search

darcosion / Echosounder

petit programme marrant
MIT License
14 stars 1 forks source link

fix bug #93 #94

Closed darcosion closed 2 months ago

darcosion commented 2 months ago

fix le bug #93

darcosion commented 2 months ago

Logo Checkmarx One – Scan Summary & Detailsdb4c76be-64b6-4dd0-ac1c-ff26270a8924

New Issues

Severity Issue Source File / Package Checkmarx Insight
HIGH CVE-2022-25844 Npm-angular-1.8.2 Vulnerable Package
HIGH CVE-2024-21490 Npm-angular-1.8.2 Vulnerable Package
HIGH Reflected_XSS_All_Clients /webchosounder.py: 118 Attack Vector
HIGH Reflected_XSS_All_Clients /webchosounder.py: 110 Attack Vector
HIGH Reflected_XSS_All_Clients /webchosounder.py: 102 Attack Vector
HIGH Reflected_XSS_All_Clients /webchosounder.py: 89 Attack Vector
HIGH Reflected_XSS_All_Clients /webchosounder.py: 80 Attack Vector
HIGH Reflected_XSS_All_Clients /webchosounder.py: 62 Attack Vector
HIGH Reflected_XSS_All_Clients /webchosounder.py: 62 Attack Vector
HIGH Reflected_XSS_All_Clients /webchosounder.py: 198 Attack Vector
HIGH Reflected_XSS_All_Clients /webchosounder.py: 191 Attack Vector
HIGH Reflected_XSS_All_Clients /webchosounder.py: 184 Attack Vector
HIGH Reflected_XSS_All_Clients /webchosounder.py: 177 Attack Vector
HIGH Reflected_XSS_All_Clients /webchosounder.py: 170 Attack Vector
HIGH Reflected_XSS_All_Clients /webchosounder.py: 163 Attack Vector
HIGH Reflected_XSS_All_Clients /webchosounder.py: 156 Attack Vector
HIGH Reflected_XSS_All_Clients /webchosounder.py: 149 Attack Vector
HIGH Reflected_XSS_All_Clients /webchosounder.py: 142 Attack Vector
HIGH Reflected_XSS_All_Clients /webchosounder.py: 135 Attack Vector
HIGH Reflected_XSS_All_Clients /webchosounder.py: 135 Attack Vector
HIGH Reflected_XSS_All_Clients /webchosounder.py: 135 Attack Vector
HIGH Reflected_XSS_All_Clients /webchosounder.py: 133 Attack Vector
HIGH Reflected_XSS_All_Clients /webchosounder.py: 126 Attack Vector
HIGH Reflected_XSS_All_Clients /webchosounder.py: 90 Attack Vector
HIGH Reflected_XSS_All_Clients /webchosounder.py: 81 Attack Vector
HIGH Stored_XSS /webchosounder.py: 205 Attack Vector
MEDIUM CSRF /webchosounder.py: 93 Attack Vector
MEDIUM CSRF /webchosounder.py: 201 Attack Vector
MEDIUM CVE-2022-25869 Npm-angular-1.8.2 Vulnerable Package
MEDIUM CVE-2023-26116 Npm-angular-1.8.2 Vulnerable Package
MEDIUM CVE-2023-26117 Npm-angular-1.8.2 Vulnerable Package
MEDIUM CVE-2023-26118 Npm-angular-1.8.2 Vulnerable Package
MEDIUM Client_DoS_By_Sleep /static/js/cytoscape.min.js: 12842 Attack Vector
MEDIUM Client_DoS_By_Sleep /static/js/cytoscape.min.js: 12924 Attack Vector
MEDIUM Client_DoS_By_Sleep /static/js/cytoscape.min.js: 12566 Attack Vector
MEDIUM Communication_Over_HTTP /ouiinfo/collectoui.py: 6 Attack Vector
MEDIUM Missing_HSTS_Header /webchosounder.py: 34 Attack Vector
LOW Client_JQuery_Deprecated_Symbols /static/js/cytoscape.min.js: 94 Attack Vector
LOW Client_JQuery_Deprecated_Symbols /static/js/angular-animate.min.js: 43 Attack Vector
LOW Client_Password_In_Comment /static/main.js: 1171 Attack Vector
LOW Client_Password_In_Comment /static/main.js: 1143 Attack Vector
LOW Client_Password_In_Comment /static/main.js: 1121 Attack Vector
LOW Client_Password_In_Comment /static/main.js: 763 Attack Vector
LOW Client_Password_In_Comment /static/main.js: 715 Attack Vector
LOW Debug_Enabled /webchosounder.py: 218 Attack Vector
LOW Missing_Content_Security_Policy /webchosounder.py: 34 Attack Vector
LOW Missing_Content_Security_Policy /templates/index.html: 6 Attack Vector
LOW Potential_Clickjacking_on_Legacy_Browsers /templates/index.html: 1 Attack Vector

Fixed Issues

Severity Issue Source File / Package
HIGH CVE-2024-38081 Nuget-Microsoft.IO.Redist-6.0.0
HIGH Client_DOM_Code_Injection /CommonExtensions/Platform/Debugger/WebViews/BptDiagnosticCommon/MicrosoftAjax-4.0.0.0.debug.js: 6511
HIGH Client_DOM_XSS /CommonExtensions/Platform/Debugger/WebViews/BptDiagnosticCommon/MicrosoftAjax-4.0.0.0.debug.js: 5491
HIGH Client_DOM_XSS /CommonExtensions/Platform/Debugger/WebViews/BptDiagnosticCommon/MicrosoftAjax-4.0.0.0.debug.js: 5502
HIGH Code_Injection /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/_pydevd_bundle/pydevconsole_code.py: 467
HIGH Code_Injection /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/pydev_run_in_console.py: 106
HIGH Code_Injection /Extensions/Microsoft/Python/Core/ptvsd/__main__.py: 36
HIGH Code_Injection /Extensions/Microsoft/Python/Core/ptvsd_launcher.py: 66
HIGH Code_Injection /Extensions/Microsoft/Python/Profiling/proflaun.py: 28
HIGH Code_Injection /Extensions/Microsoft/Python/Profiling/proflaun.py: 28
HIGH Code_Injection /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/pydev_sitecustomize/sitecustomize.py: 179
HIGH Command_Injection /Extensions/Microsoft/Python/Core/testlauncher.py: 93
HIGH Command_Injection /Extensions/Microsoft/Python/Core/ptvsd_repl_launcher.py: 44
HIGH Command_Injection /Extensions/Microsoft/Python/Core/ptvsd_repl_launcher.py: 127
HIGH Command_Injection /Extensions/Microsoft/Python/Core/ptvsd_launcher.py: 112
HIGH Command_Injection /Extensions/Microsoft/Python/Core/ptvsd/repl/jupyter_client.py: 419
HIGH Command_Injection /Extensions/Microsoft/Python/Core/ptvsd/repl/jupyter_client.py: 379
HIGH Command_Injection /Extensions/Microsoft/Python/Core/ptvsd/repl/jupyter_client.py: 233
HIGH Command_Injection /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/_pydev_bundle/pydev_ipython_console_011.py: 73
HIGH Command_Injection /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/pydev_coverage.py: 38
HIGH Command_Injection /Extensions/Microsoft/Python/Core/debugpy/launcher/handlers.py: 73
HIGH Command_Injection /Extensions/Microsoft/Python/Core/ptvsd/__main__.py: 36
HIGH Command_Injection /Extensions/Microsoft/Python/Core/ptvsd_launcher.py: 66
HIGH Command_Injection /Extensions/Microsoft/Python/Core/ptvsd/__main__.py: 36
HIGH Command_Injection /Extensions/Microsoft/Python/Core/ptvsd_launcher.py: 66
HIGH Cxdca8e59f-8bfe Npm-inflight-1.0.6
HIGH Local_File_Inclusion /Extensions/Microsoft/Python/Core/pylance/dist/scripts/scrape_module.py: 1288
HIGH Local_File_Inclusion /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/pydev_run_in_console.py: 106
HIGH Local_File_Inclusion /Extensions/Microsoft/Python/Core/ptvsd_repl_launcher.py: 72
HIGH Local_File_Inclusion /Extensions/Microsoft/Python/Core/pylance/dist/scripts/scrape_module.py: 1288
HIGH OS_Access_Violation /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/setup_pydevd_cython.py: 30
HIGH OS_Access_Violation /Extensions/Microsoft/Python/Core/debugpy/adapter/__main__.py: 227
HIGH OS_Access_Violation /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/setup_pydevd_cython.py: 28
HIGH OS_Access_Violation /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/setup_pydevd_cython.py: 28
HIGH OS_Access_Violation /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/setup_pydevd_cython.py: 28
HIGH OS_Access_Violation /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/setup_pydevd_cython.py: 30
HIGH OS_Access_Violation /Extensions/Microsoft/Python/Core/testlauncher.py: 44
HIGH OS_Access_Violation /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/setup_pydevd_cython.py: 28
HIGH Prototype_Pollution /CommonExtensions/Platform/Debugger/WebViews/BptDiagnosticCommon/MicrosoftAjax-4.0.0.0.debug.js: 5491
HIGH Prototype_Pollution /CommonExtensions/Platform/Debugger/WebViews/BptDiagnosticCommon/MicrosoftAjax-4.0.0.0.debug.js: 5502
HIGH Reflected_XSS /PrivateAssemblies/plugin.vs.v2.js: 2272
HIGH Resource_Injection /Extensions/Microsoft/Python/Core/debugpy/adapter/__main__.py: 227
HIGH Unsafe_Deserialization /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/_pydev_runfiles/pydev_runfiles_pytest2.py: 21
MEDIUM Buffer_Overflow_AddressOfLocalVarReturned /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/pydevd_attach_to_process/windows/attach.cpp: 101
MEDIUM CGI_XSS /CommonExtensions/Platform/Guide/Content/Projects/Welcome.CSharp/Welcome.CSharp/Program.cs: 7
MEDIUM CVE-2019-14862 Npm-knockout-3.4.0
MEDIUM CVE-2024-29992 Nuget-Azure.Identity-1.10.2
MEDIUM CVE-2024-4067 Npm-micromatch-4.0.7
MEDIUM Client_Potential_XSS /CommonExtensions/Platform/DiagnosticsHub/EdgeWebViews/summaryView.html: 47
MEDIUM Client_Potential_XSS /CommonExtensions/Platform/DiagnosticsHub/EdgeWebViews/summaryView.html: 45
MEDIUM Client_Potential_XSS /CommonExtensions/Platform/DiagnosticsHub/EdgeWebViews/summaryView.html: 41
MEDIUM Client_Potential_XSS /CommonExtensions/Platform/Shell/ExtensionManagerWindowResources/Webviews/node_modules/dompurify/purify.js: 1187
MEDIUM Client_Potential_XSS /PrivateAssemblies/plugin.vs.v2.js: 2210
MEDIUM Client_Potential_XSS /PrivateAssemblies/plugin.vs.v2.js: 2210
MEDIUM Client_Potential_XSS /CommonExtensions/Microsoft/ClientDiagnostics/AppResponsiveness/View/DiagnosticsCommon/Bpt.Diagnostics.CommonMerged.js: 1295
MEDIUM Client_Potential_XSS /CommonExtensions/Platform/DiagnosticsHub/WebViews/Scripts/knockout-3.4.0.js: 22
MEDIUM Client_Potential_XSS /CommonExtensions/Platform/DiagnosticsHub/EdgeWebViews/scripts/knockout-3.4.0.js: 22
MEDIUM Client_Potential_XSS /CommonExtensions/Platform/Debugger/WebViews/Knockout/knockout-3.4.0.js: 22
MEDIUM Client_Potential_XSS /CommonExtensions/Microsoft/IceCap/WebViews/Scripts/knockout-3.4.0.js: 22
MEDIUM Client_Potential_XSS /CommonExtensions/Platform/Debugger/WebViews/BptDiagnosticCommon/JSTreeDynamicGridControl.js: 2672
MEDIUM Cxb90148b9-bcbe Npm-knockout-3.4.0
MEDIUM Dangerous_Functions /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/pydevd_attach_to_process/windows/py_win_helpers.hpp: 9
MEDIUM Dangerous_Functions /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/pydevd_attach_to_process/common/py_version.hpp: 66
MEDIUM Dangerous_Functions /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/pydevd_attach_to_process/common/py_version.hpp: 54
MEDIUM Hardcoded_Password_in_Connection_String /Extensions/Microsoft/Python/Core/visualstudio_py_testlauncher.py: 237
MEDIUM Hardcoded_Password_in_Connection_String /Extensions/Microsoft/Python/Core/visualstudio_py_testlauncher.py: 237
MEDIUM MemoryFree_on_StackVariable /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/pydevd_attach_to_process/windows/attach.cpp: 137
MEDIUM Memory_Leak /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/pydevd_attach_to_process/windows/attach.cpp: 185
MEDIUM Memory_Leak /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/pydevd_attach_to_process/common/py_settrace.hpp: 166
MEDIUM Memory_Leak /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/pydevd_attach_to_process/windows/attach.cpp: 170
MEDIUM Object_Access_Violation /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/pydev_run_in_console.py: 106
MEDIUM Object_Access_Violation /Extensions/Microsoft/Python/Core/pylance/dist/scripts/scrape_module.py: 1288
MEDIUM Object_Access_Violation /Extensions/Microsoft/Python/Core/pylance/dist/scripts/scrape_module.py: 1288
MEDIUM Object_Access_Violation /Extensions/Microsoft/Python/Core/ptvsd_repl_launcher.py: 72
MEDIUM Path_Traversal /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/pydevd.py: 3288
MEDIUM Path_Traversal /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/pydevd.py: 3288
MEDIUM Path_Traversal /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/setup_pydevd_cython.py: 30
MEDIUM Path_Traversal /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/setup_pydevd_cython.py: 30
MEDIUM Path_Traversal /Extensions/Microsoft/Python/Core/debugpy/adapter/__main__.py: 227
MEDIUM Path_Traversal /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/pydev_run_in_console.py: 106
MEDIUM Path_Traversal /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/pydev_coverage.py: 38
MEDIUM Path_Traversal /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/pydev_coverage.py: 38
MEDIUM Path_Traversal /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/pydev_run_in_console.py: 106
MEDIUM Path_Traversal /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/setup_pydevd_cython.py: 30
MEDIUM Path_Traversal /Extensions/Microsoft/Python/Core/testlauncher.py: 44
MEDIUM Path_Traversal /Extensions/Microsoft/Python/Core/testlauncher.py: 44
MEDIUM Path_Traversal

More results are available on AST platform