search

julz0815 / test-action

0 stars 1 forks source link

Update README.md #829

Closed julz0815 closed 5 months ago

github-actions[bot] commented 5 months ago 
Veracode Container/IaC/Sercets Scan Summary


details

Vulnerabilities
NAME                           INSTALLED        FIXED-IN        TYPE          VULNERABILITY        SEVERITY 
commons-collections4           4.0              4.1             java-archive  GHSA-fjq5-5j5f-mvxh  Critical  
commons-collections4           4.0              4.1             java-archive  GHSA-6hgm-866r-3cjv  High      
commons-fileupload             1.3.2            1.5             java-archive  GHSA-hfrx-6qgj-fp6c  High      
commons-fileupload             1.3.2            1.3.3           java-archive  GHSA-7x9j-7223-rg5m  Critical  
commons-io                     2.4              2.7             java-archive  GHSA-gwrp-pvrq-jmwv  Medium    
jbcrypt                        0.3m             0.4             java-archive  GHSA-9h6p-92jq-888x  Medium    
keycloak-saml-core             1.8.1.Final      18.0.0          java-archive  GHSA-4pc7-vqv5-5r3v  High      
log4j                          1.2.17                           java-archive  GHSA-w9p3-5cr8-m3jj  High      
log4j                          1.2.17                           java-archive  GHSA-65fg-84f6-3jq3  Critical  
log4j                          1.2.17                           java-archive  GHSA-f7vh-qwp3-x37m  Critical  
log4j                          1.2.17                           java-archive  GHSA-fp5r-v3w9-4333  High      
log4j                          1.2.17                           java-archive  GHSA-2qrg-x229-3v8q  Critical  
org.apache.sling.api           2.0.2-incubator  2.4.0           java-archive  GHSA-cxwh-vmhg-39r2  Medium    
org.apache.sling.api           2.0.2-incubator  2.2.2           java-archive  GHSA-rxvx-44w5-44r7  Medium    
org.apache.sling.api           2.0.2-incubator                  java-archive  GHSA-qmx3-m648-hr74  Medium    
org.apache.sling.commons.json  2.0.4-incubator                  java-archive  GHSA-8j28-34qq-gmch  Critical  
plexus-archiver                1.0-alpha-3      3.6.0           java-archive  GHSA-hcxq-x77q-3469  Medium    
plexus-archiver                1.0-alpha-3      4.8.0           java-archive  GHSA-wh3p-fphp-9h2m  High      
plexus-utils                   1.0.4            3.0.16          java-archive  GHSA-8vhq-qq4p-grq3  Critical  
plexus-utils                   1.0.4            3.0.24          java-archive  GHSA-jcwr-x25h-x5fh  Medium    
plexus-utils                   1.0.4            3.0.24          java-archive  GHSA-g6ph-x5wf-g337  High      
spring-context                 4.3.10.RELEASE   5.2.21          java-archive  GHSA-g5mm-vmx4-3rg7  High      
spring-core                    4.3.10.RELEASE   4.3.20          java-archive  GHSA-ffvq-7w96-97p7  High      
spring-core                    4.3.10.RELEASE   4.3.15          java-archive  GHSA-4487-x383-qpph  High      
spring-core                    4.3.10.RELEASE   4.3.17          java-archive  GHSA-rcpf-vj53-7h2m  Medium    
spring-core                    4.3.10.RELEASE   4.3.16          java-archive  GHSA-3rmv-2pg5-xvqj  Critical  
spring-core                    4.3.10.RELEASE   4.3.15          java-archive  GHSA-g8hw-794c-4j9g  Medium    
spring-core                    4.3.10.RELEASE   4.3.16          java-archive  GHSA-p5hg-3xm3-gcjg  Critical  
spring-core                    4.3.10.RELEASE   4.3.14          java-archive  GHSA-v596-fwhq-8x48  Medium    
spring-core                    4.3.10.RELEASE   4.3.18          java-archive  GHSA-f26x-pr96-vw86  Medium    
spring-web                     4.3.10.RELEASE                   java-archive  GHSA-ccgv-vj62-xf9h  High      
spring-web                     4.3.10.RELEASE   4.3.18          java-archive  GHSA-9gcm-f4x3-8jpw  Medium    
spring-web                     4.3.10.RELEASE   5.3.33          java-archive  GHSA-hgjh-9rj2-g67j  High      
spring-web                     4.3.10.RELEASE   6.0.0           java-archive  GHSA-4wrc-f8pq-fpqp  Critical  
spring-webmvc                  4.3.10.RELEASE   5.2.20.RELEASE  java-archive  GHSA-36p3-wjmg-h94x  Critical  
xmlsec                         1.5.1            1.5.5           java-archive  GHSA-r237-w2w6-jq3p  Medium    
xmlsec                         1.5.1            1.5.3           java-archive  GHSA-8gwc-x7mg-7p7p  Medium    
xmlsec                         1.5.1            1.5.6           java-archive  GHSA-4p4w-6h54-g885  Medium    
xmlsec                         1.5.1            2.2.6           java-archive  GHSA-xfrj-6vvc-3xm2  Medium    
xmlsec                         1.5.1            2.1.7           java-archive  GHSA-j8wc-gxx9-82hx  High      

No misconfigurations found

No secrets found

Policy Results
TYPE            MESSAGE                                                    
Vulnerability   Found Critical software vulnerability: GHSA-2qrg-x229-3v8q  
Vulnerability   Found Critical software vulnerability: GHSA-36p3-wjmg-h94x  
Vulnerability   Found Critical software vulnerability: GHSA-3rmv-2pg5-xvqj  
Vulnerability   Found Critical software vulnerability: GHSA-4wrc-f8pq-fpqp  
Vulnerability   Found Critical software vulnerability: GHSA-65fg-84f6-3jq3  
Vulnerability   Found Critical software vulnerability: GHSA-7x9j-7223-rg5m  
Vulnerability   Found Critical software vulnerability: GHSA-8j28-34qq-gmch  
Vulnerability   Found Critical software vulnerability: GHSA-8vhq-qq4p-grq3  
Vulnerability   Found Critical software vulnerability: GHSA-f7vh-qwp3-x37m  
Vulnerability   Found Critical software vulnerability: GHSA-fjq5-5j5f-mvxh  
Vulnerability   Found Critical software vulnerability: GHSA-p5hg-3xm3-gcjg  
Vulnerability   Found High software vulnerability: GHSA-4487-x383-qpph      
Vulnerability   Found High software vulnerability: GHSA-4pc7-vqv5-5r3v      
Vulnerability   Found High software vulnerability: GHSA-6hgm-866r-3cjv      
Vulnerability   Found High software vulnerability: GHSA-ccgv-vj62-xf9h      
Vulnerability   Found High software vulnerability: GHSA-ffvq-7w96-97p7      
Vulnerability   Found High software vulnerability: GHSA-fp5r-v3w9-4333      
Vulnerability   Found High software vulnerability: GHSA-g5mm-vmx4-3rg7      
Vulnerability   Found High software vulnerability: GHSA-g6ph-x5wf-g337      
Vulnerability   Found High software vulnerability: GHSA-hfrx-6qgj-fp6c      
Vulnerability   Found High software vulnerability: GHSA-hgjh-9rj2-g67j      
Vulnerability   Found High software vulnerability: GHSA-j8wc-gxx9-82hx      
Vulnerability   Found High software vulnerability: GHSA-w9p3-5cr8-m3jj      
Vulnerability   Found High software vulnerability: GHSA-wh3p-fphp-9h2m      

Policy Passed = false
github-actions[bot] commented 5 months ago



Scan Summary:
PIPELINE_SCAN_VERSION: 24.3.0-0
DEV-STAGE: DEVELOPMENT
SCAN_ID: 9deacf5e-a915-4792-98c0-a9c3c6b9eac5
SCAN_STATUS: SUCCESS
SCAN_MESSAGE: Scan successful. Results size: 411846 bytes
====================
Analysis Successful.
====================

==========================
Found 2 Scannable modules.
==========================
verademo.war
JS files within verademo.war

===================
Analyzed 2 modules.
===================
verademo.war
JS files within verademo.war

====================
Analyzed 186 issues.
====================

details


-------------------------------------
Found 5 issues of Very High severity.
-------------------------------------
CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection'): WEB-INF/views/login.jsp:33
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'): com/veracode/verademo/controller/ToolsController.java:56
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'): com/veracode/verademo/controller/ToolsController.java:59
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'): com/veracode/verademo/controller/ToolsController.java:91
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'): com/veracode/verademo/controller/ToolsController.java:94
---------------------------------
Found 14 issues of High severity.
---------------------------------
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/controller/UserController.java:166
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/controller/UserController.java:251
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/controller/UserController.java:316
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/controller/UserController.java:384
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/controller/UserController.java:495
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/controller/UserController.java:506
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/controller/BlabController.java:490
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/commands/RemoveAccountCommand.java:40
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/commands/RemoveAccountCommand.java:47
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/commands/RemoveAccountCommand.java:51
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/commands/ListenCommand.java:40
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/commands/ListenCommand.java:47
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/commands/IgnoreCommand.java:40
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/commands/IgnoreCommand.java:47
---------------------------------------
Skipping 119 issues of Medium severity.
---------------------------------------
-----------------------------------
Skipping 30 issues of Low severity.
-----------------------------------
---------------------------------------------
Skipping 18 issues of Informational severity.
---------------------------------------------


=========================
FAILURE: Found 19 issues!
=========================

github-actions[bot] commented 5 months ago



Scan Summary:
PIPELINE_SCAN_VERSION: 24.3.0-0
DEV-STAGE: DEVELOPMENT
SCAN_ID: 34aaaade-b151-44db-ac48-7146557f2df0
SCAN_STATUS: SUCCESS
SCAN_MESSAGE: Scan successful. Results size: 411846 bytes
====================
Analysis Successful.
====================

==========================
Found 2 Scannable modules.
==========================
verademo.war
JS files within verademo.war

===================
Analyzed 2 modules.
===================
verademo.war
JS files within verademo.war

====================
Analyzed 186 issues.
====================

details


-------------------------------------
Found 5 issues of Very High severity.
-------------------------------------
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'): com/veracode/verademo/controller/ToolsController.java:56
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'): com/veracode/verademo/controller/ToolsController.java:59
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'): com/veracode/verademo/controller/ToolsController.java:91
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'): com/veracode/verademo/controller/ToolsController.java:94
CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection'): WEB-INF/views/login.jsp:33
---------------------------------
Found 14 issues of High severity.
---------------------------------
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/controller/UserController.java:166
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/controller/UserController.java:251
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/controller/UserController.java:316
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/controller/UserController.java:384
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/controller/UserController.java:495
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/controller/UserController.java:506
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/controller/BlabController.java:490
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/commands/RemoveAccountCommand.java:40
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/commands/RemoveAccountCommand.java:47
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/commands/RemoveAccountCommand.java:51
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/commands/ListenCommand.java:40
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/commands/ListenCommand.java:47
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/commands/IgnoreCommand.java:40
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): com/veracode/verademo/commands/IgnoreCommand.java:47
---------------------------------------
Skipping 119 issues of Medium severity.
---------------------------------------
-----------------------------------
Skipping 30 issues of Low severity.
-----------------------------------
---------------------------------------------
Skipping 18 issues of Informational severity.
---------------------------------------------


=========================
FAILURE: Found 19 issues!
=========================