search

Mend-Demo-GMS / Java-Demo

Apache License 2.0
0 stars 0 forks source link

Code Security Report: 39 high severity findings, 90 total findings #38

Open mend-for-github-com[bot] opened 2 years ago

mend-for-github-com[bot] commented 2 years ago

Code Security Report

Scan Metadata

Latest Scan: 2023-02-14 06:25pm Total Findings: 90 | New Findings: 0 | Resolved Findings: 6 Tested Project Files: 102 Detected Programming Languages: 1 (Java)

Most Relevant Findings

The below list presents the 25 most relevant findings that need your attention. To view information on the remaining findings, navigate to the Mend SAST Application.

Path/Directory Traversal (CWE-22) : 9 #### Findings
vulnerabilities/UnrestrictedExtensionUploadServlet.java:84 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L79-L84
Data Flows https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L69 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L76 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L84
vulnerabilities/MailHeaderInjectionServlet.java:133 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/MailHeaderInjectionServlet.java#L128-L133
Data Flows https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/MailHeaderInjectionServlet.java#L125 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/MailHeaderInjectionServlet.java#L127 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/MailHeaderInjectionServlet.java#L133
vulnerabilities/UnrestrictedSizeUploadServlet.java:84 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L79-L84
Data Flows https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L70 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L71 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L84
vulnerabilities/NullByteInjectionServlet.java:46 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/NullByteInjectionServlet.java#L41-L46
Data Flows https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/NullByteInjectionServlet.java#L35 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/NullByteInjectionServlet.java#L40 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/NullByteInjectionServlet.java#L46
vulnerabilities/UnrestrictedExtensionUploadServlet.java:110 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L105-L110
Data Flows https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L69 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L76 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L84 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L106 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L110
vulnerabilities/UnrestrictedSizeUploadServlet.java:127 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L122-L127
Data Flows https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L70 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L71 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L84 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L111 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L127
vulnerabilities/UnrestrictedSizeUploadServlet.java:114 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L109-L114
Data Flows https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L70 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L71 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L84 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L111 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L114
vulnerabilities/XEEandXXEServlet.java:196 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/XEEandXXEServlet.java#L191-L196
Data Flows https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/XEEandXXEServlet.java#L141 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/XEEandXXEServlet.java#L148 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/XEEandXXEServlet.java#L161 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/XEEandXXEServlet.java#L192 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/XEEandXXEServlet.java#L196
vulnerabilities/UnrestrictedExtensionUploadServlet.java:135 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L130-L135
Data Flows https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L69 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L76 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L84 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L106 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L135
SQL Injection (CWE-89) : 2 #### Findings
vulnerabilities/SQLInjectionServlet.java:69 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java#L64-L69
Data Flows https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java#L28 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java#L45 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java#L60 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java#L69
vulnerabilities/SQLInjectionServlet.java:69 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java#L64-L69
Data Flows https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java#L28 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java#L45 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java#L60 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java#L69
Cross-Site Scripting (CWE-79) : 14 #### Findings
servlets/AbstractServlet.java:94 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L89-L94
Data Flows https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/troubles/IntegerOverflowServlet.java#L24 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/troubles/IntegerOverflowServlet.java#L45 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/troubles/IntegerOverflowServlet.java#L68 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L31 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L94
servlets/AbstractServlet.java:94 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L89-L94
Data Flows https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/XSSServlet.java#L22 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/XSSServlet.java#L38 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/XSSServlet.java#L39 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/XSSServlet.java#L48 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L31 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L94
servlets/AbstractServlet.java:94 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L89-L94
Data Flows https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/troubles/LossOfTrailingDigitsServlet.java#L22 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/troubles/LossOfTrailingDigitsServlet.java#L34 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/troubles/LossOfTrailingDigitsServlet.java#L47 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L31 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L94
servlets/AbstractServlet.java:94 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L89-L94
Data Flows https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/troubles/TruncationErrorServlet.java#L21 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/troubles/TruncationErrorServlet.java#L30 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/troubles/TruncationErrorServlet.java#L44 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L31 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L94
vulnerabilities/NullByteInjectionServlet.java:63 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/NullByteInjectionServlet.java#L58-L63
Data Flows https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/NullByteInjectionServlet.java#L62 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/NullByteInjectionServlet.java#L63
servlets/AbstractServlet.java:94 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L89-L94
Data Flows https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/servlets/DefaultLoginServlet.java#L40 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/servlets/DefaultLoginServlet.java#L80 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L31 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L94
servlets/AbstractServlet.java:94 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L89-L94
Data Flows https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/troubles/NetworkSocketLeakServlet.java#L27 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/troubles/NetworkSocketLeakServlet.java#L42 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/troubles/NetworkSocketLeakServlet.java#L54 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L31 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L94
servlets/AbstractServlet.java:94 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L89-L94
Data Flows https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/performance/CreatingUnnecessaryObjectsServlet.java#L21 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/performance/CreatingUnnecessaryObjectsServlet.java#L28 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/performance/CreatingUnnecessaryObjectsServlet.java#L68 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L31 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L94
servlets/AbstractServlet.java:94 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L89-L94
Data Flows https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/troubles/RoundOffErrorServlet.java#L22 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/troubles/RoundOffErrorServlet.java#L30 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/troubles/RoundOffErrorServlet.java#L43 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L31 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L94
servlets/AbstractServlet.java:94 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L89-L94
Data Flows https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/troubles/EndlessWaitingServlet.java#L128 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/troubles/EndlessWaitingServlet.java#L132 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/troubles/EndlessWaitingServlet.java#L60 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/troubles/EndlessWaitingServlet.java#L70 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L31 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L94
servlets/AbstractServlet.java:94 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L89-L94
Data Flows https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java#L69 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java#L73 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java#L76 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java#L45 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java#L53 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L31 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L94
servlets/AbstractServlet.java:94 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L89-L94
Data Flows https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L69 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L76 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L91 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L98 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L31 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L94
servlets/AbstractServlet.java:94 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L89-L94
Data Flows https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/troubles/DBConnectionLeakServlet.java#L68 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/troubles/DBConnectionLeakServlet.java#L71 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/troubles/DBConnectionLeakServlet.java#L75 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/troubles/DBConnectionLeakServlet.java#L35 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/troubles/DBConnectionLeakServlet.java#L47 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L31 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L94
servlets/AbstractServlet.java:94 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L89-L94
Data Flows https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L70 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L71 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L91 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L98 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L31 https://github.com/Mend-Demo-GMS/Java-Demo/blob/41481b327ad277642fbc880e7fb43d7ea894d304/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L94

Findings Overview

Severity Vulnerability Type CWE Language Count
High Path/Directory Traversal CWE-22 Java 9
High SQL Injection CWE-89 Java 2
High Cross-Site Scripting CWE-79 Java 18
High File Manipulation CWE-73 Java 8
High Server Pages Execution CWE-94 Java 1
High Server Side Request Forgery CWE-918 Java 1
Medium Weak Pseudo-Random CWE-338 Java 2
Medium Trust Boundary Violation CWE-501 Java 5
Medium Console Output CWE-209 Java 15
Medium Heap Inspection CWE-244 Java 5
Low Log Forging CWE-117 Java 4
Low Cookie Injection CWE-20 Java 5
Low HTTP Header Injection CWE-113 Java 1
Low Unvalidated/Open Redirect CWE-601 Java 14