Code Security Report

Scan Metadata

Latest Scan: 2024-01-24 01:15pm Total Findings: 27 | New Findings: 1 | Resolved Findings: 1 Tested Project Files: 102 Detected Programming Languages: 1 (Java*)

[ ] Check this box to manually trigger a scan

Most Relevant Findings

The list below presents the 10 most relevant findings that need your attention. To view information on the remaining findings, navigate to the Mend Application.

Severity	Vulnerability Type	CWE	File	Data Flows	Date
High	Expression Language Injection	[CWE-917](https://cwe.mitre.org/data/definitions/917.html)	[OGNLExpressionInjectionServlet.java:35](https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/OGNLExpressionInjectionServlet.java#L35)	1	2023-11-20 12:40pm
Vulnerable Code https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/OGNLExpressionInjectionServlet.java#L30-L35 1 Data Flow/s detected https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/OGNLExpressionInjectionServlet.java#L31 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/OGNLExpressionInjectionServlet.java#L34 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/OGNLExpressionInjectionServlet.java#L34 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/OGNLExpressionInjectionServlet.java#L34 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/OGNLExpressionInjectionServlet.java#L34 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/OGNLExpressionInjectionServlet.java#L35 Secure Code Warrior Training Material ● Videos ● Further Reading ▪ [OWASP Top Ten Proactive Controls 2018 C5: Validate All Inputs](https://owasp.org/www-project-proactive-controls/v3/en/c5-validate-inputs) ▪ [OWASP Injection Prevention Cheat Sheet in Java](https://cheatsheetseries.owasp.org/cheatsheets/Injection_Prevention_in_Java_Cheat_Sheet.html) ▪ [OWASP Input Validation Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html) ▪ [OWASP Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP Top Ten 2021 A03: Injection](https://owasp.org/Top10/A03_2021-Injection/)

High	Path/Directory Traversal	[CWE-22](https://cwe.mitre.org/data/definitions/22.html)	[NullByteInjectionServlet.java:47](https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/NullByteInjectionServlet.java#L47)	1	2023-11-20 12:40pm
Vulnerable Code https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/NullByteInjectionServlet.java#L42-L47 1 Data Flow/s detected https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/NullByteInjectionServlet.java#L35 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/NullByteInjectionServlet.java#L40 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/NullByteInjectionServlet.java#L40 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/NullByteInjectionServlet.java#L46 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/NullByteInjectionServlet.java#L46 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/NullByteInjectionServlet.java#L46 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/NullByteInjectionServlet.java#L47 Secure Code Warrior Training Material ● Training ▪ [Secure Code Warrior Path/Directory Traversal Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/pathtraversal/java/vanilla) ● Videos ▪ [Secure Code Warrior Path/Directory Traversal Video](https://media.securecodewarrior.com/v2/module_196_path_traversal.mp4) ● Further Reading ▪ [OWASP Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal) ▪ [OWASP Input Validation Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html)

High	SQL Injection	[CWE-89](https://cwe.mitre.org/data/definitions/89.html)	[SQLInjectionServlet.java:69](https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java#L69)	1	2024-01-24 01:15pm
Vulnerable Code https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java#L64-L69 1 Data Flow/s detected https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java#L27 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java#L27 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java#L27 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java#L45 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java#L60 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java#L69 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java#L69 Secure Code Warrior Training Material ● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)

High	Server Side Request Forgery	[CWE-918](https://cwe.mitre.org/data/definitions/918.html)	[NetworkSocketLeakServlet.java:34](https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/troubles/NetworkSocketLeakServlet.java#L34)	1	2023-11-20 12:40pm
Vulnerable Code https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/troubles/NetworkSocketLeakServlet.java#L29-L34 1 Data Flow/s detected https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/troubles/NetworkSocketLeakServlet.java#L27 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/troubles/NetworkSocketLeakServlet.java#L31 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/troubles/NetworkSocketLeakServlet.java#L31 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/troubles/NetworkSocketLeakServlet.java#L34 Secure Code Warrior Training Material ● Training ▪ [Secure Code Warrior Server Side Request Forgery Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/ssrf/generic/java/vanilla) ● Videos ▪ [Secure Code Warrior Server Side Request Forgery Video](https://media.securecodewarrior.com/v2/module_125_server_side_request_forgery.mp4)

High	Cross-Site Scripting	[CWE-79](https://cwe.mitre.org/data/definitions/79.html)	[AbstractServlet.java:94](https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L94)	12	2024-01-23 09:35am
Vulnerable Code https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L89-L94 12 Data Flow/s detected View Data Flow 1 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/troubles/TruncationErrorServlet.java#L21 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/troubles/TruncationErrorServlet.java#L31 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/troubles/TruncationErrorServlet.java#L30 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/troubles/TruncationErrorServlet.java#L44 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/troubles/TruncationErrorServlet.java#L44 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/troubles/TruncationErrorServlet.java#L44 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L31 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L94 View Data Flow 2 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/troubles/NetworkSocketLeakServlet.java#L27 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/troubles/NetworkSocketLeakServlet.java#L42 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/troubles/NetworkSocketLeakServlet.java#L42 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/troubles/NetworkSocketLeakServlet.java#L54 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/troubles/NetworkSocketLeakServlet.java#L54 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/troubles/NetworkSocketLeakServlet.java#L54 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L31 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L94 View Data Flow 3 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/troubles/RoundOffErrorServlet.java#L22 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/troubles/RoundOffErrorServlet.java#L30 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/troubles/RoundOffErrorServlet.java#L30 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/troubles/RoundOffErrorServlet.java#L43 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/troubles/RoundOffErrorServlet.java#L43 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/troubles/RoundOffErrorServlet.java#L43 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L31 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java#L94 [View more Data Flows](https://saas-eu.mend.io/app/orgs/Luke%20Brogan%20Demo%20-%20Github.com/scans/3163f33f-7e1b-43bd-9f69-ea12fc670eba/sast?project=184c80da-2b50-46d2-84ad-7bc36845e5db?vulnId=de2d0766-36d7-4a89-a73f-817e5d1742f5&filtered=yes) Secure Code Warrior Training Material ● Training ▪ [Secure Code Warrior Cross-Site Scripting Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/xss/reflected/java/vanilla) ● Videos ▪ [Secure Code Warrior Cross-Site Scripting Video](https://media.securecodewarrior.com/v2/module_73_reflected_cross_site_scripting.mp4)

High	Path/Directory Traversal	[CWE-22](https://cwe.mitre.org/data/definitions/22.html)	[UnrestrictedSizeUploadServlet.java:114](https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L114)	1	2023-11-20 12:40pm
Vulnerable Code https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L109-L114 1 Data Flow/s detected https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L70 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L71 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L56 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L71 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L84 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L84 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L84 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L84 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L84 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L84 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L111 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L114 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L114 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L114 Secure Code Warrior Training Material ● Training ▪ [Secure Code Warrior Path/Directory Traversal Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/pathtraversal/java/vanilla) ● Videos ▪ [Secure Code Warrior Path/Directory Traversal Video](https://media.securecodewarrior.com/v2/module_196_path_traversal.mp4) ● Further Reading ▪ [OWASP Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal) ▪ [OWASP Input Validation Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html)

High	Path/Directory Traversal	[CWE-22](https://cwe.mitre.org/data/definitions/22.html)	[UnrestrictedExtensionUploadServlet.java:135](https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L135)	1	2023-11-20 12:40pm
Vulnerable Code https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L130-L135 1 Data Flow/s detected https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L69 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L76 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L56 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L76 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L84 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L84 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L84 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L84 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L84 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L84 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L106 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L135 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L135 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L135 Secure Code Warrior Training Material ● Training ▪ [Secure Code Warrior Path/Directory Traversal Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/pathtraversal/java/vanilla) ● Videos ▪ [Secure Code Warrior Path/Directory Traversal Video](https://media.securecodewarrior.com/v2/module_196_path_traversal.mp4) ● Further Reading ▪ [OWASP Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal) ▪ [OWASP Input Validation Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html)

High	Path/Directory Traversal	[CWE-22](https://cwe.mitre.org/data/definitions/22.html)	[UnrestrictedExtensionUploadServlet.java:110](https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L110)	1	2023-11-20 12:40pm
Vulnerable Code https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L105-L110 1 Data Flow/s detected https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L69 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L76 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L56 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L76 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L84 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L84 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L84 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L84 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L84 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L84 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L106 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L110 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L110 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L110 Secure Code Warrior Training Material ● Training ▪ [Secure Code Warrior Path/Directory Traversal Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/pathtraversal/java/vanilla) ● Videos ▪ [Secure Code Warrior Path/Directory Traversal Video](https://media.securecodewarrior.com/v2/module_196_path_traversal.mp4) ● Further Reading ▪ [OWASP Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal) ▪ [OWASP Input Validation Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html)

High	Path/Directory Traversal	[CWE-22](https://cwe.mitre.org/data/definitions/22.html)	[MultiPartFileUtils.java:33](https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L33)	3	2023-11-20 12:40pm
Vulnerable Code https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L28-L33 3 Data Flow/s detected View Data Flow 1 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/XEEandXXEServlet.java#L141 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/XEEandXXEServlet.java#L148 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L56 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/XEEandXXEServlet.java#L148 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/XEEandXXEServlet.java#L157 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L28 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L33 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L33 View Data Flow 2 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L70 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L71 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L56 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L71 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L80 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L28 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L33 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L33 View Data Flow 3 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L69 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L76 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L56 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L76 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L81 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L28 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L33 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L33 Secure Code Warrior Training Material ● Training ▪ [Secure Code Warrior Path/Directory Traversal Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/pathtraversal/java/vanilla) ● Videos ▪ [Secure Code Warrior Path/Directory Traversal Video](https://media.securecodewarrior.com/v2/module_196_path_traversal.mp4) ● Further Reading ▪ [OWASP Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal) ▪ [OWASP Input Validation Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html)

High	Path/Directory Traversal	[CWE-22](https://cwe.mitre.org/data/definitions/22.html)	[MailHeaderInjectionServlet.java:138](https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/MailHeaderInjectionServlet.java#L138)	1	2023-11-20 12:40pm
Vulnerable Code https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/MailHeaderInjectionServlet.java#L133-L138 1 Data Flow/s detected https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/MailHeaderInjectionServlet.java#L125 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/MailHeaderInjectionServlet.java#L125 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/MailHeaderInjectionServlet.java#L125 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/MailHeaderInjectionServlet.java#L125 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/MailHeaderInjectionServlet.java#L125 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/MailHeaderInjectionServlet.java#L127 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L56 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/MailHeaderInjectionServlet.java#L127 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/MailHeaderInjectionServlet.java#L133 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/MailHeaderInjectionServlet.java#L133 https://github.com/lukebrogan-mend/easybuggy/blob/c4a81118f8c194d225bd99f3717a749d341711bc/src/main/java/org/t246osslab/easybuggy/vulnerabilities/MailHeaderInjectionServlet.java#L138 Secure Code Warrior Training Material ● Training ▪ [Secure Code Warrior Path/Directory Traversal Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/pathtraversal/java/vanilla) ● Videos ▪ [Secure Code Warrior Path/Directory Traversal Video](https://media.securecodewarrior.com/v2/module_196_path_traversal.mp4) ● Further Reading ▪ [OWASP Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal) ▪ [OWASP Input Validation Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html)

Findings Overview

Severity	Vulnerability Type	CWE	Language	Count
High	Cross-Site Scripting	CWE-79	Java*	1
High	Path/Directory Traversal	CWE-22	Java*	7
High	Expression Language Injection	CWE-917	Java*	1
High	Code Injection	CWE-94	Java*	1
High	SQL Injection	CWE-89	Java*	1
High	Server Side Request Forgery	CWE-918	Java*	1
Medium	Trust Boundary Violation	CWE-501	Java*	5
Medium	Readline Denial of Service	CWE-400	Java*	1
Medium	Error Messages Information Exposure	CWE-209	Java*	1
Medium	XML External Entity (XXE) Injection	CWE-611	Java*	1
Medium	Insufficient Transport Layer Protection	CWE-319	Java*	1
Low	Log Forging	CWE-117	Java*	1
Low	HTTP Header Injection	CWE-113	Java*	1
Low	Unvalidated/Open Redirect	CWE-601	Java*	4

lukebrogan-mend / easybuggy

Code Security Report: 12 high severity findings, 27 total findings #43

Code Security Report

Scan Metadata

Most Relevant Findings

Findings Overview