Open mend-for-github-com[bot] opened 3 months ago
Latest Scan: 2024-06-22 12:19am Total Findings: 32 | New Findings: 1 | Resolved Findings: 0 Tested Project Files: 441 Detected Programming Languages: 1 (JavaScript / TypeScript*)
The list below presents the 10 most relevant findings that need your attention. To view information on the remaining findings, navigate to the Mend Application.
Code Security Report
Scan Metadata
Latest Scan: 2024-06-22 12:19am Total Findings: 32 | New Findings: 1 | Resolved Findings: 0 Tested Project Files: 441 Detected Programming Languages: 1 (JavaScript / TypeScript*)
Most Relevant Findings
Vulnerable Code
https://github.com/DimaMend/juice-shop/blob/c93fae24360417eb6ff9e1859197b1c29d71ebe7/routes/login.ts#L31-L361 Data Flow/s detected
https://github.com/DimaMend/juice-shop/blob/c93fae24360417eb6ff9e1859197b1c29d71ebe7/server.ts#L564 https://github.com/DimaMend/juice-shop/blob/c93fae24360417eb6ff9e1859197b1c29d71ebe7/routes/login.ts#L34 https://github.com/DimaMend/juice-shop/blob/c93fae24360417eb6ff9e1859197b1c29d71ebe7/routes/login.ts#L36Secure Code Warrior Training Material
● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/nodejs/express) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)Vulnerable Code
https://github.com/DimaMend/juice-shop/blob/c93fae24360417eb6ff9e1859197b1c29d71ebe7/routes/dataErasure.ts#L82-L871 Data Flow/s detected
https://github.com/DimaMend/juice-shop/blob/c93fae24360417eb6ff9e1859197b1c29d71ebe7/routes/dataErasure.ts#L54Secure Code Warrior Training Material
● Training ▪ [Secure Code Warrior Code Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/code/nodejs/express) ● Videos ▪ [Secure Code Warrior Code Injection Video](https://media.securecodewarrior.com/v2/Module_28_CODE_INJECTION_v2.mp4) ● Further Reading ▪ [OWASP Command Injection](https://owasp.org/www-community/attacks/Code_Injection)Vulnerable Code
https://github.com/DimaMend/juice-shop/blob/c93fae24360417eb6ff9e1859197b1c29d71ebe7/routes/dataErasure.ts#L67-L721 Data Flow/s detected
https://github.com/DimaMend/juice-shop/blob/c93fae24360417eb6ff9e1859197b1c29d71ebe7/routes/dataErasure.ts#L54Secure Code Warrior Training Material
● Training ▪ [Secure Code Warrior Code Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/code/nodejs/express) ● Videos ▪ [Secure Code Warrior Code Injection Video](https://media.securecodewarrior.com/v2/Module_28_CODE_INJECTION_v2.mp4) ● Further Reading ▪ [OWASP Command Injection](https://owasp.org/www-community/attacks/Code_Injection)Vulnerable Code
https://github.com/DimaMend/juice-shop/blob/c93fae24360417eb6ff9e1859197b1c29d71ebe7/routes/vulnCodeSnippet.ts#L88-L931 Data Flow/s detected
https://github.com/DimaMend/juice-shop/blob/c93fae24360417eb6ff9e1859197b1c29d71ebe7/server.ts#L640 https://github.com/DimaMend/juice-shop/blob/c93fae24360417eb6ff9e1859197b1c29d71ebe7/routes/vulnCodeSnippet.ts#L74 https://github.com/DimaMend/juice-shop/blob/c93fae24360417eb6ff9e1859197b1c29d71ebe7/routes/vulnCodeSnippet.ts#L75 https://github.com/DimaMend/juice-shop/blob/c93fae24360417eb6ff9e1859197b1c29d71ebe7/routes/vulnCodeSnippet.ts#L93Secure Code Warrior Training Material
● Training ▪ [Secure Code Warrior Path/Directory Traversal Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/pathtraversal/nodejs/express) ● Videos ▪ [Secure Code Warrior Path/Directory Traversal Video](https://media.securecodewarrior.com/v2/module_196_path_traversal.mp4) ● Further Reading ▪ [OWASP Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal) ▪ [OWASP Input Validation Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html)Vulnerable Code
https://github.com/DimaMend/juice-shop/blob/c93fae24360417eb6ff9e1859197b1c29d71ebe7/routes/vulnCodeFixes.ts#L75-L801 Data Flow/s detected
https://github.com/DimaMend/juice-shop/blob/c93fae24360417eb6ff9e1859197b1c29d71ebe7/server.ts#L642 https://github.com/DimaMend/juice-shop/blob/c93fae24360417eb6ff9e1859197b1c29d71ebe7/routes/vulnCodeFixes.ts#L69 https://github.com/DimaMend/juice-shop/blob/c93fae24360417eb6ff9e1859197b1c29d71ebe7/routes/vulnCodeFixes.ts#L70 https://github.com/DimaMend/juice-shop/blob/c93fae24360417eb6ff9e1859197b1c29d71ebe7/routes/vulnCodeFixes.ts#L80Secure Code Warrior Training Material
● Training ▪ [Secure Code Warrior Path/Directory Traversal Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/pathtraversal/nodejs/express) ● Videos ▪ [Secure Code Warrior Path/Directory Traversal Video](https://media.securecodewarrior.com/v2/module_196_path_traversal.mp4) ● Further Reading ▪ [OWASP Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal) ▪ [OWASP Input Validation Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html)Vulnerable Code
https://github.com/DimaMend/juice-shop/blob/c93fae24360417eb6ff9e1859197b1c29d71ebe7/routes/vulnCodeFixes.ts#L74-L791 Data Flow/s detected
https://github.com/DimaMend/juice-shop/blob/c93fae24360417eb6ff9e1859197b1c29d71ebe7/server.ts#L642 https://github.com/DimaMend/juice-shop/blob/c93fae24360417eb6ff9e1859197b1c29d71ebe7/routes/vulnCodeFixes.ts#L69 https://github.com/DimaMend/juice-shop/blob/c93fae24360417eb6ff9e1859197b1c29d71ebe7/routes/vulnCodeFixes.ts#L70 https://github.com/DimaMend/juice-shop/blob/c93fae24360417eb6ff9e1859197b1c29d71ebe7/routes/vulnCodeFixes.ts#L79Secure Code Warrior Training Material
● Training ▪ [Secure Code Warrior Path/Directory Traversal Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/pathtraversal/nodejs/express) ● Videos ▪ [Secure Code Warrior Path/Directory Traversal Video](https://media.securecodewarrior.com/v2/module_196_path_traversal.mp4) ● Further Reading ▪ [OWASP Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal) ▪ [OWASP Input Validation Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html)Vulnerable Code
https://github.com/DimaMend/juice-shop/blob/c93fae24360417eb6ff9e1859197b1c29d71ebe7/routes/fileUpload.ts#L25-L301 Data Flow/s detected
https://github.com/DimaMend/juice-shop/blob/c93fae24360417eb6ff9e1859197b1c29d71ebe7/server.ts#L295 https://github.com/DimaMend/juice-shop/blob/c93fae24360417eb6ff9e1859197b1c29d71ebe7/routes/fileUpload.ts#L24 https://github.com/DimaMend/juice-shop/blob/c93fae24360417eb6ff9e1859197b1c29d71ebe7/routes/fileUpload.ts#L28 https://github.com/DimaMend/juice-shop/blob/c93fae24360417eb6ff9e1859197b1c29d71ebe7/routes/fileUpload.ts#L29 https://github.com/DimaMend/juice-shop/blob/c93fae24360417eb6ff9e1859197b1c29d71ebe7/routes/fileUpload.ts#L30Secure Code Warrior Training Material
● Training ▪ [Secure Code Warrior Path/Directory Traversal Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/pathtraversal/nodejs/express) ● Videos ▪ [Secure Code Warrior Path/Directory Traversal Video](https://media.securecodewarrior.com/v2/module_196_path_traversal.mp4) ● Further Reading ▪ [OWASP Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal) ▪ [OWASP Input Validation Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html)Vulnerable Code
https://github.com/DimaMend/juice-shop/blob/c93fae24360417eb6ff9e1859197b1c29d71ebe7/lib/utils.ts#L201-L2061 Data Flow/s detected
https://github.com/DimaMend/juice-shop/blob/c93fae24360417eb6ff9e1859197b1c29d71ebe7/server.ts#L405 https://github.com/DimaMend/juice-shop/blob/c93fae24360417eb6ff9e1859197b1c29d71ebe7/routes/basketItems.ts#L20 https://github.com/DimaMend/juice-shop/blob/c93fae24360417eb6ff9e1859197b1c29d71ebe7/routes/basketItems.ts#L21 https://github.com/DimaMend/juice-shop/blob/c93fae24360417eb6ff9e1859197b1c29d71ebe7/lib/utils.ts#L197 https://github.com/DimaMend/juice-shop/blob/c93fae24360417eb6ff9e1859197b1c29d71ebe7/lib/utils.ts#L206Secure Code Warrior Training Material
● Training ▪ [Secure Code Warrior Path/Directory Traversal Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/pathtraversal/nodejs/express) ● Videos ▪ [Secure Code Warrior Path/Directory Traversal Video](https://media.securecodewarrior.com/v2/module_196_path_traversal.mp4) ● Further Reading ▪ [OWASP Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal) ▪ [OWASP Input Validation Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html)Vulnerable Code
https://github.com/DimaMend/juice-shop/blob/c93fae24360417eb6ff9e1859197b1c29d71ebe7/routes/vulnCodeSnippet.ts#L89-L941 Data Flow/s detected
https://github.com/DimaMend/juice-shop/blob/c93fae24360417eb6ff9e1859197b1c29d71ebe7/server.ts#L640 https://github.com/DimaMend/juice-shop/blob/c93fae24360417eb6ff9e1859197b1c29d71ebe7/routes/vulnCodeSnippet.ts#L74 https://github.com/DimaMend/juice-shop/blob/c93fae24360417eb6ff9e1859197b1c29d71ebe7/routes/vulnCodeSnippet.ts#L75 https://github.com/DimaMend/juice-shop/blob/c93fae24360417eb6ff9e1859197b1c29d71ebe7/routes/vulnCodeSnippet.ts#L94Secure Code Warrior Training Material
● Training ▪ [Secure Code Warrior Path/Directory Traversal Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/pathtraversal/nodejs/express) ● Videos ▪ [Secure Code Warrior Path/Directory Traversal Video](https://media.securecodewarrior.com/v2/module_196_path_traversal.mp4) ● Further Reading ▪ [OWASP Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal) ▪ [OWASP Input Validation Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html)Vulnerable Code
https://github.com/DimaMend/juice-shop/blob/c93fae24360417eb6ff9e1859197b1c29d71ebe7/routes/search.ts#L18-L231 Data Flow/s detected
https://github.com/DimaMend/juice-shop/blob/c93fae24360417eb6ff9e1859197b1c29d71ebe7/server.ts#L570 https://github.com/DimaMend/juice-shop/blob/c93fae24360417eb6ff9e1859197b1c29d71ebe7/routes/search.ts#L20 https://github.com/DimaMend/juice-shop/blob/c93fae24360417eb6ff9e1859197b1c29d71ebe7/routes/search.ts#L21 https://github.com/DimaMend/juice-shop/blob/c93fae24360417eb6ff9e1859197b1c29d71ebe7/routes/search.ts#L22 https://github.com/DimaMend/juice-shop/blob/c93fae24360417eb6ff9e1859197b1c29d71ebe7/routes/search.ts#L23Secure Code Warrior Training Material
● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/nodejs/express) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)Findings Overview