search

KDWSS / SecurityShepherd

Web and mobile application security training platform
https://owasp.org/www-project-security-shepherd/
GNU General Public License v3.0
0 stars 0 forks source link

Code Security Report: 22 high severity findings, 937 total findings #87

Open mend-for-github-com[bot] opened 1 year ago

mend-for-github-com[bot] commented 1 year ago

Code Security Report

Scan Metadata

Latest Scan: 2023-07-11 12:12pm Total Findings: 937 | New Findings: 0 | Resolved Findings: 0 Tested Project Files: 588 Detected Programming Languages: 3 (JavaScript / Node.js, Android Java, C/C++ (Beta))

Most Relevant Findings

The below list presents the 10 most relevant findings that need your attention. To view information on the remaining findings, navigate to the Mend SAST Application.

SeverityVulnerability TypeCWEFileData FlowsDate
HighExternal Data In SQL Queries [CWE-89](https://cwe.mitre.org/data/definitions/89.html) [mProvider.java:62](https://github.com/KDWSS/SecurityShepherd/blob/cc1ee609dbc83ed964c7b1f4a6e26f9c564b82e2/src/MobileShepherd/CProviderLeakage1/app/src/main/java/com/app/module/mProvider.java#L62) 12023-06-26 03:15pm
More info https://github.com/KDWSS/SecurityShepherd/blob/cc1ee609dbc83ed964c7b1f4a6e26f9c564b82e2/src/MobileShepherd/CProviderLeakage1/app/src/main/java/com/app/module/mProvider.java#L57-L62
1 Data Flow/s detected
View Data Flow 1 https://github.com/KDWSS/SecurityShepherd/blob/cc1ee609dbc83ed964c7b1f4a6e26f9c564b82e2/src/MobileShepherd/CProviderLeakage1/app/src/main/java/com/app/module/mProvider.java#L62
HighExternal Data In SQL Queries [CWE-89](https://cwe.mitre.org/data/definitions/89.html) [SecretProvider.java:62](https://github.com/KDWSS/SecurityShepherd/blob/cc1ee609dbc83ed964c7b1f4a6e26f9c564b82e2/src/MobileShepherd/MobileShepherd/app/src/main/java/com/mobshep/mobileshepherd/SecretProvider.java#L62) 12023-06-26 03:15pm
More info https://github.com/KDWSS/SecurityShepherd/blob/cc1ee609dbc83ed964c7b1f4a6e26f9c564b82e2/src/MobileShepherd/MobileShepherd/app/src/main/java/com/mobshep/mobileshepherd/SecretProvider.java#L57-L62
1 Data Flow/s detected
View Data Flow 1 https://github.com/KDWSS/SecurityShepherd/blob/cc1ee609dbc83ed964c7b1f4a6e26f9c564b82e2/src/MobileShepherd/MobileShepherd/app/src/main/java/com/mobshep/mobileshepherd/SecretProvider.java#L62
HighExternal Data In SQL Queries [CWE-89](https://cwe.mitre.org/data/definitions/89.html) [SecretProvider.java:62](https://github.com/KDWSS/SecurityShepherd/blob/cc1ee609dbc83ed964c7b1f4a6e26f9c564b82e2/src/MobileShepherd/CProviderLeakage/app/src/main/java/com/somewhere/hidden/SecretProvider.java#L62) 12023-06-26 03:15pm
More info https://github.com/KDWSS/SecurityShepherd/blob/cc1ee609dbc83ed964c7b1f4a6e26f9c564b82e2/src/MobileShepherd/CProviderLeakage/app/src/main/java/com/somewhere/hidden/SecretProvider.java#L57-L62
1 Data Flow/s detected
View Data Flow 1 https://github.com/KDWSS/SecurityShepherd/blob/cc1ee609dbc83ed964c7b1f4a6e26f9c564b82e2/src/MobileShepherd/CProviderLeakage/app/src/main/java/com/somewhere/hidden/SecretProvider.java#L62
HighExternal Data In SQL Queries [CWE-89](https://cwe.mitre.org/data/definitions/89.html) [Insecure_Data_Storage.java:83](https://github.com/KDWSS/SecurityShepherd/blob/cc1ee609dbc83ed964c7b1f4a6e26f9c564b82e2/src/MobileShepherd/MobileShepherd/app/src/main/java/com/mobshep/mobileshepherd/Insecure_Data_Storage.java#L83) 12023-06-26 03:15pm
More info https://github.com/KDWSS/SecurityShepherd/blob/cc1ee609dbc83ed964c7b1f4a6e26f9c564b82e2/src/MobileShepherd/MobileShepherd/app/src/main/java/com/mobshep/mobileshepherd/Insecure_Data_Storage.java#L78-L83
1 Data Flow/s detected
View Data Flow 1 https://github.com/KDWSS/SecurityShepherd/blob/cc1ee609dbc83ed964c7b1f4a6e26f9c564b82e2/src/MobileShepherd/MobileShepherd/app/src/main/java/com/mobshep/mobileshepherd/Insecure_Data_Storage.java#L83
HighExternal Data In SQL Queries [CWE-89](https://cwe.mitre.org/data/definitions/89.html) [Insecure_Data_Storage2.java:89](https://github.com/KDWSS/SecurityShepherd/blob/cc1ee609dbc83ed964c7b1f4a6e26f9c564b82e2/src/MobileShepherd/MobileShepherd/app/src/main/java/com/mobshep/mobileshepherd/Insecure_Data_Storage2.java#L89) 12023-06-26 03:15pm
More info https://github.com/KDWSS/SecurityShepherd/blob/cc1ee609dbc83ed964c7b1f4a6e26f9c564b82e2/src/MobileShepherd/MobileShepherd/app/src/main/java/com/mobshep/mobileshepherd/Insecure_Data_Storage2.java#L84-L89
1 Data Flow/s detected
View Data Flow 1 https://github.com/KDWSS/SecurityShepherd/blob/cc1ee609dbc83ed964c7b1f4a6e26f9c564b82e2/src/MobileShepherd/MobileShepherd/app/src/main/java/com/mobshep/mobileshepherd/Insecure_Data_Storage2.java#L89
HighExternal Data In SQL Queries [CWE-89](https://cwe.mitre.org/data/definitions/89.html) [Insecure_Data_Storage1.java:95](https://github.com/KDWSS/SecurityShepherd/blob/cc1ee609dbc83ed964c7b1f4a6e26f9c564b82e2/src/MobileShepherd/MobileShepherd/app/src/main/java/com/mobshep/mobileshepherd/Insecure_Data_Storage1.java#L95) 12023-06-26 03:15pm
More info https://github.com/KDWSS/SecurityShepherd/blob/cc1ee609dbc83ed964c7b1f4a6e26f9c564b82e2/src/MobileShepherd/MobileShepherd/app/src/main/java/com/mobshep/mobileshepherd/Insecure_Data_Storage1.java#L90-L95
1 Data Flow/s detected
View Data Flow 1 https://github.com/KDWSS/SecurityShepherd/blob/cc1ee609dbc83ed964c7b1f4a6e26f9c564b82e2/src/MobileShepherd/MobileShepherd/app/src/main/java/com/mobshep/mobileshepherd/Insecure_Data_Storage1.java#L95
HighExternal Data In SQL Queries [CWE-89](https://cwe.mitre.org/data/definitions/89.html) [mProvider.java:186](https://github.com/KDWSS/SecurityShepherd/blob/cc1ee609dbc83ed964c7b1f4a6e26f9c564b82e2/src/MobileShepherd/CProviderLeakage1/app/src/main/java/com/app/module/mProvider.java#L186) 12023-06-26 03:15pm
More info https://github.com/KDWSS/SecurityShepherd/blob/cc1ee609dbc83ed964c7b1f4a6e26f9c564b82e2/src/MobileShepherd/CProviderLeakage1/app/src/main/java/com/app/module/mProvider.java#L181-L186
1 Data Flow/s detected
View Data Flow 1 https://github.com/KDWSS/SecurityShepherd/blob/cc1ee609dbc83ed964c7b1f4a6e26f9c564b82e2/src/MobileShepherd/CProviderLeakage1/app/src/main/java/com/app/module/mProvider.java#L186
HighExternal Data In SQL Queries [CWE-89](https://cwe.mitre.org/data/definitions/89.html) [SessionProvider.java:220](https://github.com/KDWSS/SecurityShepherd/blob/cc1ee609dbc83ed964c7b1f4a6e26f9c564b82e2/src/MobileShepherd/ShepherdLogin/app/src/main/java/com/mobshep/shepherdlogin/SessionProvider.java#L220) 12023-06-26 03:15pm
More info https://github.com/KDWSS/SecurityShepherd/blob/cc1ee609dbc83ed964c7b1f4a6e26f9c564b82e2/src/MobileShepherd/ShepherdLogin/app/src/main/java/com/mobshep/shepherdlogin/SessionProvider.java#L215-L220
1 Data Flow/s detected
View Data Flow 1 https://github.com/KDWSS/SecurityShepherd/blob/cc1ee609dbc83ed964c7b1f4a6e26f9c564b82e2/src/MobileShepherd/ShepherdLogin/app/src/main/java/com/mobshep/shepherdlogin/SessionProvider.java#L220
HighExternal Data In SQL Queries [CWE-89](https://cwe.mitre.org/data/definitions/89.html) [Insecure_Data_Storage1.java:52](https://github.com/KDWSS/SecurityShepherd/blob/cc1ee609dbc83ed964c7b1f4a6e26f9c564b82e2/src/MobileShepherd/InsecureData1/app/src/main/java/com/mobshep/insecuredata1/Insecure_Data_Storage1.java#L52) 12023-06-26 03:15pm
More info https://github.com/KDWSS/SecurityShepherd/blob/cc1ee609dbc83ed964c7b1f4a6e26f9c564b82e2/src/MobileShepherd/InsecureData1/app/src/main/java/com/mobshep/insecuredata1/Insecure_Data_Storage1.java#L47-L52
1 Data Flow/s detected
View Data Flow 1 https://github.com/KDWSS/SecurityShepherd/blob/cc1ee609dbc83ed964c7b1f4a6e26f9c564b82e2/src/MobileShepherd/InsecureData1/app/src/main/java/com/mobshep/insecuredata1/Insecure_Data_Storage1.java#L52
HighExternal Data In SQL Queries [CWE-89](https://cwe.mitre.org/data/definitions/89.html) [Insecure_Data_Storage.java:52](https://github.com/KDWSS/SecurityShepherd/blob/cc1ee609dbc83ed964c7b1f4a6e26f9c564b82e2/src/MobileShepherd/InsecureData/app/src/main/java/com/mobshep/insecuredata/Insecure_Data_Storage.java#L52) 12023-06-26 03:15pm
More info https://github.com/KDWSS/SecurityShepherd/blob/cc1ee609dbc83ed964c7b1f4a6e26f9c564b82e2/src/MobileShepherd/InsecureData/app/src/main/java/com/mobshep/insecuredata/Insecure_Data_Storage.java#L47-L52
1 Data Flow/s detected
View Data Flow 1 https://github.com/KDWSS/SecurityShepherd/blob/cc1ee609dbc83ed964c7b1f4a6e26f9c564b82e2/src/MobileShepherd/InsecureData/app/src/main/java/com/mobshep/insecuredata/Insecure_Data_Storage.java#L52

Findings Overview

Severity Vulnerability Type CWE Language Count
High External Data In SQL Queries CWE-89 Android Java 15
High DOM Based Cross-Site Scripting CWE-79 JavaScript / Node.js 3
High Arbitrary Code Injection CWE-94 Android Java 4
Medium Miscellaneous Dangerous Functions CWE-676 Android Java 409
Medium Log Messages CWE-209 Android Java 64
Medium Heap Inspection CWE-244 Android Java 145
Medium Hardcoded Password/Credentials CWE-798 Android Java 11
Medium Location Information CWE-200 Android Java 2
Medium Intents Usage CWE-926 Android Java 102
Medium Shared Preferences Usage CWE-200 Android Java 3
Medium Insecure Data Storage CWE-200 Android Java 8
Medium Insufficient Transport Layer Protection CWE-319 Android Java 106
Low External URL Access []() Android Java 16
Low Log Forging CWE-117 JavaScript / Node.js 2
Low Weak Encryption Strength CWE-326 Android Java 23
Low Application Configuration CWE-16 Android Java 24