Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Test Checkmarx scan with lots of faulty things #12

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Test Checkmarx scan with lots of faulty things #12

wants to merge 4 commits into from

Conversation

ninsy
Copy link

@ninsy ninsy commented Nov 2, 2020

No description provided.

@ninsy
Copy link
Author

ninsy commented Nov 2, 2020

Having only "push" event sent won't trigger results being written here, putting comment to trigger "pull request" event

@ce-bot-github-swe
Copy link

Scan submitted to Checkmarx

@ce-bot-github-swe
Copy link

ce-bot-github-swe commented Nov 2, 2020
edited
Loading

Logo
Checkmarx SAST - Scan Summary & Details

Cx-SAST Summary

Total of 410 vulnerabilities
High 38 High
Medium 17 Medium
Low 355 Low
Info 0 Info

Checkmarx Scan Summary

Severity Count
High 38
Medium 17
Low 355
Informational 0

Violation Summary

High 25 High
Low 227 Low
Medium 15 Medium

View more details on Checkmarx UI

Cx-SAST Details

Lines Severity Category File Link
81 85 Medium XML_External_Entities_XXE routes/fileupload.js Checkmarx
42 Medium Privacy_Violation routes/2fa.js Checkmarx
29 Medium Plaintext_Storage_of_a_Password routes/login.js Checkmarx
15 Medium Path_Traversal routes/profileimageurlupload.js Checkmarx
13 Medium Missing_HSTS_Header routes/premiumreward.js Checkmarx
161 Medium Client_Privacy_Violation test/e2e/loginspec.js Checkmarx
98 Medium Client_Potential_XSS frontend/src/hacking-instructor/index.ts Checkmarx
46 50 Medium Client_HTML5_Insecure_Storage frontend/src/app/two-factor-auth-enter/two-factor-auth-enter.component.ts Checkmarx
73 75 79 Medium Client_HTML5_Insecure_Storage frontend/src/app/login/login.component.ts Checkmarx
37 38 Medium Client_HTML5_Insecure_Storage frontend/src/app/oauth/oauth.component.ts Checkmarx
21 Low Use_of_Broken_or_Risky_Cryptographic_Algorithm lib/insecurity.js Checkmarx
35 99 101 107 123 Low Use_Of_Hardcoded_Password frontend/src/app/forgot-password/forgot-password.component.spec.ts Checkmarx
33 45 Low Use_Of_Hardcoded_Password test/e2e/totpsetupspec.js Checkmarx
20 47 76 111 151 193 232 280 330 Low Use_Of_Hardcoded_Password test/api/dataexportapispec.js Checkmarx
20 37 54 71 92 113 136 154 172 189 210 231 254 271 288 Low Use_Of_Hardcoded_Password test/api/quantityapispec.js Checkmarx
13 100 Low Use_Of_Hardcoded_Password test/e2e/restapispec.js Checkmarx
12 16 17 33 Low Use_Of_Hardcoded_Password test/e2e/changepasswordspec.js Checkmarx
24 100 Low Use_Of_Hardcoded_Password test/api/basketapispec.js Checkmarx
20 Low Use_Of_Hardcoded_Password test/e2e/registerspec.js Checkmarx
102 Low Use_Of_Hardcoded_Password frontend/src/app/login/login.component.spec.ts Checkmarx
23 Low Use_Of_Hardcoded_Password test/e2e/forgotpasswordspec.js Checkmarx
18 55 72 89 108 128 148 Low Use_Of_Hardcoded_Password test/api/orderhistoryapispec.js Checkmarx
16 69 106 Low Use_Of_Hardcoded_Password test/e2e/nosqlspec.js Checkmarx
20 Low Use_Of_Hardcoded_Password test/api/basketitemapispec.js Checkmarx
27 60 82 100 113 Low Use_Of_Hardcoded_Password frontend/src/app/change-password/change-password.component.spec.ts Checkmarx
161 162 163 186 187 220 221 264 265 280 292 293 320 321 348 349 350 376 377 378 410 411 412 431 Low Use_Of_Hardcoded_Password test/api/2faspec.js Checkmarx
41 59 81 103 125 144 205 216 Low Use_Of_Hardcoded_Password test/api/userapispec.js Checkmarx
22 51 82 110 Low Use_Of_Hardcoded_Password test/api/deliveryapispec.js Checkmarx
104 Low Use_Of_Hardcoded_Password test/api/productreviewapispec.js Checkmarx
12 Low Use_Of_Hardcoded_Password test/e2e/profilespec.js Checkmarx
44 45 71 72 99 100 152 153 Low Use_Of_Hardcoded_Password test/api/chatbotspec.js Checkmarx
18 Low Use_Of_Hardcoded_Password test/api/walletapispec.js Checkmarx
34 52 70 88 103 104 126 127 146 167 188 Low Use_Of_Hardcoded_Password test/api/deluxeapispec.js Checkmarx
19 Low Use_Of_Hardcoded_Password test/api/userprofilespec.js Checkmarx
23 Low Use_Of_Hardcoded_Password test/e2e/geostalkingspec.js Checkmarx
11 Low Use_Of_Hardcoded_Password test/e2e/chatbotspec.js Checkmarx
44 Low Use_Of_Hardcoded_Password test/api/securityanswerapispec.js Checkmarx
20 29 47 93 Low Use_Of_Hardcoded_Password test/api/passwordapispec.js Checkmarx
10 Low Use_Of_Hardcoded_Password test/e2e/b2borderspec.js Checkmarx
20 Low Use_Of_Hardcoded_Password test/api/addressapispec.js Checkmarx
76 91 Low Use_Of_Hardcoded_Password frontend/src/app/two-factor-auth/two-factor-auth.component.ts Checkmarx
109 111 118 136 137 154 Low Use_Of_Hardcoded_Password frontend/src/app/register/register.component.spec.ts Checkmarx
27 36 52 70 85 100 115 130 148 249 265 286 Low Use_Of_Hardcoded_Password test/api/loginapispec.js Checkmarx
25 51 94 119 Low Use_Of_Hardcoded_Password test/api/profileimageuploadspec.js Checkmarx
21 Low Use_Of_Hardcoded_Password test/e2e/dataexportspec.js Checkmarx
51 57 61 66 113 114 115 130 Low Use_Of_Hardcoded_Password frontend/src/assets/private/threejs-demo.html Checkmarx
11 21 Low Use_Of_Hardcoded_Password test/e2e/deluxespec.js Checkmarx
15 161 Low Use_Of_Hardcoded_Password test/e2e/loginspec.js Checkmarx
118 151 Low Use_Of_Hardcoded_Password test/api/feedbackapispec.js Checkmarx
17 31 Low Use_Of_Hardcoded_Password test/api/erasurerequestapispec.js Checkmarx
13 Low Use_Of_Hardcoded_Password test/e2e/complainspec.js Checkmarx
199 Low Use_Of_Hardcoded_Password data/datacreator.js Checkmarx
20 Low Use_Of_Hardcoded_Password test/api/paymentapispec.js Checkmarx
10 21 Low Use_Of_Hardcoded_Password test/e2e/administrationspec.js Checkmarx
24 49 Low Use_Of_Hardcoded_Password test/e2e/contactspec.js Checkmarx
90 Low Use_Of_Hardcoded_Password frontend/src/app/services/user.service.spec.ts Checkmarx
12 71 Low Use_Of_Hardcoded_Password test/e2e/basketspec.js Checkmarx
25 62 88 Low Use_Of_Hardcoded_Password test/api/memoryapispec.js Checkmarx
67 77 Low Use_Of_Hardcoded_Password test/e2e/searchspec.js Checkmarx
84 Low Unsafe_Use_Of_Target_blank test/e2e/restapispec.js Checkmarx
166 Low Unsafe_Use_Of_Target_blank frontend/src/app/score-board/score-board.component.html Checkmarx
14 Low Unsafe_Use_Of_Target_blank frontend/src/app/photo-wall/photo-wall.component.html Checkmarx
97 102 Low Unsafe_Use_Of_Target_blank test/api/productapispec.js Checkmarx
296 Low Unsafe_Use_Of_Target_blank data/datacreator.js Checkmarx
157 Low Unsafe_Use_Of_Target_blank routes/verify.js Checkmarx
214 222 237 Low Unsafe_Use_Of_Target_blank test/server/verifyspec.js Checkmarx
27 Low Unprotected_Cookie routes/updateuserprofile.js Checkmarx
172 Low Unprotected_Cookie lib/insecurity.js Checkmarx
7 Low Potentially_Vulnerable_To_Xsrf test/e2esubfolder.js Checkmarx
48 56 Low Potentially_Vulnerable_To_Xsrf frontend/src/app/app.routing.ts Checkmarx
72 Low Potentially_Vulnerable_To_Xsrf server.js Checkmarx
6342 12862 16334 24964 27358 27359 Low Potentially_Vulnerable_To_Xsrf frontend/src/assets/private/three.js Checkmarx
47 763 Low Potentially_Vulnerable_To_Xsrf frontend/src/assets/private/dat.gui.min.js Checkmarx
1 Low Potential_Clickjacking_on_Legacy_Browsers frontend/src/app/about/about.component.html Checkmarx
13 Low Missing_CSP_Header routes/premiumreward.js Checkmarx
64 Low JSON_Hijacking routes/dataexport.js Checkmarx
1 7 Low Improper_Resource_Shutdown_or_Release test/files/encrypt.py Checkmarx
116 Low Client_Server_Empty_Password frontend/src/app/register/register.component.spec.ts Checkmarx
15 Low Client_Remote_File_Inclusion frontend/src/index.html Checkmarx
24168 24175 Low Client_Password_In_Comment frontend/src/assets/private/three.js Checkmarx
33 Low Client_Insecure_Randomness lib/insecurity.js Checkmarx
201 Low Client_Insecure_Randomness data/datacreator.js Checkmarx
15 16 Low Client_Hardcoded_Domain frontend/src/index.html Checkmarx
34 Low Client_DOM_Open_Redirect frontend/src/app/delivery-method/delivery-method.component.ts Checkmarx
52 68 Low Angular_Usage_of_Unsafe_DOM_Sanitizer frontend/src/app/administration/administration.component.ts Checkmarx
81 Low Angular_Usage_of_Unsafe_DOM_Sanitizer frontend/src/app/about/about.component.ts Checkmarx
42 Low Angular_Usage_of_Unsafe_DOM_Sanitizer frontend/src/app/track-result/track-result.component.ts Checkmarx
46 Low Angular_Usage_of_Unsafe_DOM_Sanitizer frontend/src/app/data-export/data-export.component.ts Checkmarx
36 Low Angular_Usage_of_Unsafe_DOM_Sanitizer frontend/src/app/last-login-ip/last-login-ip.component.ts Checkmarx
78 High Stored_XSS routes/videohandler.js Checkmarx
29 High Security_Misconfiguration routes/login.js Checkmarx
12 High SQL_Injection routes/search.js Checkmarx
29 High SQL_Injection routes/login.js Checkmarx
42 High Reflected_XSS frontend/src/app/track-result/track-result.component.ts Checkmarx
15 High Deserialization_of_Untrusted_Data routes/b2border.js Checkmarx
16 17 18 High Client_SQL_Injection routes/createproductreviews.js Checkmarx
37 57 93 113 143 144 High Client_SQL_Injection routes/order.js Checkmarx
19 High Client_SQL_Injection routes/profileimagefileupload.js Checkmarx
12 High Client_SQL_Injection routes/search.js Checkmarx
15 17 High Client_SQL_Injection routes/profileimageurlupload.js Checkmarx
32 34 High Client_SQL_Injection routes/orderhistory.js Checkmarx
29 59 High Client_SQL_Injection routes/login.js Checkmarx
136 High Client_SQL_Injection lib/insecurity.js Checkmarx
34 High Client_DOM_XSS frontend/src/app/delivery-method/delivery-method.component.ts Checkmarx

@ninsy
Copy link
Author

ninsy commented Nov 2, 2020

Gotta mark few errors as false positives, commit some changes and check whether new report will be printed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ninsy @ce-bot-github-swe