Code Security Report

Scan Metadata

Latest Scan: 2023-08-10 10:07am Total Findings: 29 | New Findings: 0 | Resolved Findings: 0 Tested Project Files: 92 Detected Programming Languages: 3 (Java, Python, JavaScript / Node.js)

[ ] Check this box to manually trigger a scan

Most Relevant Findings

The below list presents the 10 most relevant findings that need your attention. To view information on the remaining findings, navigate to the Mend SAST Application.

Severity	Vulnerability Type	CWE	File	Data Flows	Date
High	File Manipulation	[CWE-73](https://cwe.mitre.org/data/definitions/73.html)	[Todo.java:104](https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/todolist-goof/todolist-core/src/main/java/io/github/todolist/core/domain/Todo.java#L104)	4	2023-08-10 09:56am
More info https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/todolist-goof/todolist-core/src/main/java/io/github/todolist/core/domain/Todo.java#L99-L104 4 Data Flow/s detected View Data Flow 1 https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/todolist-goof/todolist-core/src/main/java/io/github/todolist/core/domain/Todo.java#L104 View Data Flow 2 https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/todolist-goof/todolist-core/src/main/java/io/github/todolist/core/domain/Todo.java#L120 https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/todolist-goof/todolist-core/src/main/java/io/github/todolist/core/domain/Todo.java#L87 https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/todolist-goof/todolist-core/src/main/java/io/github/todolist/core/domain/Todo.java#L87 https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/todolist-goof/todolist-core/src/main/java/io/github/todolist/core/domain/Todo.java#L89 https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/todolist-goof/todolist-core/src/main/java/io/github/todolist/core/domain/Todo.java#L104 View Data Flow 3 https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/todolist-goof/todolist-core/src/main/java/io/github/todolist/core/domain/Todo.java#L110 https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/todolist-goof/todolist-core/src/main/java/io/github/todolist/core/domain/Todo.java#L110 https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/todolist-goof/todolist-core/src/main/java/io/github/todolist/core/domain/Todo.java#L113 https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/todolist-goof/todolist-core/src/main/java/io/github/todolist/core/domain/Todo.java#L87 https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/todolist-goof/todolist-core/src/main/java/io/github/todolist/core/domain/Todo.java#L89 https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/todolist-goof/todolist-core/src/main/java/io/github/todolist/core/domain/Todo.java#L104 [View more Data Flows](https://saas.whitesourcesoftware.com/sast/#/scans/4d1959b0-9fe4-4046-8d21-ec68361e0f91/details?vulnId=25f78006-7a0a-4078-882b-db5faa974dd6&filtered=yes)
High	Path/Directory Traversal	[CWE-22](https://cwe.mitre.org/data/definitions/22.html)	[Server.java:88](https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/log4shell-goof/log4shell-server/src/main/java/Server.java#L88)	2	2023-08-10 09:56am
More info https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/log4shell-goof/log4shell-server/src/main/java/Server.java#L83-L88 2 Data Flow/s detected View Data Flow 1 https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/log4shell-goof/log4shell-server/src/main/java/Server.java#L45 https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/log4shell-goof/log4shell-server/src/main/java/Server.java#L45 https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/log4shell-goof/log4shell-server/src/main/java/Server.java#L88 View Data Flow 2 https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/log4shell-goof/log4shell-server/src/main/java/Server.java#L43 https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/log4shell-goof/log4shell-server/src/main/java/Server.java#L45 https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/log4shell-goof/log4shell-server/src/main/java/Server.java#L88
Medium	Console Output	[CWE-209](https://cwe.mitre.org/data/definitions/209.html)	[Todo.java:112](https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/todolist-goof/todolist-core/src/main/java/io/github/todolist/core/domain/Todo.java#L112)	9	2023-08-10 09:56am
More info https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/todolist-goof/todolist-core/src/main/java/io/github/todolist/core/domain/Todo.java#L107-L112 9 Data Flow/s detected View Data Flow 1 https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/todolist-goof/todolist-core/src/main/java/io/github/todolist/core/domain/Todo.java#L110 https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/todolist-goof/todolist-core/src/main/java/io/github/todolist/core/domain/Todo.java#L110 https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/todolist-goof/todolist-core/src/main/java/io/github/todolist/core/domain/Todo.java#L112 View Data Flow 2 https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/todolist-goof/todolist-core/src/main/java/io/github/todolist/core/domain/Todo.java#L110 https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/todolist-goof/todolist-core/src/main/java/io/github/todolist/core/domain/Todo.java#L110 https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/todolist-goof/todolist-core/src/main/java/io/github/todolist/core/domain/Todo.java#L112 View Data Flow 3 https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/todolist-goof/todolist-core/src/main/java/io/github/todolist/core/domain/Todo.java#L110 https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/todolist-goof/todolist-core/src/main/java/io/github/todolist/core/domain/Todo.java#L110 https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/todolist-goof/todolist-core/src/main/java/io/github/todolist/core/domain/Todo.java#L112 [View more Data Flows](https://saas.whitesourcesoftware.com/sast/#/scans/4d1959b0-9fe4-4046-8d21-ec68361e0f91/details?vulnId=eea8150b-f6b5-4c98-af81-935077db052b&filtered=yes)
Medium	Error Messages Information Exposure	[CWE-209](https://cwe.mitre.org/data/definitions/209.html)	[Server.java:117](https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/log4shell-goof/log4shell-server/src/main/java/Server.java#L117)	1	2023-08-10 09:56am
More info https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/log4shell-goof/log4shell-server/src/main/java/Server.java#L112-L117 1 Data Flow/s detected View Data Flow 1 https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/log4shell-goof/log4shell-server/src/main/java/Server.java#L117
Medium	Error Messages Information Exposure	[CWE-209](https://cwe.mitre.org/data/definitions/209.html)	[Todo.java:118](https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/todolist-goof/todolist-core/src/main/java/io/github/todolist/core/domain/Todo.java#L118)	1	2023-08-10 09:56am
More info https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/todolist-goof/todolist-core/src/main/java/io/github/todolist/core/domain/Todo.java#L113-L118 1 Data Flow/s detected View Data Flow 1 https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/todolist-goof/todolist-core/src/main/java/io/github/todolist/core/domain/Todo.java#L118
Medium	Hidden HTML Input	[CWE-472](https://cwe.mitre.org/data/definitions/472.html)	[updateTodo.html:139](https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/todolist-goof/src/site/template/updateTodo.html#L139)	1	2023-08-10 09:56am
More info https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/todolist-goof/src/site/template/updateTodo.html#L134-L139 1 Data Flow/s detected View Data Flow 1 https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/todolist-goof/src/site/template/updateTodo.html#L139
Medium	Hidden HTML Input	[CWE-472](https://cwe.mitre.org/data/definitions/472.html)	[home.html:393](https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/todolist-goof/src/site/template/home.html#L393)	1	2023-08-10 09:56am
More info https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/todolist-goof/src/site/template/home.html#L388-L393 1 Data Flow/s detected View Data Flow 1 https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/todolist-goof/src/site/template/home.html#L393
Medium	Hidden HTML Input	[CWE-472](https://cwe.mitre.org/data/definitions/472.html)	[home.html:243](https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/todolist-goof/src/site/template/home.html#L243)	1	2023-08-10 09:56am
More info https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/todolist-goof/src/site/template/home.html#L238-L243 1 Data Flow/s detected View Data Flow 1 https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/todolist-goof/src/site/template/home.html#L243
Medium	Hidden HTML Input	[CWE-472](https://cwe.mitre.org/data/definitions/472.html)	[searchTodo.html:217](https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/todolist-goof/src/site/template/searchTodo.html#L217)	1	2023-08-10 09:56am
More info https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/todolist-goof/src/site/template/searchTodo.html#L212-L217 1 Data Flow/s detected View Data Flow 1 https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/todolist-goof/src/site/template/searchTodo.html#L217
Medium	Hidden HTML Input	[CWE-472](https://cwe.mitre.org/data/definitions/472.html)	[searchTodo.html:124](https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/todolist-goof/src/site/template/searchTodo.html#L124)	1	2023-08-10 09:56am
More info https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/todolist-goof/src/site/template/searchTodo.html#L119-L124 1 Data Flow/s detected View Data Flow 1 https://github.com/vital-ws/java-goof/blob/6d18f600fc449d4b0010f9f00d93b25cf90244ed/todolist-goof/src/site/template/searchTodo.html#L124

Findings Overview

Severity	Vulnerability Type	CWE	Language	Count
High	Path/Directory Traversal	CWE-22	Java	1
High	File Manipulation	CWE-73	Java	1
Medium	Error Messages Information Exposure	CWE-209	Java	2
Medium	Hardcoded Password/Credentials	CWE-798	JavaScript / Node.js	6
Medium	Hidden HTML Input	CWE-472	Python	15
Medium	Heap Inspection	CWE-244	Java	2
Medium	Console Output	CWE-209	Java	1
Low	Log Forging	CWE-117	Java	1

vital-ws / java-goof

Code Security Report: 2 high severity findings, 29 total findings #106

Code Security Report

Scan Metadata

Most Relevant Findings

Findings Overview