The list below presents the 10 most relevant findings that need your attention. To view information on the remaining findings, navigate to the Mend Application.
Vulnerable Code
https://github.com/SharonKoch/Gitea_Demo/blob/e10134dd0ff07aae5f414b8ef2d67d31b8bd81fc/services/forms/admin.go#L22
Secure Code Warrior Training Material
Vulnerable Code
https://github.com/SharonKoch/Gitea_Demo/blob/e10134dd0ff07aae5f414b8ef2d67d31b8bd81fc/services/migrations/gogs.go#L69
Secure Code Warrior Training Material
Code Security Report
Scan Metadata
Latest Scan: 2024-06-02 04:47am Total Findings: 81 | New Findings: 76 | Resolved Findings: 0 Tested Project Files: 1807 Detected Programming Languages: 2 (Go, JavaScript / TypeScript*)
Most Relevant Findings
Automatic Remediation Available (1)
Vulnerable Code
https://github.com/SharonKoch/Gitea_Demo/blob/e10134dd0ff07aae5f414b8ef2d67d31b8bd81fc/web_src/js/components/DiffFileTree.vue#L102-L1071 Data Flow/s detected
https://github.com/SharonKoch/Gitea_Demo/blob/e10134dd0ff07aae5f414b8ef2d67d31b8bd81fc/web_src/js/components/DiffFileTree.vue#L106:rescue_worker_helmet: Remediation Suggestion
https://github.com/SharonKoch/Gitea_Demo/blob/0200595b93927a307dc8b452368550ffcd0a990c/diffs/8b7f13a1-d322-42de-8be0-8e8de8da3252/DiffFileTree.vue.diff#L1-L150 - [ ] Create Pull RequestSecure Code Warrior Training Material
● Training ▪ [Secure Code Warrior DOM Based Cross-Site Scripting Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/xss/dom/nodejs/express) ● Videos ▪ [Secure Code Warrior DOM Based Cross-Site Scripting Video](https://media.securecodewarrior.com/v2/module_123_dom_based_xss.mp4)No Automatic Remediation (9)
Vulnerable Code
https://github.com/SharonKoch/Gitea_Demo/blob/e10134dd0ff07aae5f414b8ef2d67d31b8bd81fc/modules/util/remove.go#L72-L771 Data Flow/s detected
https://github.com/SharonKoch/Gitea_Demo/blob/e10134dd0ff07aae5f414b8ef2d67d31b8bd81fc/modules/util/rotatingfilewriter/writer.go#L101 https://github.com/SharonKoch/Gitea_Demo/blob/e10134dd0ff07aae5f414b8ef2d67d31b8bd81fc/modules/util/rotatingfilewriter/writer.go#L150 https://github.com/SharonKoch/Gitea_Demo/blob/e10134dd0ff07aae5f414b8ef2d67d31b8bd81fc/modules/util/remove.go#L74 https://github.com/SharonKoch/Gitea_Demo/blob/e10134dd0ff07aae5f414b8ef2d67d31b8bd81fc/modules/util/remove.go#L77Secure Code Warrior Training Material
● Training ▪ [Secure Code Warrior File Manipulation Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/pathtraversal/go/vanilla) ● Videos ▪ [Secure Code Warrior File Manipulation Video](https://media.securecodewarrior.com/v2/module_196_path_traversal.mp4) ● Further Reading ▪ [OWASP Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal) ▪ [OWASP Input Validation Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html)Vulnerable Code
https://github.com/SharonKoch/Gitea_Demo/blob/e10134dd0ff07aae5f414b8ef2d67d31b8bd81fc/modules/dump/dumper.go#L123-L1281 Data Flow/s detected
https://github.com/SharonKoch/Gitea_Demo/blob/e10134dd0ff07aae5f414b8ef2d67d31b8bd81fc/modules/dump/dumper.go#L84 https://github.com/SharonKoch/Gitea_Demo/blob/e10134dd0ff07aae5f414b8ef2d67d31b8bd81fc/modules/dump/dumper.go#L139 https://github.com/SharonKoch/Gitea_Demo/blob/e10134dd0ff07aae5f414b8ef2d67d31b8bd81fc/modules/dump/dumper.go#L123 https://github.com/SharonKoch/Gitea_Demo/blob/e10134dd0ff07aae5f414b8ef2d67d31b8bd81fc/modules/dump/dumper.go#L124 https://github.com/SharonKoch/Gitea_Demo/blob/e10134dd0ff07aae5f414b8ef2d67d31b8bd81fc/modules/dump/dumper.go#L128Secure Code Warrior Training Material
● Training ▪ [Secure Code Warrior Path/Directory Traversal Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/pathtraversal/go/vanilla) ● Videos ▪ [Secure Code Warrior Path/Directory Traversal Video](https://media.securecodewarrior.com/v2/module_196_path_traversal.mp4) ● Further Reading ▪ [OWASP Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal) ▪ [OWASP Input Validation Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html)Vulnerable Code
https://github.com/SharonKoch/Gitea_Demo/blob/e10134dd0ff07aae5f414b8ef2d67d31b8bd81fc/modules/dump/dumper.go#L79-L844 Data Flow/s detected
View Data Flow 1
https://github.com/SharonKoch/Gitea_Demo/blob/e10134dd0ff07aae5f414b8ef2d67d31b8bd81fc/modules/dump/dumper.go#L84 https://github.com/SharonKoch/Gitea_Demo/blob/e10134dd0ff07aae5f414b8ef2d67d31b8bd81fc/modules/dump/dumper.go#L139 https://github.com/SharonKoch/Gitea_Demo/blob/e10134dd0ff07aae5f414b8ef2d67d31b8bd81fc/modules/dump/dumper.go#L83 https://github.com/SharonKoch/Gitea_Demo/blob/e10134dd0ff07aae5f414b8ef2d67d31b8bd81fc/modules/dump/dumper.go#L84View Data Flow 2
https://github.com/SharonKoch/Gitea_Demo/blob/e10134dd0ff07aae5f414b8ef2d67d31b8bd81fc/modules/dump/dumper.go#L84 https://github.com/SharonKoch/Gitea_Demo/blob/e10134dd0ff07aae5f414b8ef2d67d31b8bd81fc/modules/dump/dumper.go#L139 https://github.com/SharonKoch/Gitea_Demo/blob/e10134dd0ff07aae5f414b8ef2d67d31b8bd81fc/modules/dump/dumper.go#L83 https://github.com/SharonKoch/Gitea_Demo/blob/e10134dd0ff07aae5f414b8ef2d67d31b8bd81fc/modules/dump/dumper.go#L84View Data Flow 3
https://github.com/SharonKoch/Gitea_Demo/blob/e10134dd0ff07aae5f414b8ef2d67d31b8bd81fc/modules/dump/dumper.go#L84 https://github.com/SharonKoch/Gitea_Demo/blob/e10134dd0ff07aae5f414b8ef2d67d31b8bd81fc/modules/dump/dumper.go#L139 https://github.com/SharonKoch/Gitea_Demo/blob/e10134dd0ff07aae5f414b8ef2d67d31b8bd81fc/modules/dump/dumper.go#L123 https://github.com/SharonKoch/Gitea_Demo/blob/e10134dd0ff07aae5f414b8ef2d67d31b8bd81fc/modules/dump/dumper.go#L124 https://github.com/SharonKoch/Gitea_Demo/blob/e10134dd0ff07aae5f414b8ef2d67d31b8bd81fc/modules/dump/dumper.go#L139 https://github.com/SharonKoch/Gitea_Demo/blob/e10134dd0ff07aae5f414b8ef2d67d31b8bd81fc/modules/dump/dumper.go#L83 https://github.com/SharonKoch/Gitea_Demo/blob/e10134dd0ff07aae5f414b8ef2d67d31b8bd81fc/modules/dump/dumper.go#L84Secure Code Warrior Training Material
● Training ▪ [Secure Code Warrior Path/Directory Traversal Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/pathtraversal/go/vanilla) ● Videos ▪ [Secure Code Warrior Path/Directory Traversal Video](https://media.securecodewarrior.com/v2/module_196_path_traversal.mp4) ● Further Reading ▪ [OWASP Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal) ▪ [OWASP Input Validation Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html)Vulnerable Code
https://github.com/SharonKoch/Gitea_Demo/blob/e10134dd0ff07aae5f414b8ef2d67d31b8bd81fc/modules/util/rotatingfilewriter/writer.go#L96-L1012 Data Flow/s detected
View Data Flow 1
https://github.com/SharonKoch/Gitea_Demo/blob/e10134dd0ff07aae5f414b8ef2d67d31b8bd81fc/modules/util/rotatingfilewriter/writer.go#L101 https://github.com/SharonKoch/Gitea_Demo/blob/e10134dd0ff07aae5f414b8ef2d67d31b8bd81fc/modules/util/rotatingfilewriter/writer.go#L100 https://github.com/SharonKoch/Gitea_Demo/blob/e10134dd0ff07aae5f414b8ef2d67d31b8bd81fc/modules/util/rotatingfilewriter/writer.go#L101View Data Flow 2
https://github.com/SharonKoch/Gitea_Demo/blob/e10134dd0ff07aae5f414b8ef2d67d31b8bd81fc/modules/util/rotatingfilewriter/writer.go#L101 https://github.com/SharonKoch/Gitea_Demo/blob/e10134dd0ff07aae5f414b8ef2d67d31b8bd81fc/modules/util/rotatingfilewriter/writer.go#L150 https://github.com/SharonKoch/Gitea_Demo/blob/e10134dd0ff07aae5f414b8ef2d67d31b8bd81fc/modules/util/rotatingfilewriter/writer.go#L100 https://github.com/SharonKoch/Gitea_Demo/blob/e10134dd0ff07aae5f414b8ef2d67d31b8bd81fc/modules/util/rotatingfilewriter/writer.go#L101Secure Code Warrior Training Material
● Training ▪ [Secure Code Warrior Path/Directory Traversal Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/pathtraversal/go/vanilla) ● Videos ▪ [Secure Code Warrior Path/Directory Traversal Video](https://media.securecodewarrior.com/v2/module_196_path_traversal.mp4) ● Further Reading ▪ [OWASP Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal) ▪ [OWASP Input Validation Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html)Vulnerable Code
https://github.com/SharonKoch/Gitea_Demo/blob/e10134dd0ff07aae5f414b8ef2d67d31b8bd81fc/cmd/serv.go#L308-L3131 Data Flow/s detected
https://github.com/SharonKoch/Gitea_Demo/blob/e10134dd0ff07aae5f414b8ef2d67d31b8bd81fc/cmd/serv.go#L155 https://github.com/SharonKoch/Gitea_Demo/blob/e10134dd0ff07aae5f414b8ef2d67d31b8bd81fc/cmd/serv.go#L175 https://github.com/SharonKoch/Gitea_Demo/blob/e10134dd0ff07aae5f414b8ef2d67d31b8bd81fc/cmd/serv.go#L191 https://github.com/SharonKoch/Gitea_Demo/blob/e10134dd0ff07aae5f414b8ef2d67d31b8bd81fc/cmd/serv.go#L301 https://github.com/SharonKoch/Gitea_Demo/blob/e10134dd0ff07aae5f414b8ef2d67d31b8bd81fc/cmd/serv.go#L313Secure Code Warrior Training Material
● Training ▪ [Secure Code Warrior Command Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/oscmd/go/vanilla) ● Videos ▪ [Secure Code Warrior Command Injection Video](https://media.securecodewarrior.com/OS+Command+Injections_v2.mp4) ● Further Reading ▪ [OWASP testing for Command Injection](https://wiki.owasp.org/index.php/Testing_for_Command_Injection_(OTG-INPVAL-013)) ▪ [OWASP Command Injection](https://owasp.org/www-community/attacks/Command_Injection)Vulnerable Code
https://github.com/SharonKoch/Gitea_Demo/blob/e10134dd0ff07aae5f414b8ef2d67d31b8bd81fc/modules/private/internal.go#L43-L481 Data Flow/s detected
https://github.com/SharonKoch/Gitea_Demo/blob/e10134dd0ff07aae5f414b8ef2d67d31b8bd81fc/modules/private/internal.go#L48Secure Code Warrior Training Material
● Training ▪ [Secure Code Warrior Insecure TLS Configuration Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/mobile/insufficient_transport_layer_protection/weak_certificate_validation/go/vanilla) ● Videos ▪ [Secure Code Warrior Insecure TLS Configuration Video](https://media.securecodewarrior.com/v2/Module_118_WEAK_CERTIFICATE_VALIDATION_v2.mp4)Vulnerable Code
https://github.com/SharonKoch/Gitea_Demo/blob/e10134dd0ff07aae5f414b8ef2d67d31b8bd81fc/modules/private/internal.go#L39-L441 Data Flow/s detected
https://github.com/SharonKoch/Gitea_Demo/blob/e10134dd0ff07aae5f414b8ef2d67d31b8bd81fc/modules/private/internal.go#L44Secure Code Warrior Training Material
● Training ▪ [Secure Code Warrior Insecure TLS Configuration Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/mobile/insufficient_transport_layer_protection/weak_certificate_validation/go/vanilla) ● Videos ▪ [Secure Code Warrior Insecure TLS Configuration Video](https://media.securecodewarrior.com/v2/Module_118_WEAK_CERTIFICATE_VALIDATION_v2.mp4)Vulnerable Code
https://github.com/SharonKoch/Gitea_Demo/blob/e10134dd0ff07aae5f414b8ef2d67d31b8bd81fc/services/forms/admin.go#L22Secure Code Warrior Training Material
Vulnerable Code
https://github.com/SharonKoch/Gitea_Demo/blob/e10134dd0ff07aae5f414b8ef2d67d31b8bd81fc/services/migrations/gogs.go#L69Secure Code Warrior Training Material
Findings Overview