search

wasptree / verademo

A deliberately insecure Java web application
MIT License
1 stars 1 forks source link

Please sir, merge my code. #599

Closed wasptree closed 2 years ago

github-actions[bot] commented 2 years ago



Scan Summary:
PIPELINE_SCAN_VERSION: 22.9.0-0
DEV-STAGE: DEVELOPMENT
SCAN_ID: d91552c3-c026-4fdc-901d-5fc107aded37
SCAN_STATUS: SUCCESS
SCAN_MESSAGE: Scan successful. Results size: 346353 bytes
====================
Analysis Successful.
====================

===================
Analyzed 2 modules.
===================
verademo.war
JS files within verademo.war

====================
Analyzed 159 issues.
====================

details


-------------------------------------
Found 2 issues of Very High severity.
-------------------------------------
CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection'): WEB-INF/views/login.jsp:33
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'): com/veracode/verademo/controller/ToolsController.java:94
----------------------------------
Found 2 issues of Medium severity.
----------------------------------
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): com/veracode/verademo/controller/UserController.java:263
CWE-117: Improper Output Neutralization for Logs: com/veracode/verademo/controller/BlabController.java:559
**
Total flaws found: 159, New flaws found: 4 as compared to baseline
**

========================
FAILURE: Found 4 issues!
========================