/src/main/java/com/somewhere/hidden/SecretProvider.java Lines 181 to 186 in 9ef42d6 } // Recreates the table when the database needs to be upgraded @Override public void onUpgrade(SQLiteDatabase sqlDB, int oldVersion, int newVersion) { sqlDB.execSQL("DROP TABLE IF EXISTS " + TABLE_NAME); 1 Data Flow/s detected View Data Flow 1 SecurityShepherd/src/MobileShepherd/CProviderLeakage/app/src/main/java/com/somewhere/hidden/SecretProvider.java Line 186 in 9ef42d6 sqlDB.execSQL("DROP TABLE IF EXISTS " + TABLE_NAME);
High	External Data In SQL Queries	CWE-89	mProvider.java:186	1	2023-04-19 06:32pm
More info SecurityShepherd/src/MobileShepherd/CProviderLeakage1/app/src/main/java/com/app/module/mProvider.java Lines 181 to 186 in 9ef42d6 } // Recreates the table when the database needs to be upgraded @Override public void onUpgrade(SQLiteDatabase sqlDB, int oldVersion, int newVersion) { sqlDB.execSQL("DROP TABLE IF EXISTS " + TABLE_NAME); 1 Data Flow/s detected View Data Flow 1 SecurityShepherd/src/MobileShepherd/CProviderLeakage1/app/src/main/java/com/app/module/mProvider.java Line 186 in 9ef42d6 sqlDB.execSQL("DROP TABLE IF EXISTS " + TABLE_NAME);
High	External Data In SQL Queries	CWE-89	SessionProvider.java:226	1	2023-04-19 06:32pm
More info SecurityShepherd/src/MobileShepherd/ShepherdLogin/app/src/main/java/com/mobshep/shepherdlogin/SessionProvider.java Lines 221 to 226 in 9ef42d6 onCreate(sqlDB); } public void deleteData(){ SQLiteDatabase sqlDB = getWritableDatabase(); sqlDB.execSQL("DELETE FROM " + TABLE_NAME); 1 Data Flow/s detected View Data Flow 1 SecurityShepherd/src/MobileShepherd/ShepherdLogin/app/src/main/java/com/mobshep/shepherdlogin/SessionProvider.java Line 226 in 9ef42d6 sqlDB.execSQL("DELETE FROM " + TABLE_NAME);
High	External Data In SQL Queries	CWE-89	SessionProvider.java:220	1	2023-04-19 06:32pm
More info SecurityShepherd/src/MobileShepherd/ShepherdLogin/app/src/main/java/com/mobshep/shepherdlogin/SessionProvider.java Lines 215 to 220 in 9ef42d6 } // Recreates the table when the database needs to be upgraded @Override public void onUpgrade(SQLiteDatabase sqlDB, int oldVersion, int newVersion) { sqlDB.execSQL("DROP TABLE IF EXISTS " + TABLE_NAME); 1 Data Flow/s detected View Data Flow 1 SecurityShepherd/src/MobileShepherd/ShepherdLogin/app/src/main/java/com/mobshep/shepherdlogin/SessionProvider.java Line 220 in 9ef42d6 sqlDB.execSQL("DROP TABLE IF EXISTS " + TABLE_NAME);
High	External Data In SQL Queries	CWE-89	Insecure_Data_Storage.java:52	1	2023-04-19 06:32pm
More info SecurityShepherd/src/MobileShepherd/InsecureData/app/src/main/java/com/mobshep/insecuredata/Insecure_Data_Storage.java Lines 47 to 52 in 9ef42d6 } public void createDatabase() { try { Members = this.openOrCreateDatabase("Members", MODE_PRIVATE, null); Members.execSQL("CREATE TABLE IF NOT EXISTS Members " + 1 Data Flow/s detected View Data Flow 1 SecurityShepherd/src/MobileShepherd/InsecureData/app/src/main/java/com/mobshep/insecuredata/Insecure_Data_Storage.java Line 52 in 9ef42d6 Members.execSQL("CREATE TABLE IF NOT EXISTS Members " +
High	External Data In SQL Queries	CWE-89	Insecure_Data_Storage.java:83	1	2023-04-19 06:32pm
More info SecurityShepherd/src/MobileShepherd/MobileShepherd/app/src/main/java/com/mobshep/mobileshepherd/Insecure_Data_Storage.java Lines 78 to 83 in 9ef42d6 public void createDatabase() { try { String path = DB_PATH + DB_NAME; Members = this.openOrCreateDatabase(path, MODE_PRIVATE, null); Members.execSQL("CREATE TABLE IF NOT EXISTS Members " + 1 Data Flow/s detected View Data Flow 1 SecurityShepherd/src/MobileShepherd/MobileShepherd/app/src/main/java/com/mobshep/mobileshepherd/Insecure_Data_Storage.java Line 83 in 9ef42d6 Members.execSQL("CREATE TABLE IF NOT EXISTS Members " +
High	External Data In SQL Queries	CWE-89	SessionProvider.java:85	1	2023-04-19 06:32pm
More info SecurityShepherd/src/MobileShepherd/ShepherdLogin/app/src/main/java/com/mobshep/shepherdlogin/SessionProvider.java Lines 80 to 85 in 9ef42d6 } @Override public Cursor query(Uri uri, String[] projection, String selection, String[] selectionArgs, String sortOrder) { // Used to create a SQL query SQLiteQueryBuilder queryBuilder = new SQLiteQueryBuilder(); 1 Data Flow/s detected View Data Flow 1 SecurityShepherd/src/MobileShepherd/ShepherdLogin/app/src/main/java/com/mobshep/shepherdlogin/SessionProvider.java Line 85 in 9ef42d6 SQLiteQueryBuilder queryBuilder = new SQLiteQueryBuilder();
High	External Data In SQL Queries	CWE-89	SecretProvider.java:62	1	2023-04-19 06:32pm
More info SecurityShepherd/src/MobileShepherd/MobileShepherd/app/src/main/java/com/mobshep/mobileshepherd/SecretProvider.java Lines 57 to 62 in 9ef42d6 } @Override public Cursor query(Uri uri, String[] projection, String selection, String[] selectionArgs, String sortOrder) { // Used to create a SQL query SQLiteQueryBuilder queryBuilder = new SQLiteQueryBuilder(); 1 Data Flow/s detected View Data Flow 1 SecurityShepherd/src/MobileShepherd/MobileShepherd/app/src/main/java/com/mobshep/mobileshepherd/SecretProvider.java Line 62 in 9ef42d6 SQLiteQueryBuilder queryBuilder = new SQLiteQueryBuilder();

Findings Overview

Severity	Vulnerability Type	CWE	Language	Count
High	External Data In SQL Queries	CWE-89	Android Java	15
High	DOM Based Cross-Site Scripting	CWE-79	JavaScript / Node.js	3
High	Arbitrary Code Injection	CWE-94	Android Java	4
Medium	Miscellaneous Dangerous Functions	CWE-676	Android Java	409
Medium	Log Messages	CWE-209	Android Java	64
Medium	Heap Inspection	CWE-244	Android Java	145
Medium	Hardcoded Password/Credentials	CWE-798	Android Java	11
Medium	Location Information	CWE-200	Android Java	2
Medium	Intents Usage	CWE-926	Android Java	102
Medium	Shared Preferences Usage	CWE-200	Android Java	3
Medium	Insecure Data Storage	CWE-200	Android Java	8
Medium	Insufficient Transport Layer Protection	CWE-319	Android Java	106
Low	External URL Access		Android Java	16
Low	Log Forging	CWE-117	JavaScript / Node.js	2
Low	Weak Encryption Strength	CWE-326	Android Java	23
Low	Application Configuration	CWE-16	Android Java	24