search

aayant-mend / NodeGoat

The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.
https://www.owasp.org/index.php/Projects/OWASP_Node_js_Goat_Project
Apache License 2.0
0 stars 0 forks source link

Code Security Report: 3 high severity findings, 16 total findings #121

Open mend-for-github-com[bot] opened 1 year ago

mend-for-github-com[bot] commented 1 year ago

Code Security Report

Scan Metadata

Latest Scan: 2023-09-29 11:43pm Total Findings: 16 | New Findings: 0 | Resolved Findings: 0 Tested Project Files: 51 Detected Programming Languages: 1 (JavaScript / Node.js)

Most Relevant Findings

The below list presents the 10 most relevant findings that need your attention. To view information on the remaining findings, navigate to the Mend SAST Application.

SeverityVulnerability TypeCWEFileData FlowsDate
HighCode Injection [CWE-94](https://cwe.mitre.org/data/definitions/94.html) [contributions.js:34](https://github.com/aayant-mend/NodeGoat/blob/a64b420b319389da6a34f4ce77db9248b5bc1aea/app/routes/contributions.js#L34) 22023-06-19 09:02pm
Vulnerable Code https://github.com/aayant-mend/NodeGoat/blob/a64b420b319389da6a34f4ce77db9248b5bc1aea/app/routes/contributions.js#L29-L34
2 Data Flow/s detected
View Data Flow 1 https://github.com/aayant-mend/NodeGoat/blob/a64b420b319389da6a34f4ce77db9248b5bc1aea/app/routes/contributions.js#L34
View Data Flow 2 https://github.com/aayant-mend/NodeGoat/blob/a64b420b319389da6a34f4ce77db9248b5bc1aea/app/routes/contributions.js#L34 https://github.com/aayant-mend/NodeGoat/blob/a64b420b319389da6a34f4ce77db9248b5bc1aea/app/routes/contributions.js#L34 https://github.com/aayant-mend/NodeGoat/blob/a64b420b319389da6a34f4ce77db9248b5bc1aea/app/routes/contributions.js#L34
 
HighCode Injection [CWE-94](https://cwe.mitre.org/data/definitions/94.html) [contributions.js:33](https://github.com/aayant-mend/NodeGoat/blob/a64b420b319389da6a34f4ce77db9248b5bc1aea/app/routes/contributions.js#L33) 22023-06-19 09:02pm
Vulnerable Code https://github.com/aayant-mend/NodeGoat/blob/a64b420b319389da6a34f4ce77db9248b5bc1aea/app/routes/contributions.js#L28-L33
2 Data Flow/s detected
View Data Flow 1 https://github.com/aayant-mend/NodeGoat/blob/a64b420b319389da6a34f4ce77db9248b5bc1aea/app/routes/contributions.js#L33
View Data Flow 2 https://github.com/aayant-mend/NodeGoat/blob/a64b420b319389da6a34f4ce77db9248b5bc1aea/app/routes/contributions.js#L33 https://github.com/aayant-mend/NodeGoat/blob/a64b420b319389da6a34f4ce77db9248b5bc1aea/app/routes/contributions.js#L33 https://github.com/aayant-mend/NodeGoat/blob/a64b420b319389da6a34f4ce77db9248b5bc1aea/app/routes/contributions.js#L33
 
HighCode Injection [CWE-94](https://cwe.mitre.org/data/definitions/94.html) [contributions.js:32](https://github.com/aayant-mend/NodeGoat/blob/a64b420b319389da6a34f4ce77db9248b5bc1aea/app/routes/contributions.js#L32) 22023-06-19 09:02pm
Vulnerable Code https://github.com/aayant-mend/NodeGoat/blob/a64b420b319389da6a34f4ce77db9248b5bc1aea/app/routes/contributions.js#L27-L32
2 Data Flow/s detected
View Data Flow 1 https://github.com/aayant-mend/NodeGoat/blob/a64b420b319389da6a34f4ce77db9248b5bc1aea/app/routes/contributions.js#L32
View Data Flow 2 https://github.com/aayant-mend/NodeGoat/blob/a64b420b319389da6a34f4ce77db9248b5bc1aea/app/routes/contributions.js#L32 https://github.com/aayant-mend/NodeGoat/blob/a64b420b319389da6a34f4ce77db9248b5bc1aea/app/routes/contributions.js#L32 https://github.com/aayant-mend/NodeGoat/blob/a64b420b319389da6a34f4ce77db9248b5bc1aea/app/routes/contributions.js#L32
 
MediumWeak Pseudo-Random [CWE-338](https://cwe.mitre.org/data/definitions/338.html) [db-reset.js:113](https://github.com/aayant-mend/NodeGoat/blob/a64b420b319389da6a34f4ce77db9248b5bc1aea/artifacts/db-reset.js#L113) 12023-06-19 09:02pm
Vulnerable Code https://github.com/aayant-mend/NodeGoat/blob/a64b420b319389da6a34f4ce77db9248b5bc1aea/artifacts/db-reset.js#L108-L113
1 Data Flow/s detected
View Data Flow 1 https://github.com/aayant-mend/NodeGoat/blob/a64b420b319389da6a34f4ce77db9248b5bc1aea/artifacts/db-reset.js#L113
 
MediumWeak Pseudo-Random [CWE-338](https://cwe.mitre.org/data/definitions/338.html) [db-reset.js:112](https://github.com/aayant-mend/NodeGoat/blob/a64b420b319389da6a34f4ce77db9248b5bc1aea/artifacts/db-reset.js#L112) 12023-06-19 09:02pm
Vulnerable Code https://github.com/aayant-mend/NodeGoat/blob/a64b420b319389da6a34f4ce77db9248b5bc1aea/artifacts/db-reset.js#L107-L112
1 Data Flow/s detected
View Data Flow 1 https://github.com/aayant-mend/NodeGoat/blob/a64b420b319389da6a34f4ce77db9248b5bc1aea/artifacts/db-reset.js#L112
 
MediumWeak Pseudo-Random [CWE-338](https://cwe.mitre.org/data/definitions/338.html) [session.js:17](https://github.com/aayant-mend/NodeGoat/blob/a64b420b319389da6a34f4ce77db9248b5bc1aea/app/routes/session.js#L17) 12023-06-19 09:02pm
Vulnerable Code https://github.com/aayant-mend/NodeGoat/blob/a64b420b319389da6a34f4ce77db9248b5bc1aea/app/routes/session.js#L12-L17
1 Data Flow/s detected
View Data Flow 1 https://github.com/aayant-mend/NodeGoat/blob/a64b420b319389da6a34f4ce77db9248b5bc1aea/app/routes/session.js#L17
 
MediumWeak Pseudo-Random [CWE-338](https://cwe.mitre.org/data/definitions/338.html) [session.js:16](https://github.com/aayant-mend/NodeGoat/blob/a64b420b319389da6a34f4ce77db9248b5bc1aea/app/routes/session.js#L16) 12023-06-19 09:02pm
Vulnerable Code https://github.com/aayant-mend/NodeGoat/blob/a64b420b319389da6a34f4ce77db9248b5bc1aea/app/routes/session.js#L11-L16
1 Data Flow/s detected
View Data Flow 1 https://github.com/aayant-mend/NodeGoat/blob/a64b420b319389da6a34f4ce77db9248b5bc1aea/app/routes/session.js#L16
 
MediumWeak Pseudo-Random [CWE-338](https://cwe.mitre.org/data/definitions/338.html) [user-dao.js:53](https://github.com/aayant-mend/NodeGoat/blob/a64b420b319389da6a34f4ce77db9248b5bc1aea/app/data/user-dao.js#L53) 12023-06-19 09:02pm
Vulnerable Code https://github.com/aayant-mend/NodeGoat/blob/a64b420b319389da6a34f4ce77db9248b5bc1aea/app/data/user-dao.js#L48-L53
1 Data Flow/s detected
View Data Flow 1 https://github.com/aayant-mend/NodeGoat/blob/a64b420b319389da6a34f4ce77db9248b5bc1aea/app/data/user-dao.js#L53
 
MediumWeak Pseudo-Random [CWE-338](https://cwe.mitre.org/data/definitions/338.html) [user-dao.js:52](https://github.com/aayant-mend/NodeGoat/blob/a64b420b319389da6a34f4ce77db9248b5bc1aea/app/data/user-dao.js#L52) 12023-06-19 09:02pm
Vulnerable Code https://github.com/aayant-mend/NodeGoat/blob/a64b420b319389da6a34f4ce77db9248b5bc1aea/app/data/user-dao.js#L47-L52
1 Data Flow/s detected
View Data Flow 1 https://github.com/aayant-mend/NodeGoat/blob/a64b420b319389da6a34f4ce77db9248b5bc1aea/app/data/user-dao.js#L52
 
MediumWeak Pseudo-Random [CWE-338](https://cwe.mitre.org/data/definitions/338.html) [user-dao.js:51](https://github.com/aayant-mend/NodeGoat/blob/a64b420b319389da6a34f4ce77db9248b5bc1aea/app/data/user-dao.js#L51) 12023-06-19 09:02pm
Vulnerable Code https://github.com/aayant-mend/NodeGoat/blob/a64b420b319389da6a34f4ce77db9248b5bc1aea/app/data/user-dao.js#L46-L51
1 Data Flow/s detected
View Data Flow 1 https://github.com/aayant-mend/NodeGoat/blob/a64b420b319389da6a34f4ce77db9248b5bc1aea/app/data/user-dao.js#L51

Findings Overview

Severity Vulnerability Type CWE Language Count
High Code Injection CWE-94 JavaScript / Node.js 3
Medium Weak Pseudo-Random CWE-338 JavaScript / Node.js 8
Medium Hardcoded Password/Credentials CWE-798 JavaScript / Node.js 4
Low Unvalidated/Open Redirect CWE-601 JavaScript / Node.js 1