The list below presents the 10 most relevant findings that need your attention. To view information on the remaining findings, navigate to the Mend Application.
Vulnerable Code
https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/troubles/NetworkSocketLeakServlet.java#L29-L34
1 Data Flow/s detected
https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/troubles/NetworkSocketLeakServlet.java#L27
https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/troubles/NetworkSocketLeakServlet.java#L31
https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/troubles/NetworkSocketLeakServlet.java#L34
Secure Code Warrior Training Material
● Training
▪ [Secure Code Warrior Server Side Request Forgery Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/ssrf/generic/java/vanilla)
● Videos
▪ [Secure Code Warrior Server Side Request Forgery Video](https://media.securecodewarrior.com/v2/module_125_server_side_request_forgery.mp4)
Code Security Report
Scan Metadata
Latest Scan: 2024-07-29 02:15pm Total Findings: 27 | New Findings: 0 | Resolved Findings: 0 Tested Project Files: 109 Detected Programming Languages: 2 (JavaScript / TypeScript, Java)
Most Relevant Findings
Vulnerable Code
https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java#L64-L691 Data Flow/s detected
https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java#L27 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java#L45 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java#L60 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java#L69Secure Code Warrior Training Material
● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)Vulnerable Code
https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/OGNLExpressionInjectionServlet.java#L30-L351 Data Flow/s detected
https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/OGNLExpressionInjectionServlet.java#L31 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/OGNLExpressionInjectionServlet.java#L34 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/OGNLExpressionInjectionServlet.java#L35Secure Code Warrior Training Material
● Further Reading ▪ [OWASP Top Ten Proactive Controls 2018 C5: Validate All Inputs](https://owasp.org/www-project-proactive-controls/v3/en/c5-validate-inputs) ▪ [OWASP Injection Prevention Cheat Sheet in Java](https://cheatsheetseries.owasp.org/cheatsheets/Injection_Prevention_in_Java_Cheat_Sheet.html) ▪ [OWASP Input Validation Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html) ▪ [OWASP Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP Top Ten 2021 A03: Injection](https://owasp.org/Top10/A03_2021-Injection/)Vulnerable Code
https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/NullByteInjectionServlet.java#L42-L471 Data Flow/s detected
https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/NullByteInjectionServlet.java#L35 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/NullByteInjectionServlet.java#L40 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/NullByteInjectionServlet.java#L46 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/NullByteInjectionServlet.java#L47Secure Code Warrior Training Material
● Training ▪ [Secure Code Warrior Path/Directory Traversal Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/pathtraversal/java/vanilla) ● Videos ▪ [Secure Code Warrior Path/Directory Traversal Video](https://media.securecodewarrior.com/v2/module_196_path_traversal.mp4) ● Further Reading ▪ [OWASP Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal) ▪ [OWASP Input Validation Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html)Vulnerable Code
https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/CodeInjectionServlet.java#L60-L651 Data Flow/s detected
https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/CodeInjectionServlet.java#L25 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/CodeInjectionServlet.java#L44 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/CodeInjectionServlet.java#L45 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/CodeInjectionServlet.java#L46 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/CodeInjectionServlet.java#L47 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/CodeInjectionServlet.java#L61 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/CodeInjectionServlet.java#L65Secure Code Warrior Training Material
● Training ▪ [Secure Code Warrior Code Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/code/java/vanilla) ● Videos ▪ [Secure Code Warrior Code Injection Video](https://media.securecodewarrior.com/v2/Module_28_CODE_INJECTION_v2.mp4) ● Further Reading ▪ [OWASP Command Injection](https://owasp.org/www-community/attacks/Code_Injection) ▪ [SEI CERT Oracle Coding Standard for Java - Prevent Code Injection](https://wiki.sei.cmu.edu/confluence/display/java/IDS52-J.+Prevent+code+injection)Vulnerable Code
https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L89-L9412 Data Flow/s detected
View Data Flow 1
https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/troubles/TruncationErrorServlet.java#L21 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/troubles/TruncationErrorServlet.java#L31 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/troubles/TruncationErrorServlet.java#L30 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/troubles/TruncationErrorServlet.java#L44 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L31 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L94View Data Flow 2
https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/troubles/RoundOffErrorServlet.java#L22 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/troubles/RoundOffErrorServlet.java#L30 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/troubles/RoundOffErrorServlet.java#L43 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L31 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L94View Data Flow 3
https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/troubles/NetworkSocketLeakServlet.java#L27 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/troubles/NetworkSocketLeakServlet.java#L42 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/troubles/NetworkSocketLeakServlet.java#L54 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L31 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L94Secure Code Warrior Training Material
● Training ▪ [Secure Code Warrior Cross-Site Scripting Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/xss/reflected/java/vanilla) ● Videos ▪ [Secure Code Warrior Cross-Site Scripting Video](https://media.securecodewarrior.com/v2/module_73_reflected_cross_site_scripting.mp4)Vulnerable Code
https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/troubles/NetworkSocketLeakServlet.java#L29-L341 Data Flow/s detected
https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/troubles/NetworkSocketLeakServlet.java#L27 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/troubles/NetworkSocketLeakServlet.java#L31 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/troubles/NetworkSocketLeakServlet.java#L34Secure Code Warrior Training Material
● Training ▪ [Secure Code Warrior Server Side Request Forgery Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/ssrf/generic/java/vanilla) ● Videos ▪ [Secure Code Warrior Server Side Request Forgery Video](https://media.securecodewarrior.com/v2/module_125_server_side_request_forgery.mp4)Vulnerable Code
https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L122-L1271 Data Flow/s detected
https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L70 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L71 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L56 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L71 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L84 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L111 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L127Secure Code Warrior Training Material
● Training ▪ [Secure Code Warrior Path/Directory Traversal Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/pathtraversal/java/vanilla) ● Videos ▪ [Secure Code Warrior Path/Directory Traversal Video](https://media.securecodewarrior.com/v2/module_196_path_traversal.mp4) ● Further Reading ▪ [OWASP Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal) ▪ [OWASP Input Validation Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html)Vulnerable Code
https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L109-L1141 Data Flow/s detected
https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L70 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L71 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L56 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L71 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L84 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L111 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L114Secure Code Warrior Training Material
● Training ▪ [Secure Code Warrior Path/Directory Traversal Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/pathtraversal/java/vanilla) ● Videos ▪ [Secure Code Warrior Path/Directory Traversal Video](https://media.securecodewarrior.com/v2/module_196_path_traversal.mp4) ● Further Reading ▪ [OWASP Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal) ▪ [OWASP Input Validation Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html)Vulnerable Code
https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L28-L333 Data Flow/s detected
View Data Flow 1
https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/XEEandXXEServlet.java#L141 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/XEEandXXEServlet.java#L148 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L56 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/XEEandXXEServlet.java#L148 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/XEEandXXEServlet.java#L157 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L28 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L33View Data Flow 2
https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L69 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L76 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L56 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L76 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L81 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L28 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L33View Data Flow 3
https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L70 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L71 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L56 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L71 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L80 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L28 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L33Secure Code Warrior Training Material
● Training ▪ [Secure Code Warrior Path/Directory Traversal Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/pathtraversal/java/vanilla) ● Videos ▪ [Secure Code Warrior Path/Directory Traversal Video](https://media.securecodewarrior.com/v2/module_196_path_traversal.mp4) ● Further Reading ▪ [OWASP Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal) ▪ [OWASP Input Validation Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html)Vulnerable Code
https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/MailHeaderInjectionServlet.java#L133-L1381 Data Flow/s detected
https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/MailHeaderInjectionServlet.java#L125 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/MailHeaderInjectionServlet.java#L127 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L56 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/MailHeaderInjectionServlet.java#L127 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/MailHeaderInjectionServlet.java#L133 https://github.com/JoshRMendDemo/Java-Demo/blob/827843f06c7e311dcb2990c36a9603bb1aa96e48/src/main/java/org/t246osslab/easybuggy/vulnerabilities/MailHeaderInjectionServlet.java#L138Secure Code Warrior Training Material
● Training ▪ [Secure Code Warrior Path/Directory Traversal Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/pathtraversal/java/vanilla) ● Videos ▪ [Secure Code Warrior Path/Directory Traversal Video](https://media.securecodewarrior.com/v2/module_196_path_traversal.mp4) ● Further Reading ▪ [OWASP Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal) ▪ [OWASP Input Validation Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html)Findings Overview