The list below presents the 10 most relevant findings that need your attention. To view information on the remaining findings, navigate to the Mend Application.
Vulnerable Code
https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/research.js#L8-L13
1 Data Flow/s detected
https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/index.js#L88
https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/research.js#L9
https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/research.js#L12
https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/research.js#L13
Secure Code Warrior Training Material
● Training
▪ [Secure Code Warrior Server Side Request Forgery Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/ssrf/generic/nodejs/express)
● Videos
▪ [Secure Code Warrior Server Side Request Forgery Video](https://media.securecodewarrior.com/v2/module_125_server_side_request_forgery.mp4)
Code Security Report
Scan Metadata
Latest Scan: 2024-05-22 06:50am Total Findings: 17 | New Findings: 17 | Resolved Findings: 17 Tested Project Files: 50 Detected Programming Languages: 1 (JavaScript / TypeScript*)
Most Relevant Findings
Vulnerable Code
https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/contributions.js#L22-L271 Data Flow/s detected
https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/index.js#L52 https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/contributions.js#L22 https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/contributions.js#L27Secure Code Warrior Training Material
● Training ▪ [Secure Code Warrior Code Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/code/nodejs/express) ● Videos ▪ [Secure Code Warrior Code Injection Video](https://media.securecodewarrior.com/v2/Module_28_CODE_INJECTION_v2.mp4) ● Further Reading ▪ [OWASP Command Injection](https://owasp.org/www-community/attacks/Code_Injection)Vulnerable Code
https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/contributions.js#L21-L261 Data Flow/s detected
https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/index.js#L52 https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/contributions.js#L22 https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/contributions.js#L26Secure Code Warrior Training Material
● Training ▪ [Secure Code Warrior Code Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/code/nodejs/express) ● Videos ▪ [Secure Code Warrior Code Injection Video](https://media.securecodewarrior.com/v2/Module_28_CODE_INJECTION_v2.mp4) ● Further Reading ▪ [OWASP Command Injection](https://owasp.org/www-community/attacks/Code_Injection)Vulnerable Code
https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/error.js#L5-L101 Data Flow/s detected
https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/index.js#L91 https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/error.js#L3 https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/error.js#L11 https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/error.js#L10Secure Code Warrior Training Material
● Training ▪ [Secure Code Warrior Code Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/code/nodejs/express) ● Videos ▪ [Secure Code Warrior Code Injection Video](https://media.securecodewarrior.com/v2/Module_28_CODE_INJECTION_v2.mp4) ● Further Reading ▪ [OWASP Command Injection](https://owasp.org/www-community/attacks/Code_Injection)Vulnerable Code
https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/session.js#L226-L2312 Data Flow/s detected
View Data Flow 1
https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/index.js#L38 https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/session.js#L177 https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/session.js#L181 https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/session.js#L190 https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/session.js#L231View Data Flow 2
https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/index.js#L38 https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/session.js#L177 https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/session.js#L180 https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/session.js#L191 https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/session.js#L231Secure Code Warrior Training Material
● Training ▪ [Secure Code Warrior Code Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/code/nodejs/express) ● Videos ▪ [Secure Code Warrior Code Injection Video](https://media.securecodewarrior.com/v2/Module_28_CODE_INJECTION_v2.mp4) ● Further Reading ▪ [OWASP Command Injection](https://owasp.org/www-community/attacks/Code_Injection)Vulnerable Code
https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/profile.js#L54-L597 Data Flow/s detected
View Data Flow 1
https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/index.js#L48 https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/profile.js#L34 https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/profile.js#L39 https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/profile.js#L63 https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/profile.js#L59View Data Flow 2
https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/index.js#L48 https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/profile.js#L34 https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/profile.js#L38 https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/profile.js#L62 https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/profile.js#L59View Data Flow 3
https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/index.js#L48 https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/profile.js#L34 https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/profile.js#L40 https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/profile.js#L64 https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/profile.js#L59Secure Code Warrior Training Material
● Training ▪ [Secure Code Warrior Code Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/code/nodejs/express) ● Videos ▪ [Secure Code Warrior Code Injection Video](https://media.securecodewarrior.com/v2/Module_28_CODE_INJECTION_v2.mp4) ● Further Reading ▪ [OWASP Command Injection](https://owasp.org/www-community/attacks/Code_Injection)Vulnerable Code
https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/contributions.js#L23-L281 Data Flow/s detected
https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/index.js#L52 https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/contributions.js#L22 https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/contributions.js#L28Secure Code Warrior Training Material
● Training ▪ [Secure Code Warrior Code Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/code/nodejs/express) ● Videos ▪ [Secure Code Warrior Code Injection Video](https://media.securecodewarrior.com/v2/Module_28_CODE_INJECTION_v2.mp4) ● Further Reading ▪ [OWASP Command Injection](https://owasp.org/www-community/attacks/Code_Injection)Vulnerable Code
https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/index.js#L79-L841 Data Flow/s detected
https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/index.js#L80 https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/index.js#L82 https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/index.js#L84Secure Code Warrior Training Material
● Training ▪ [Secure Code Warrior Path/Directory Traversal Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/pathtraversal/nodejs/express) ● Videos ▪ [Secure Code Warrior Path/Directory Traversal Video](https://media.securecodewarrior.com/v2/module_196_path_traversal.mp4) ● Further Reading ▪ [OWASP Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal) ▪ [OWASP Input Validation Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html)Vulnerable Code
https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/data/memos-dao.js#L18-L231 Data Flow/s detected
https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/index.js#L67 https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/memos.js#L8 https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/memos.js#L10 https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/data/memos-dao.js#L15 https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/data/memos-dao.js#L19 https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/data/memos-dao.js#L23Secure Code Warrior Training Material
● Training ▪ [Secure Code Warrior NoSQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/nosql/nodejs/express) ● Videos ▪ [Secure Code Warrior NoSQL Injection Video](https://media.securecodewarrior.com/v2/Module_21_NoSQL_INJECTION_v2.mp4)Vulnerable Code
https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/data/user-dao.js#L86-L911 Data Flow/s detected
https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/index.js#L34 https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/session.js#L47 https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/session.js#L49 https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/session.js#L52 https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/data/user-dao.js#L57 https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/data/user-dao.js#L92 https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/data/user-dao.js#L91Secure Code Warrior Training Material
● Training ▪ [Secure Code Warrior NoSQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/nosql/nodejs/express) ● Videos ▪ [Secure Code Warrior NoSQL Injection Video](https://media.securecodewarrior.com/v2/Module_21_NoSQL_INJECTION_v2.mp4)Vulnerable Code
https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/research.js#L8-L131 Data Flow/s detected
https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/index.js#L88 https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/research.js#L9 https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/research.js#L12 https://github.com/bengmend/NodeGoat/blob/ac60bedbb26aac1d1737d95a9da0e9dce0d89bcf/apps/server-render/app/routes/research.js#L13Secure Code Warrior Training Material
● Training ▪ [Secure Code Warrior Server Side Request Forgery Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/ssrf/generic/nodejs/express) ● Videos ▪ [Secure Code Warrior Server Side Request Forgery Video](https://media.securecodewarrior.com/v2/module_125_server_side_request_forgery.mp4)Findings Overview