github-actions[bot]
commented
2 years ago 
Scan Summary:
PIPELINE_SCAN_VERSION: 22.9.0-0
DEV-STAGE: DEVELOPMENT
SCAN_ID: 782c3e4b-4a60-443c-97a6-3cb6fbe7ecf1
SCAN_STATUS: SUCCESS
SCAN_MESSAGE: Scan successful. Results size: 345073 bytes
====================
Analysis Successful.
====================
===================
Analyzed 2 modules.
===================
verademo.war
JS files within verademo.war
====================
Analyzed 158 issues.
====================details
-------------------------------------
Found 4 issues of Very High severity.
-------------------------------------
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'): com/veracode/verademo/controller/ToolsController.java:56
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'): com/veracode/verademo/controller/ToolsController.java:59
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'): com/veracode/verademo/controller/ToolsController.java:91
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'): com/veracode/verademo/controller/ToolsController.java:94
---------------------------------
Found 14 issues of High severity.
---------------------------------
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/controller/UserController.java:166
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/controller/UserController.java:251
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/controller/UserController.java:316
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/controller/UserController.java:384
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/controller/UserController.java:495
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/controller/UserController.java:506
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/controller/BlabController.java:490
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/commands/RemoveAccountCommand.java:40
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/commands/RemoveAccountCommand.java:47
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/commands/RemoveAccountCommand.java:51
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/commands/ListenCommand.java:40
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/commands/ListenCommand.java:47
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/commands/IgnoreCommand.java:40
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/commands/IgnoreCommand.java:47
-----------------------------------
Found 92 issues of Medium severity.
-----------------------------------
CWE-502: Deserialization of Untrusted Data: com/veracode/verademo/utils/UserFactory.java:44
CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting'): com/veracode/verademo/utils/UserFactory.java:96
CWE-327: Use of a Broken or Risky Cryptographic Algorithm: com/veracode/verademo/utils/User.java:103
CWE-259: Use of Hard-coded Password: com/veracode/verademo/utils/Constants.java:1
CWE-259: Use of Hard-coded Password: com/veracode/verademo/utils/Constants.java:14
CWE-601: URL Redirection to Untrusted Site ('Open Redirect'): com/veracode/verademo/controller/UserController.java:82
CWE-601: URL Redirection to Untrusted Site ('Open Redirect'): com/veracode/verademo/controller/UserController.java:95
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/UserController.java:114
CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting'): com/veracode/verademo/controller/UserController.java:173
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/UserController.java:229
CWE-73: External Control of File Name or Path: com/veracode/verademo/controller/UserController.java:230
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/UserController.java:237
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/UserController.java:249
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/UserController.java:255
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): com/veracode/verademo/controller/UserController.java:256
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): com/veracode/verademo/controller/UserController.java:263
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/UserController.java:385
CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection'): com/veracode/verademo/controller/UserController.java:433
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/UserController.java:493
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/UserController.java:504
CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting'): com/veracode/verademo/controller/UserController.java:631
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/UserController.java:658
CWE-73: External Control of File Name or Path: com/veracode/verademo/controller/UserController.java:660
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/UserController.java:694
CWE-73: External Control of File Name or Path: com/veracode/verademo/controller/UserController.java:699
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/UserController.java:708
CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting'): com/veracode/verademo/controller/UserController.java:711
CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting'): com/veracode/verademo/controller/UserController.java:713
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/UserController.java:803
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/UserController.java:859
CWE-73: External Control of File Name or Path: com/veracode/verademo/controller/UserController.java:863
CWE-327: Use of a Broken or Risky Cryptographic Algorithm: com/veracode/verademo/controller/UserController.java:961
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/ResetController.java:109
CWE-331: Insufficient Entropy: com/veracode/verademo/controller/ResetController.java:128
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/ResetController.java:132
CWE-331: Insufficient Entropy: com/veracode/verademo/controller/ResetController.java:153
CWE-331: Insufficient Entropy: com/veracode/verademo/controller/ResetController.java:156
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/ResetController.java:159
CWE-331: Insufficient Entropy: com/veracode/verademo/controller/ResetController.java:179
CWE-331: Insufficient Entropy: com/veracode/verademo/controller/ResetController.java:183
CWE-331: Insufficient Entropy: com/veracode/verademo/controller/ResetController.java:187
CWE-331: Insufficient Entropy: com/veracode/verademo/controller/ResetController.java:191
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/ResetController.java:193
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/ResetController.java:194
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): com/veracode/verademo/controller/BlabController.java:204
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/BlabController.java:486
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/BlabController.java:558
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/BlabController.java:559
CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection'): com/veracode/verademo/controller/BlabController.java:571
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/commands/RemoveAccountCommand.java:39
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/commands/RemoveAccountCommand.java:46
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/commands/RemoveAccountCommand.java:50
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/commands/ListenCommand.java:39
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/commands/ListenCommand.java:46
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/commands/IgnoreCommand.java:39
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/commands/IgnoreCommand.java:46
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/tools.jsp:65
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/tools.jsp:68
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/tools.jsp:78
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/register.jsp:60
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/register.jsp:87
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/register-finish.jsp:60
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/register-finish.jsp:83
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/profile.jsp:63
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/profile.jsp:91
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/profile.jsp:102
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/profile.jsp:111
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/profile.jsp:120
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/profile.jsp:161
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/profile.jsp:164
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/profile.jsp:201
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/login.jsp:58
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/login.jsp:77
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/login.jsp:84
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/feed.jsp:59
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/feed.jsp:70
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/feed.jsp:94
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/feed.jsp:97
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/feed.jsp:99
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/feed.jsp:142
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/blabbers.jsp:66
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/blabbers.jsp:101
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/blabbers.jsp:104
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/blab.jsp:57
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/blab.jsp:61
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/blab.jsp:69
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/blab.jsp:105
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/blab.jsp:109
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/blab.jsp:111
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/profile.jsp:248
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/profile.jsp:253
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/feed.jsp:175
--------------------------------
Found 30 issues of Low severity.
--------------------------------
CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute: com/veracode/verademo/utils/UserFactory.java:96
CWE-245: J2EE Bad Practices: Direct Management of Connections: com/veracode/verademo/controller/UserController.java:157
CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute: com/veracode/verademo/controller/UserController.java:173
CWE-245: J2EE Bad Practices: Direct Management of Connections: com/veracode/verademo/controller/UserController.java:246
CWE-245: J2EE Bad Practices: Direct Management of Connections: com/veracode/verademo/controller/UserController.java:312
CWE-245: J2EE Bad Practices: Direct Management of Connections: com/veracode/verademo/controller/UserController.java:368
CWE-245: J2EE Bad Practices: Direct Management of Connections: com/veracode/verademo/controller/UserController.java:470
CWE-245: J2EE Bad Practices: Direct Management of Connections: com/veracode/verademo/controller/UserController.java:573
CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute: com/veracode/verademo/controller/UserController.java:631
CWE-201: Information Exposure Through Sent Data: com/veracode/verademo/controller/UserController.java:711
CWE-245: J2EE Bad Practices: Direct Management of Connections: com/veracode/verademo/controller/UserController.java:769
CWE-245: J2EE Bad Practices: Direct Management of Connections: com/veracode/verademo/controller/UserController.java:829
CWE-209: Information Exposure Through an Error Message: com/veracode/verademo/controller/UserController.java:949
CWE-201: Information Exposure Through Sent Data: com/veracode/verademo/controller/UserController.java:949
CWE-245: J2EE Bad Practices: Direct Management of Connections: com/veracode/verademo/controller/ResetController.java:101
CWE-245: J2EE Bad Practices: Direct Management of Connections: com/veracode/verademo/controller/ResetController.java:269
CWE-245: J2EE Bad Practices: Direct Management of Connections: com/veracode/verademo/controller/BlabController.java:69
CWE-245: J2EE Bad Practices: Direct Management of Connections: com/veracode/verademo/controller/BlabController.java:182
CWE-245: J2EE Bad Practices: Direct Management of Connections: com/veracode/verademo/controller/BlabController.java:232
CWE-245: J2EE Bad Practices: Direct Management of Connections: com/veracode/verademo/controller/BlabController.java:307
CWE-245: J2EE Bad Practices: Direct Management of Connections: com/veracode/verademo/controller/BlabController.java:400
CWE-245: J2EE Bad Practices: Direct Management of Connections: com/veracode/verademo/controller/BlabController.java:483
CWE-245: J2EE Bad Practices: Direct Management of Connections: com/veracode/verademo/controller/BlabController.java:568
CWE-209: Information Exposure Through an Error Message: WEB-INF/views/register.jsp:60
CWE-209: Information Exposure Through an Error Message: WEB-INF/views/register-finish.jsp:60
CWE-209: Information Exposure Through an Error Message: WEB-INF/views/profile.jsp:63
CWE-209: Information Exposure Through an Error Message: WEB-INF/views/login.jsp:58
CWE-209: Information Exposure Through an Error Message: WEB-INF/views/feed.jsp:70
CWE-209: Information Exposure Through an Error Message: WEB-INF/views/blabbers.jsp:66
CWE-209: Information Exposure Through an Error Message: WEB-INF/views/blab.jsp:69
---------------------------------------------
Skipping 18 issues of Informational severity.
---------------------------------------------
==========================
FAILURE: Found 140 issues!
==========================
Scan Summary:
PIPELINE_SCAN_VERSION: 22.9.0-0
DEV-STAGE: DEVELOPMENT
SCAN_ID: 171e71da-9d61-4bff-be27-0260133ca34a
SCAN_STATUS: SUCCESS
SCAN_MESSAGE: Scan successful. Results size: 345073 bytes
====================
Analysis Successful.
====================
===================
Analyzed 2 modules.
===================
verademo.war
JS files within verademo.war
====================
Analyzed 158 issues.
====================
details
--------------------------
Found 39 issues of CWE 80.
--------------------------
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/profile.jsp:248
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/profile.jsp:253
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/feed.jsp:175
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): com/veracode/verademo/controller/UserController.java:256
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): com/veracode/verademo/controller/UserController.java:263
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): com/veracode/verademo/controller/BlabController.java:204
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/tools.jsp:65
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/tools.jsp:68
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/tools.jsp:78
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/register.jsp:60
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/register.jsp:87
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/register-finish.jsp:60
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/register-finish.jsp:83
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/profile.jsp:63
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/profile.jsp:91
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/profile.jsp:102
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/profile.jsp:111
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/profile.jsp:120
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/profile.jsp:161
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/profile.jsp:164
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/profile.jsp:201
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/login.jsp:58
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/login.jsp:77
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/login.jsp:84
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/feed.jsp:59
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/feed.jsp:70
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/feed.jsp:94
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/feed.jsp:97
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/feed.jsp:99
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/feed.jsp:142
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/blabbers.jsp:66
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/blabbers.jsp:101
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/blabbers.jsp:104
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/blab.jsp:57
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/blab.jsp:61
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/blab.jsp:69
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/blab.jsp:105
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/blab.jsp:109
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): WEB-INF/views/blab.jsp:111
--------------------------
Found 5 issues of CWE 113.
--------------------------
CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting'): com/veracode/verademo/utils/UserFactory.java:96
CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting'): com/veracode/verademo/controller/UserController.java:173
CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting'): com/veracode/verademo/controller/UserController.java:631
CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting'): com/veracode/verademo/controller/UserController.java:711
CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting'): com/veracode/verademo/controller/UserController.java:713
--------------------------
Found 8 issues of CWE 209.
--------------------------
CWE-209: Information Exposure Through an Error Message: com/veracode/verademo/controller/UserController.java:949
CWE-209: Information Exposure Through an Error Message: WEB-INF/views/register.jsp:60
CWE-209: Information Exposure Through an Error Message: WEB-INF/views/register-finish.jsp:60
CWE-209: Information Exposure Through an Error Message: WEB-INF/views/profile.jsp:63
CWE-209: Information Exposure Through an Error Message: WEB-INF/views/login.jsp:58
CWE-209: Information Exposure Through an Error Message: WEB-INF/views/feed.jsp:70
CWE-209: Information Exposure Through an Error Message: WEB-INF/views/blabbers.jsp:66
CWE-209: Information Exposure Through an Error Message: WEB-INF/views/blab.jsp:69
--------------------------
Found 2 issues of CWE 259.
--------------------------
CWE-259: Use of Hard-coded Password: com/veracode/verademo/utils/Constants.java:1
CWE-259: Use of Hard-coded Password: com/veracode/verademo/utils/Constants.java:14
---------------------------
Found 28 issues of CWE 117.
---------------------------
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/UserController.java:114
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/UserController.java:229
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/UserController.java:237
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/UserController.java:249
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/UserController.java:255
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/UserController.java:385
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/UserController.java:493
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/UserController.java:504
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/UserController.java:658
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/UserController.java:694
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/UserController.java:708
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/UserController.java:803
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/UserController.java:859
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/ResetController.java:109
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/ResetController.java:132
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/ResetController.java:159
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/ResetController.java:193
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/ResetController.java:194
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/BlabController.java:486
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/BlabController.java:558
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/BlabController.java:559
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/commands/RemoveAccountCommand.java:39
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/commands/RemoveAccountCommand.java:46
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/commands/RemoveAccountCommand.java:50
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/commands/ListenCommand.java:39
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/commands/ListenCommand.java:46
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/commands/IgnoreCommand.java:39
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/commands/IgnoreCommand.java:46
--------------------------
Found 1 issues of CWE 502.
--------------------------
CWE-502: Deserialization of Untrusted Data: com/veracode/verademo/utils/UserFactory.java:44
--------------------------
Found 3 issues of CWE 614.
--------------------------
CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute: com/veracode/verademo/utils/UserFactory.java:96
CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute: com/veracode/verademo/controller/UserController.java:173
CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute: com/veracode/verademo/controller/UserController.java:631
--------------------------
Found 2 issues of CWE 327.
--------------------------
CWE-327: Use of a Broken or Risky Cryptographic Algorithm: com/veracode/verademo/utils/User.java:103
CWE-327: Use of a Broken or Risky Cryptographic Algorithm: com/veracode/verademo/controller/UserController.java:961
--------------------------
Found 14 issues of CWE 89.
--------------------------
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/controller/UserController.java:166
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/controller/UserController.java:251
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/controller/UserController.java:316
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/controller/UserController.java:384
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/controller/UserController.java:495
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/controller/UserController.java:506
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/controller/BlabController.java:490
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/commands/RemoveAccountCommand.java:40
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/commands/RemoveAccountCommand.java:47
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/commands/RemoveAccountCommand.java:51
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/commands/ListenCommand.java:40
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/commands/ListenCommand.java:47
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/commands/IgnoreCommand.java:40
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/commands/IgnoreCommand.java:47
-------------------------
Found 1 issues of CWE 93.
-------------------------
CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection'): com/veracode/verademo/controller/UserController.java:433
-------------------------
Found 4 issues of CWE 78.
-------------------------
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'): com/veracode/verademo/controller/ToolsController.java:56
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'): com/veracode/verademo/controller/ToolsController.java:59
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'): com/veracode/verademo/controller/ToolsController.java:91
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'): com/veracode/verademo/controller/ToolsController.java:94
--------------------------------------
Skipping 14 issues of Medium severity.
--------------------------------------
-----------------------------------
Skipping 19 issues of Low severity.
-----------------------------------
---------------------------------------------
Skipping 18 issues of Informational severity.
---------------------------------------------
==========================
FAILURE: Found 107 issues!
==========================