github-actions[bot]
commented
1 year ago 
Scan Summary:
PIPELINE_SCAN_VERSION: 23.4.1-0
DEV-STAGE: DEVELOPMENT
SCAN_ID: a471dbd3-d6ed-44ef-b015-87fdd5720d15
SCAN_STATUS: SUCCESS
SCAN_MESSAGE: Scan successful. Results size: 344386 bytes
====================
Analysis Successful.
====================
===================
Analyzed 2 modules.
===================
verademo.war
JS files within verademo.war
====================
Analyzed 156 issues.
====================details
-------------------------------------
Found 4 issues of Very High severity.
-------------------------------------
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'): com/veracode/verademo/controller/ToolsController.java:56
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'): com/veracode/verademo/controller/ToolsController.java:59
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'): com/veracode/verademo/controller/ToolsController.java:91
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'): com/veracode/verademo/controller/ToolsController.java:94
---------------------------------
Found 14 issues of High severity.
---------------------------------
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/controller/UserController.java:166
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/controller/UserController.java:251
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/controller/UserController.java:316
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/controller/UserController.java:384
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/controller/UserController.java:495
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/controller/UserController.java:506
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/controller/BlabController.java:490
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/commands/RemoveAccountCommand.java:40
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/commands/RemoveAccountCommand.java:47
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/commands/RemoveAccountCommand.java:51
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/commands/ListenCommand.java:40
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/commands/ListenCommand.java:47
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/commands/IgnoreCommand.java:40
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/commands/IgnoreCommand.java:47
-----------------------------------
Found 90 issues of Medium severity.
-----------------------------------
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/profile.jsp:248
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/profile.jsp:253
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/feed.jsp:175
CWE-502: Deserialization of Untrusted Data: com/veracode/verademo/utils/UserFactory.java:44
CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting'): com/veracode/verademo/utils/UserFactory.java:96
CWE-327: Use of a Broken or Risky Cryptographic Algorithm: com/veracode/verademo/utils/User.java:103
CWE-259: Use of Hard-coded Password: com/veracode/verademo/utils/Constants.java:1
CWE-259: Use of Hard-coded Password: com/veracode/verademo/utils/Constants.java:14
CWE-601: URL Redirection to Untrusted Site ('Open Redirect'): com/veracode/verademo/controller/UserController.java:82
CWE-601: URL Redirection to Untrusted Site ('Open Redirect'): com/veracode/verademo/controller/UserController.java:95
CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting'): com/veracode/verademo/controller/UserController.java:173
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/UserController.java:229
CWE-73: External Control of File Name or Path: com/veracode/verademo/controller/UserController.java:230
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/UserController.java:237
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/UserController.java:249
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/UserController.java:255
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): com/veracode/verademo/controller/UserController.java:256
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): com/veracode/verademo/controller/UserController.java:263
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/UserController.java:385
CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection'): com/veracode/verademo/controller/UserController.java:433
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/UserController.java:493
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/UserController.java:504
CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting'): com/veracode/verademo/controller/UserController.java:631
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/UserController.java:658
CWE-73: External Control of File Name or Path: com/veracode/verademo/controller/UserController.java:660
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/UserController.java:694
CWE-73: External Control of File Name or Path: com/veracode/verademo/controller/UserController.java:699
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/UserController.java:708
CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting'): com/veracode/verademo/controller/UserController.java:711
CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting'): com/veracode/verademo/controller/UserController.java:713
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/UserController.java:803
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/UserController.java:859
CWE-73: External Control of File Name or Path: com/veracode/verademo/controller/UserController.java:863
CWE-327: Use of a Broken or Risky Cryptographic Algorithm: com/veracode/verademo/controller/UserController.java:961
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/ResetController.java:109
CWE-331: Insufficient Entropy: com/veracode/verademo/controller/ResetController.java:128
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/ResetController.java:132
CWE-331: Insufficient Entropy: com/veracode/verademo/controller/ResetController.java:153
CWE-331: Insufficient Entropy: com/veracode/verademo/controller/ResetController.java:156
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/ResetController.java:159
CWE-331: Insufficient Entropy: com/veracode/verademo/controller/ResetController.java:179
CWE-331: Insufficient Entropy: com/veracode/verademo/controller/ResetController.java:183
CWE-331: Insufficient Entropy: com/veracode/verademo/controller/ResetController.java:187
CWE-331: Insufficient Entropy: com/veracode/verademo/controller/ResetController.java:191
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/ResetController.java:193
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/ResetController.java:194
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): com/veracode/verademo/controller/BlabController.java:204
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/BlabController.java:558
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/BlabController.java:559
CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection'): com/veracode/verademo/controller/BlabController.java:571
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/commands/RemoveAccountCommand.java:39
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/commands/RemoveAccountCommand.java:46
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/commands/RemoveAccountCommand.java:50
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/commands/ListenCommand.java:39
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/commands/ListenCommand.java:46
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/commands/IgnoreCommand.java:39
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/commands/IgnoreCommand.java:46
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/tools.jsp:65
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/tools.jsp:68
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/tools.jsp:78
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/register.jsp:60
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/register.jsp:87
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/register-finish.jsp:60
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/register-finish.jsp:83
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/profile.jsp:63
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/profile.jsp:91
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/profile.jsp:102
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/profile.jsp:111
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/profile.jsp:120
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/profile.jsp:161
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/profile.jsp:164
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/profile.jsp:201
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/login.jsp:62
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/login.jsp:81
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/login.jsp:88
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/feed.jsp:59
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/feed.jsp:70
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/feed.jsp:94
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/feed.jsp:97
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/feed.jsp:99
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/feed.jsp:142
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/blabbers.jsp:66
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/blabbers.jsp:101
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/blabbers.jsp:104
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/blab.jsp:57
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/blab.jsp:61
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/blab.jsp:69
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/blab.jsp:105
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/blab.jsp:109
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/blab.jsp:111
--------------------------------
Found 30 issues of Low severity.
--------------------------------
CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute: com/veracode/verademo/utils/UserFactory.java:96
CWE-245: J2EE Bad Practices: Direct Management of Connections: com/veracode/verademo/controller/UserController.java:157
CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute: com/veracode/verademo/controller/UserController.java:173
CWE-245: J2EE Bad Practices: Direct Management of Connections: com/veracode/verademo/controller/UserController.java:246
CWE-245: J2EE Bad Practices: Direct Management of Connections: com/veracode/verademo/controller/UserController.java:312
CWE-245: J2EE Bad Practices: Direct Management of Connections: com/veracode/verademo/controller/UserController.java:368
CWE-245: J2EE Bad Practices: Direct Management of Connections: com/veracode/verademo/controller/UserController.java:470
CWE-245: J2EE Bad Practices: Direct Management of Connections: com/veracode/verademo/controller/UserController.java:573
CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute: com/veracode/verademo/controller/UserController.java:631
CWE-201: Information Exposure Through Sent Data: com/veracode/verademo/controller/UserController.java:711
CWE-245: J2EE Bad Practices: Direct Management of Connections: com/veracode/verademo/controller/UserController.java:769
CWE-245: J2EE Bad Practices: Direct Management of Connections: com/veracode/verademo/controller/UserController.java:829
CWE-209: Information Exposure Through an Error Message: com/veracode/verademo/controller/UserController.java:949
CWE-201: Information Exposure Through Sent Data: com/veracode/verademo/controller/UserController.java:949
CWE-245: J2EE Bad Practices: Direct Management of Connections: com/veracode/verademo/controller/ResetController.java:101
CWE-245: J2EE Bad Practices: Direct Management of Connections: com/veracode/verademo/controller/ResetController.java:269
CWE-245: J2EE Bad Practices: Direct Management of Connections: com/veracode/verademo/controller/BlabController.java:69
CWE-245: J2EE Bad Practices: Direct Management of Connections: com/veracode/verademo/controller/BlabController.java:182
CWE-245: J2EE Bad Practices: Direct Management of Connections: com/veracode/verademo/controller/BlabController.java:232
CWE-245: J2EE Bad Practices: Direct Management of Connections: com/veracode/verademo/controller/BlabController.java:307
CWE-245: J2EE Bad Practices: Direct Management of Connections: com/veracode/verademo/controller/BlabController.java:400
CWE-245: J2EE Bad Practices: Direct Management of Connections: com/veracode/verademo/controller/BlabController.java:483
CWE-245: J2EE Bad Practices: Direct Management of Connections: com/veracode/verademo/controller/BlabController.java:568
CWE-209: Information Exposure Through an Error Message: WEB-INF/views/register.jsp:60
CWE-209: Information Exposure Through an Error Message: WEB-INF/views/register-finish.jsp:60
CWE-209: Information Exposure Through an Error Message: WEB-INF/views/profile.jsp:63
CWE-209: Information Exposure Through an Error Message: WEB-INF/views/login.jsp:62
CWE-209: Information Exposure Through an Error Message: WEB-INF/views/feed.jsp:70
CWE-209: Information Exposure Through an Error Message: WEB-INF/views/blabbers.jsp:66
CWE-209: Information Exposure Through an Error Message: WEB-INF/views/blab.jsp:69
---------------------------------------------
Skipping 18 issues of Informational severity.
---------------------------------------------
==========================
FAILURE: Found 138 issues!
==========================
Scan Summary:
PIPELINE_SCAN_VERSION: 22.11.0-0
DEV-STAGE: DEVELOPMENT
SCAN_ID: 3e890fdf-60a8-4bc1-b7ac-6e5271f70d5c
SCAN_STATUS: SUCCESS
SCAN_MESSAGE: Scan successful. Results size: 349715 bytes
====================
Analysis Successful.
====================
===================
Analyzed 2 modules.
===================
verademo.war
JS files within verademo.war
====================
Analyzed 158 issues.
====================
details
-------------------------------------
Found 4 issues of Very High severity.
-------------------------------------
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'): com/veracode/verademo/controller/ToolsController.java:56
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'): com/veracode/verademo/controller/ToolsController.java:59
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'): com/veracode/verademo/controller/ToolsController.java:91
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'): com/veracode/verademo/controller/ToolsController.java:94
---------------------------------
Found 14 issues of High severity.
---------------------------------
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/controller/UserController.java:166
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/controller/UserController.java:251
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/controller/UserController.java:316
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/controller/UserController.java:384
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/controller/UserController.java:495
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/controller/UserController.java:506
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/controller/BlabController.java:490
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/commands/RemoveAccountCommand.java:40
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/commands/RemoveAccountCommand.java:47
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/commands/RemoveAccountCommand.java:51
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/commands/ListenCommand.java:40
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/commands/ListenCommand.java:47
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/commands/IgnoreCommand.java:40
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/commands/IgnoreCommand.java:47
--------------------------------------
Skipping 92 issues of Medium severity.
--------------------------------------
-----------------------------------
Skipping 30 issues of Low severity.
-----------------------------------
---------------------------------------------
Skipping 18 issues of Informational severity.
---------------------------------------------
=========================
FAILURE: Found 18 issues!
=========================