Code Security Report

Scan Metadata

Latest Scan: 2024-02-21 07:54pm Total Findings: 31 | New Findings: 0 | Resolved Findings: 0 Tested Project Files: 428 Detected Programming Languages: 2 (Java, JavaScript / TypeScript)

[x] Check this box to manually trigger a scan

Most Relevant Findings

The list below presents the 10 most relevant findings that need your attention. To view information on the remaining findings, navigate to the Mend Application.

Severity	Vulnerability Type	CWE	File	Data Flows	Date
High	SQL Injection	[CWE-89](https://cwe.mitre.org/data/definitions/89.html)	[SqlInjectionLesson5b.java:86](https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java#L86)	1	2024-02-09 08:58pm
Vulnerable Code https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java#L81-L86 1 Data Flow/s detected https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java#L55 https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java#L58 https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java#L61 https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java#L62 https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java#L65 https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java#L65 https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java#L86

High	SQL Injection	[CWE-89](https://cwe.mitre.org/data/definitions/89.html)	[Servers.java:72](https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/Servers.java#L72)	1	2024-02-09 08:58pm
Vulnerable Code https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/Servers.java#L67-L72 1 Data Flow/s detected https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/Servers.java#L67 https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/Servers.java#L73 https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/Servers.java#L72

High	SQL Injection	[CWE-89](https://cwe.mitre.org/data/definitions/89.html)	[SqlInjectionLesson9.java:76](https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java#L76)	1	2024-01-08 08:42pm
Vulnerable Code https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java#L71-L76 1 Data Flow/s detected https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java#L60 https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java#L61 https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java#L64 https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java#L67 https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java#L75 https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java#L147 https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java#L75 https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java#L76

High	SQL Injection	[CWE-89](https://cwe.mitre.org/data/definitions/89.html)	[SqlInjectionLesson8.java:78](https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java#L78)	1	2024-01-08 08:42pm
Vulnerable Code https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java#L73-L78 1 Data Flow/s detected https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java#L59 https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java#L60 https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java#L63 https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java#L66 https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java#L77 https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java#L147 https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java#L77 https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java#L78

High	SQL Injection	[CWE-89](https://cwe.mitre.org/data/definitions/89.html)	[SqlInjectionLesson5a.java:67](https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java#L67)	1	2024-01-08 08:42pm
Vulnerable Code https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java#L62-L67 1 Data Flow/s detected https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java#L54 https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java#L56 https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java#L56 https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java#L59 https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java#L63 https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java#L67

High	SQL Injection	[CWE-89](https://cwe.mitre.org/data/definitions/89.html)	[SqlInjectionLesson10.java:71](https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java#L71)	1	2024-01-08 08:42pm
Vulnerable Code https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java#L66-L71 1 Data Flow/s detected https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java#L58 https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java#L59 https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java#L62 https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java#L64 https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java#L71

High	SQL Injection	[CWE-89](https://cwe.mitre.org/data/definitions/89.html)	[SqlInjectionLesson2.java:65](https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java#L65)	1	2024-01-08 08:42pm
Vulnerable Code https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java#L60-L65 1 Data Flow/s detected https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java#L58 https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java#L59 https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java#L62 https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java#L65

High	SQL Injection	[CWE-89](https://cwe.mitre.org/data/definitions/89.html)	[SqlInjectionLesson5.java:80](https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java#L80)	1	2024-01-08 08:42pm
Vulnerable Code https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java#L75-L80 1 Data Flow/s detected https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java#L70 https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java#L72 https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java#L75 https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java#L80

High	SQL Injection	[CWE-89](https://cwe.mitre.org/data/definitions/89.html)	[SqlInjectionLesson4.java:62](https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java#L62)	1	2024-01-08 08:42pm
Vulnerable Code https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java#L57-L62 1 Data Flow/s detected https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java#L54 https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java#L55 https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java#L58 https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java#L62

High	SQL Injection	[CWE-89](https://cwe.mitre.org/data/definitions/89.html)	[SqlInjectionLesson3.java:63](https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java#L63)	1	2024-01-08 08:42pm
Vulnerable Code https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java#L58-L63 1 Data Flow/s detected https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java#L53 https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java#L54 https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java#L57 https://github.com/tonifdemocorp1-Mend/WebGoat/blob/e2231890c4ede093fb244cafaae79c2a085770f8/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java#L63

Findings Overview

Severity	Vulnerability Type	CWE	Language	Count
High	Path/Directory Traversal	CWE-22	Java*	6
High	SQL Injection	CWE-89	Java*	14
High	Deserialization of Untrusted Data	CWE-502	Java*	1
High	Server Side Request Forgery	CWE-918	Java*	2
Medium	Error Messages Information Exposure	CWE-209	Java*	4
Medium	XML External Entity (XXE) Injection	CWE-611	Java*	1
Low	System Properties Disclosure	CWE-497	Java*	1
Low	Weak Hash Strength	CWE-328	Java*	1
Low	Log Forging	CWE-117	Java*	1

tonifdemocorp1-Mend / WebGoat

Code Security Report: 23 high severity findings, 31 total findings #31

Code Security Report

Scan Metadata

Most Relevant Findings

Findings Overview