search

cyates-checkmarx / terragoat

TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.
https://www.bridgecrew.io/
Apache License 2.0
0 stars 0 forks source link

Update README.md #24

Closed cyates-checkmarx closed 7 months ago

cyates-checkmarx commented 7 months ago

Scan submitted to Checkmarx

cyates-checkmarx commented 7 months ago

Logo Checkmarx SAST - Scan Summary & Details

Cx-SAST Summary

Total of 17 vulnerabilities High 0 High Medium 3 Medium Low 13 Low Info 1 Info

Violation Summary

Low 9 Low Medium 3 Medium Info 1 Information

View more details on Checkmarx UI

Cx-SAST Details

Click to see details |Lines|Severity|Category|File|Link| ---|---|---|---|--- [221](https://github.com/cyates-checkmarx/terragoat/blob/cyates-checkmarx-patch-2/HammerHead.java#L221) [495](https://github.com/cyates-checkmarx/terragoat/blob/cyates-checkmarx-patch-2/HammerHead.java#L495) |Medium|Session_Fixation|HammerHead.java|[Checkmarx](http://ec2amaz-3jbtk7r/CxWebClient/ViewerMain.aspx?scanid=1030014&projectid=104&pathid=4) [197](https://github.com/cyates-checkmarx/terragoat/blob/cyates-checkmarx-patch-2/LessonSource.java#L197) |Medium|Missing_HSTS_Header|LessonSource.java|[Checkmarx](http://ec2amaz-3jbtk7r/CxWebClient/ViewerMain.aspx?scanid=1030014&projectid=104&pathid=1) [159](https://github.com/cyates-checkmarx/terragoat/blob/cyates-checkmarx-patch-2/packages/node/base/package.json#L159) |Low|TruffleHog_HighEntropy_Strings|packages/node/base/package.json|[Checkmarx](http://ec2amaz-3jbtk7r/CxWebClient/ViewerMain.aspx?scanid=1030014&projectid=104&pathid=17) [1252](https://github.com/cyates-checkmarx/terragoat/blob/cyates-checkmarx-patch-2/packages/node/base/dep.txt#L1252) |Low|TruffleHog_HighEntropy_Strings|packages/node/base/dep.txt|[Checkmarx](http://ec2amaz-3jbtk7r/CxWebClient/ViewerMain.aspx?scanid=1030014&projectid=104&pathid=15) [135](https://github.com/cyates-checkmarx/terragoat/blob/cyates-checkmarx-patch-2/HammerHead.java#L135) |Low|Race_Condition|HammerHead.java|[Checkmarx](http://ec2amaz-3jbtk7r/CxWebClient/ViewerMain.aspx?scanid=1030014&projectid=104&pathid=13) [190](https://github.com/cyates-checkmarx/terragoat/blob/cyates-checkmarx-patch-2/HammerHead.java#L190) [202](https://github.com/cyates-checkmarx/terragoat/blob/cyates-checkmarx-patch-2/HammerHead.java#L202) |Low|Information_Exposure_Through_an_Error_Message|HammerHead.java|[Checkmarx](http://ec2amaz-3jbtk7r/CxWebClient/ViewerMain.aspx?scanid=1030014&projectid=104&pathid=8) [91](https://github.com/cyates-checkmarx/terragoat/blob/cyates-checkmarx-patch-2/LessonSource.java#L91) [102](https://github.com/cyates-checkmarx/terragoat/blob/cyates-checkmarx-patch-2/LessonSource.java#L102) |Low|Information_Exposure_Through_an_Error_Message|LessonSource.java|[Checkmarx](http://ec2amaz-3jbtk7r/CxWebClient/ViewerMain.aspx?scanid=1030014&projectid=104&pathid=6) [525](https://github.com/cyates-checkmarx/terragoat/blob/cyates-checkmarx-patch-2/HammerHead.java#L525) |Low|Incorrect_Permission_Assignment_For_Critical_Resources|HammerHead.java|[Checkmarx](http://ec2amaz-3jbtk7r/CxWebClient/ViewerMain.aspx?scanid=1030014&projectid=104&pathid=2) [190](https://github.com/cyates-checkmarx/terragoat/blob/cyates-checkmarx-patch-2/LessonSource.java#L190) |Low|Incorrect_Permission_Assignment_For_Critical_Resources|LessonSource.java|[Checkmarx](http://ec2amaz-3jbtk7r/CxWebClient/ViewerMain.aspx?scanid=1030014&projectid=104&pathid=3) [35](https://github.com/cyates-checkmarx/terragoat/blob/cyates-checkmarx-patch-2/packages/sub/pom.xml#L35) |Information|Potential_Usage_of_Vulnerable_Log4J|packages/sub/pom.xml|[Checkmarx](http://ec2amaz-3jbtk7r/CxWebClient/ViewerMain.aspx?scanid=1030014&projectid=104&pathid=14)