Closed mend-for-github-com[bot] closed 3 months ago
This issue has been automatically marked as stale
because it has not had recent activity. :calendar: It will be closed automatically in one week if no further activity occurs.
This issue was closed because it has been stalled for 7 days with no activity.
Code Security Report
Scan Metadata
Latest Scan: 2024-06-14 12:50pm Total Findings: 33 | New Findings: 0 | Resolved Findings: 0 Tested Project Files: 441 Detected Programming Languages: 1 (JavaScript / TypeScript*)
Most Relevant Findings
Vulnerable Code
https://github.com/Christian-oleinik/test_repo/blob/141277bbe1dbdc1d667de53b0177a226b25277eb/routes/login.ts#L31-L361 Data Flow/s detected
https://github.com/Christian-oleinik/test_repo/blob/141277bbe1dbdc1d667de53b0177a226b25277eb/server.ts#L564 https://github.com/Christian-oleinik/test_repo/blob/141277bbe1dbdc1d667de53b0177a226b25277eb/routes/login.ts#L34 https://github.com/Christian-oleinik/test_repo/blob/141277bbe1dbdc1d667de53b0177a226b25277eb/routes/login.ts#L36Secure Code Warrior Training Material
● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/nodejs/express) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)Vulnerable Code
https://github.com/Christian-oleinik/test_repo/blob/141277bbe1dbdc1d667de53b0177a226b25277eb/routes/dataErasure.ts#L82-L871 Data Flow/s detected
https://github.com/Christian-oleinik/test_repo/blob/141277bbe1dbdc1d667de53b0177a226b25277eb/routes/dataErasure.ts#L54Secure Code Warrior Training Material
● Training ▪ [Secure Code Warrior Code Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/code/nodejs/express) ● Videos ▪ [Secure Code Warrior Code Injection Video](https://media.securecodewarrior.com/v2/Module_28_CODE_INJECTION_v2.mp4) ● Further Reading ▪ [OWASP Command Injection](https://owasp.org/www-community/attacks/Code_Injection)Vulnerable Code
https://github.com/Christian-oleinik/test_repo/blob/141277bbe1dbdc1d667de53b0177a226b25277eb/routes/dataErasure.ts#L67-L721 Data Flow/s detected
https://github.com/Christian-oleinik/test_repo/blob/141277bbe1dbdc1d667de53b0177a226b25277eb/routes/dataErasure.ts#L54Secure Code Warrior Training Material
● Training ▪ [Secure Code Warrior Code Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/code/nodejs/express) ● Videos ▪ [Secure Code Warrior Code Injection Video](https://media.securecodewarrior.com/v2/Module_28_CODE_INJECTION_v2.mp4) ● Further Reading ▪ [OWASP Command Injection](https://owasp.org/www-community/attacks/Code_Injection)Vulnerable Code
https://github.com/Christian-oleinik/test_repo/blob/141277bbe1dbdc1d667de53b0177a226b25277eb/routes/vulnCodeSnippet.ts#L88-L931 Data Flow/s detected
https://github.com/Christian-oleinik/test_repo/blob/141277bbe1dbdc1d667de53b0177a226b25277eb/server.ts#L640 https://github.com/Christian-oleinik/test_repo/blob/141277bbe1dbdc1d667de53b0177a226b25277eb/routes/vulnCodeSnippet.ts#L74 https://github.com/Christian-oleinik/test_repo/blob/141277bbe1dbdc1d667de53b0177a226b25277eb/routes/vulnCodeSnippet.ts#L75 https://github.com/Christian-oleinik/test_repo/blob/141277bbe1dbdc1d667de53b0177a226b25277eb/routes/vulnCodeSnippet.ts#L93Secure Code Warrior Training Material
● Training ▪ [Secure Code Warrior Path/Directory Traversal Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/pathtraversal/nodejs/express) ● Videos ▪ [Secure Code Warrior Path/Directory Traversal Video](https://media.securecodewarrior.com/v2/module_196_path_traversal.mp4) ● Further Reading ▪ [OWASP Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal) ▪ [OWASP Input Validation Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html)Vulnerable Code
https://github.com/Christian-oleinik/test_repo/blob/141277bbe1dbdc1d667de53b0177a226b25277eb/routes/vulnCodeFixes.ts#L75-L801 Data Flow/s detected
https://github.com/Christian-oleinik/test_repo/blob/141277bbe1dbdc1d667de53b0177a226b25277eb/server.ts#L642 https://github.com/Christian-oleinik/test_repo/blob/141277bbe1dbdc1d667de53b0177a226b25277eb/routes/vulnCodeFixes.ts#L69 https://github.com/Christian-oleinik/test_repo/blob/141277bbe1dbdc1d667de53b0177a226b25277eb/routes/vulnCodeFixes.ts#L70 https://github.com/Christian-oleinik/test_repo/blob/141277bbe1dbdc1d667de53b0177a226b25277eb/routes/vulnCodeFixes.ts#L80Secure Code Warrior Training Material
● Training ▪ [Secure Code Warrior Path/Directory Traversal Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/pathtraversal/nodejs/express) ● Videos ▪ [Secure Code Warrior Path/Directory Traversal Video](https://media.securecodewarrior.com/v2/module_196_path_traversal.mp4) ● Further Reading ▪ [OWASP Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal) ▪ [OWASP Input Validation Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html)Vulnerable Code
https://github.com/Christian-oleinik/test_repo/blob/141277bbe1dbdc1d667de53b0177a226b25277eb/routes/vulnCodeFixes.ts#L74-L791 Data Flow/s detected
https://github.com/Christian-oleinik/test_repo/blob/141277bbe1dbdc1d667de53b0177a226b25277eb/server.ts#L642 https://github.com/Christian-oleinik/test_repo/blob/141277bbe1dbdc1d667de53b0177a226b25277eb/routes/vulnCodeFixes.ts#L69 https://github.com/Christian-oleinik/test_repo/blob/141277bbe1dbdc1d667de53b0177a226b25277eb/routes/vulnCodeFixes.ts#L70 https://github.com/Christian-oleinik/test_repo/blob/141277bbe1dbdc1d667de53b0177a226b25277eb/routes/vulnCodeFixes.ts#L79Secure Code Warrior Training Material
● Training ▪ [Secure Code Warrior Path/Directory Traversal Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/pathtraversal/nodejs/express) ● Videos ▪ [Secure Code Warrior Path/Directory Traversal Video](https://media.securecodewarrior.com/v2/module_196_path_traversal.mp4) ● Further Reading ▪ [OWASP Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal) ▪ [OWASP Input Validation Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html)Vulnerable Code
https://github.com/Christian-oleinik/test_repo/blob/141277bbe1dbdc1d667de53b0177a226b25277eb/routes/fileUpload.ts#L25-L301 Data Flow/s detected
https://github.com/Christian-oleinik/test_repo/blob/141277bbe1dbdc1d667de53b0177a226b25277eb/server.ts#L295 https://github.com/Christian-oleinik/test_repo/blob/141277bbe1dbdc1d667de53b0177a226b25277eb/routes/fileUpload.ts#L24 https://github.com/Christian-oleinik/test_repo/blob/141277bbe1dbdc1d667de53b0177a226b25277eb/routes/fileUpload.ts#L28 https://github.com/Christian-oleinik/test_repo/blob/141277bbe1dbdc1d667de53b0177a226b25277eb/routes/fileUpload.ts#L29 https://github.com/Christian-oleinik/test_repo/blob/141277bbe1dbdc1d667de53b0177a226b25277eb/routes/fileUpload.ts#L30Secure Code Warrior Training Material
● Training ▪ [Secure Code Warrior Path/Directory Traversal Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/pathtraversal/nodejs/express) ● Videos ▪ [Secure Code Warrior Path/Directory Traversal Video](https://media.securecodewarrior.com/v2/module_196_path_traversal.mp4) ● Further Reading ▪ [OWASP Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal) ▪ [OWASP Input Validation Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html)Vulnerable Code
https://github.com/Christian-oleinik/test_repo/blob/141277bbe1dbdc1d667de53b0177a226b25277eb/lib/utils.ts#L201-L2061 Data Flow/s detected
https://github.com/Christian-oleinik/test_repo/blob/141277bbe1dbdc1d667de53b0177a226b25277eb/server.ts#L405 https://github.com/Christian-oleinik/test_repo/blob/141277bbe1dbdc1d667de53b0177a226b25277eb/routes/basketItems.ts#L20 https://github.com/Christian-oleinik/test_repo/blob/141277bbe1dbdc1d667de53b0177a226b25277eb/routes/basketItems.ts#L21 https://github.com/Christian-oleinik/test_repo/blob/141277bbe1dbdc1d667de53b0177a226b25277eb/lib/utils.ts#L197 https://github.com/Christian-oleinik/test_repo/blob/141277bbe1dbdc1d667de53b0177a226b25277eb/lib/utils.ts#L206Secure Code Warrior Training Material
● Training ▪ [Secure Code Warrior Path/Directory Traversal Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/pathtraversal/nodejs/express) ● Videos ▪ [Secure Code Warrior Path/Directory Traversal Video](https://media.securecodewarrior.com/v2/module_196_path_traversal.mp4) ● Further Reading ▪ [OWASP Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal) ▪ [OWASP Input Validation Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html)Vulnerable Code
https://github.com/Christian-oleinik/test_repo/blob/141277bbe1dbdc1d667de53b0177a226b25277eb/routes/vulnCodeSnippet.ts#L89-L941 Data Flow/s detected
https://github.com/Christian-oleinik/test_repo/blob/141277bbe1dbdc1d667de53b0177a226b25277eb/server.ts#L640 https://github.com/Christian-oleinik/test_repo/blob/141277bbe1dbdc1d667de53b0177a226b25277eb/routes/vulnCodeSnippet.ts#L74 https://github.com/Christian-oleinik/test_repo/blob/141277bbe1dbdc1d667de53b0177a226b25277eb/routes/vulnCodeSnippet.ts#L75 https://github.com/Christian-oleinik/test_repo/blob/141277bbe1dbdc1d667de53b0177a226b25277eb/routes/vulnCodeSnippet.ts#L94Secure Code Warrior Training Material
● Training ▪ [Secure Code Warrior Path/Directory Traversal Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/pathtraversal/nodejs/express) ● Videos ▪ [Secure Code Warrior Path/Directory Traversal Video](https://media.securecodewarrior.com/v2/module_196_path_traversal.mp4) ● Further Reading ▪ [OWASP Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal) ▪ [OWASP Input Validation Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html)Vulnerable Code
https://github.com/Christian-oleinik/test_repo/blob/141277bbe1dbdc1d667de53b0177a226b25277eb/routes/search.ts#L18-L231 Data Flow/s detected
https://github.com/Christian-oleinik/test_repo/blob/141277bbe1dbdc1d667de53b0177a226b25277eb/server.ts#L570 https://github.com/Christian-oleinik/test_repo/blob/141277bbe1dbdc1d667de53b0177a226b25277eb/routes/search.ts#L20 https://github.com/Christian-oleinik/test_repo/blob/141277bbe1dbdc1d667de53b0177a226b25277eb/routes/search.ts#L21 https://github.com/Christian-oleinik/test_repo/blob/141277bbe1dbdc1d667de53b0177a226b25277eb/routes/search.ts#L22 https://github.com/Christian-oleinik/test_repo/blob/141277bbe1dbdc1d667de53b0177a226b25277eb/routes/search.ts#L23Secure Code Warrior Training Material
● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/nodejs/express) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)Findings Overview