latest_boa

[ilandn]

By submitting a PR to this repository, you agree to the terms within the Checkmarx Code of Conduct. Please see the contributing guidelines for how to create and submit a high-quality PR for this repo.

Description

Describe the purpose of this PR along with any background information and the impacts of the proposed change.

References

Include supporting link to GitHub Issue/PR number

Testing

Describe how this change was tested. Be specific about anything not tested and reasons why. If this solution has unit and/or integration testing, tests should be added for new functionality and existing tests should complete without errors.

Please include any manual steps for testing end-to-end or functionality not covered by unit/integration tests.

Checklist

• [ ] I have added documentation for new/changed functionality in this PR (if applicable). If documentaiton is a Wiki Update, please indicate desired changes within PR MD Comment
• [ ] All active GitHub checks for tests, formatting, and security are passing
• [ ] The correct base branch is being used

[fjsnogueira]

Checkmarx AST – Scan Summary & Details – 016f8d0a-0d20-4798-af70-e5222e8d6077

New Issues

Severity	Issue	File / Package	Scan Engine
HIGH	CVE-2017-1000190	Maven-org.simpleframework:simple-xml-2.7.1	CxSCA
HIGH	CVE-2020-13936	Maven-org.apache.velocity:velocity-1.7	CxSCA
HIGH	CVE-2020-36518	Maven-com.fasterxml.jackson.core:jackson-databind-2.11.3	CxSCA
HIGH	CVE-2022-23596	Maven-com.github.junrar:junrar-1.0.1	CxSCA
HIGH	Cxb3498186-093f	Maven-org.freemarker:freemarker-2.3.23	CxSCA
MEDIUM	Cxced0c06c-935c	Maven-com.fasterxml.jackson.core:jackson-databind-2.11.3	CxSCA
MEDIUM	Improper_Restriction_of_XXE_Ref	/src/main/java/com/cx/restclient/httpClient/utils/HttpClientHelper.java: 44, 61, 88	CxSAST
MEDIUM	Privacy_Violation	/src/main/java/com/cx/restclient/configuration/CxScanConfig.java: 270	CxSAST
MEDIUM	SSRF	/src/main/java/com/cx/restclient/httpClient/CxHttpClient.java: 415, 418	CxSAST
MEDIUM	SSRF	/src/main/java/com/cx/restclient/httpClient/utils/HttpClientHelper.java: 44, 61, 88	CxSAST
MEDIUM	Unchecked_Input_for_Loop_Condition	/src/main/java/com/cx/restclient/httpClient/utils/HttpClientHelper.java: 44, 61, 88	CxSAST
MEDIUM	Unchecked_Input_for_Loop_Condition	/src/main/java/com/cx/restclient/httpClient/CxHttpClient.java: 415, 418	CxSAST
LOW	CVE-2020-8908	Maven-com.google.guava:guava-27.0-jre	CxSCA
LOW	Cxeb68d52e-5509	Maven-commons-codec:commons-codec-1.11	CxSCA
LOW	Heap_Inspection	/src/main/java/com/cx/restclient/ast/AstScaClient.java: 133, 178	CxSAST
LOW	Heap_Inspection	/src/main/java/com/cx/restclient/configuration/CxScanConfig.java: 32	CxSAST
LOW	Heap_Inspection	/src/main/java/com/cx/restclient/dto/LoginRequest.java: 13	CxSAST
LOW	Heap_Inspection	/src/main/java/com/cx/restclient/ast/AstClient.java: 158	CxSAST
LOW	Heap_Inspection	/src/main/java/com/cx/restclient/dto/ProxyConfig.java: 10	CxSAST
LOW	Heap_Inspection	/src/main/java/com/cx/restclient/dto/LoginSettings.java: 18, 26	CxSAST
LOW	Heap_Inspection	/src/main/java/com/cx/restclient/osa/dto/LoginRequest.java: 13	CxSAST
LOW	Heap_Inspection	/src/main/java/com/cx/restclient/dto/RemoteSourceRequest.java: 16	CxSAST
LOW	Heap_Inspection	/src/main/java/com/cx/restclient/osa/dto/ScanConfiguration.java: 21	CxSAST
LOW	Log_Forging	/src/main/java/com/cx/restclient/httpClient/CxHttpClient.java: 415, 418	CxSAST
LOW	Log_Forging	/src/main/java/com/cx/restclient/httpClient/utils/HttpClientHelper.java: 44, 61, 88	CxSAST
LOW	Use_Of_Hardcoded_Password	/src/main/java/com/cx/restclient/httpClient/CxHttpClient.java: 99	CxSAST
LOW	Use_Of_Hardcoded_Password	/src/main/java/com/cx/restclient/ast/AstClient.java: 47	CxSAST
LOW	Use_of_Broken_or_Risky_Cryptographic_Algorithm	/src/main/java/com/cx/restclient/sca/utils/fingerprints/Sha1SignatureCalculator.java: 18	CxSAST