Skip to content

Code Security Report: 22 high severity findings, 937 total findings #87

New issue
New issue
Open
Open
Code Security Report: 22 high severity findings, 937 total findings#87
Labels
Mend: code security findingsCode security findings detected by Mend
@mend-for-github-com

Description

@mend-for-github-com
mend-for-github-com
bot
opened on Jun 26, 2023

Code Security Report

Scan Metadata

Latest Scan: 2023-07-11 12:12pm
Total Findings: 937 | New Findings: 0 | Resolved Findings: 0
Tested Project Files: 588
Detected Programming Languages: 3 (JavaScript / Node.js, Android Java, C/C++ (Beta))

  • Check this box to manually trigger a scan

Most Relevant Findings

The below list presents the 10 most relevant findings that need your attention. To view information on the remaining findings, navigate to the Mend SAST Application.

SeverityVulnerability TypeCWEFileData FlowsDate
HighExternal Data In SQL Queries

CWE-89

mProvider.java:62

12023-06-26 03:15pm
More info

SecurityShepherd/src/MobileShepherd/CProviderLeakage1/app/src/main/java/com/app/module/mProvider.java

Lines 57 to 62 in cc1ee60

}
@Override
public Cursor query(Uri uri, String[] projection, String selection, String[] selectionArgs, String sortOrder) {
// Used to create a SQL query
SQLiteQueryBuilder queryBuilder = new SQLiteQueryBuilder();

1 Data Flow/s detected
View Data Flow 1

SecurityShepherd/src/MobileShepherd/CProviderLeakage1/app/src/main/java/com/app/module/mProvider.java

Line 62 in cc1ee60

SQLiteQueryBuilder queryBuilder = new SQLiteQueryBuilder();

HighExternal Data In SQL Queries

CWE-89

SecretProvider.java:62

12023-06-26 03:15pm
More info

SecurityShepherd/src/MobileShepherd/MobileShepherd/app/src/main/java/com/mobshep/mobileshepherd/SecretProvider.java

Lines 57 to 62 in cc1ee60

}
@Override
public Cursor query(Uri uri, String[] projection, String selection, String[] selectionArgs, String sortOrder) {
// Used to create a SQL query
SQLiteQueryBuilder queryBuilder = new SQLiteQueryBuilder();

1 Data Flow/s detected
View Data Flow 1

SecurityShepherd/src/MobileShepherd/MobileShepherd/app/src/main/java/com/mobshep/mobileshepherd/SecretProvider.java

Line 62 in cc1ee60

SQLiteQueryBuilder queryBuilder = new SQLiteQueryBuilder();

HighExternal Data In SQL Queries

CWE-89

SecretProvider.java:62

12023-06-26 03:15pm
More info

SecurityShepherd/src/MobileShepherd/CProviderLeakage/app/src/main/java/com/somewhere/hidden/SecretProvider.java

Lines 57 to 62 in cc1ee60

}
@Override
public Cursor query(Uri uri, String[] projection, String selection, String[] selectionArgs, String sortOrder) {
// Used to create a SQL query
SQLiteQueryBuilder queryBuilder = new SQLiteQueryBuilder();

1 Data Flow/s detected
View Data Flow 1

SecurityShepherd/src/MobileShepherd/CProviderLeakage/app/src/main/java/com/somewhere/hidden/SecretProvider.java

Line 62 in cc1ee60

SQLiteQueryBuilder queryBuilder = new SQLiteQueryBuilder();

HighExternal Data In SQL Queries

CWE-89

Insecure_Data_Storage.java:83

12023-06-26 03:15pm
More info

SecurityShepherd/src/MobileShepherd/MobileShepherd/app/src/main/java/com/mobshep/mobileshepherd/Insecure_Data_Storage.java

Lines 78 to 83 in cc1ee60

public void createDatabase() {
try {
String path = DB_PATH + DB_NAME;
Members = this.openOrCreateDatabase(path, MODE_PRIVATE, null);
Members.execSQL("CREATE TABLE IF NOT EXISTS Members " +

1 Data Flow/s detected
View Data Flow 1

SecurityShepherd/src/MobileShepherd/MobileShepherd/app/src/main/java/com/mobshep/mobileshepherd/Insecure_Data_Storage.java

Line 83 in cc1ee60

Members.execSQL("CREATE TABLE IF NOT EXISTS Members " +

HighExternal Data In SQL Queries

CWE-89

Insecure_Data_Storage2.java:89

12023-06-26 03:15pm
More info

SecurityShepherd/src/MobileShepherd/MobileShepherd/app/src/main/java/com/mobshep/mobileshepherd/Insecure_Data_Storage2.java

Lines 84 to 89 in cc1ee60

public void createDatabase() {
try {
String path = DB_PATH + DB_NAME;
passwordDB = this.openOrCreateDatabase(path, MODE_PRIVATE, null);
passwordDB.execSQL("CREATE TABLE IF NOT EXISTS passwordDB " +

1 Data Flow/s detected
View Data Flow 1

SecurityShepherd/src/MobileShepherd/MobileShepherd/app/src/main/java/com/mobshep/mobileshepherd/Insecure_Data_Storage2.java

Line 89 in cc1ee60

passwordDB.execSQL("CREATE TABLE IF NOT EXISTS passwordDB " +

HighExternal Data In SQL Queries

CWE-89

Insecure_Data_Storage1.java:95

12023-06-26 03:15pm
More info

SecurityShepherd/src/MobileShepherd/MobileShepherd/app/src/main/java/com/mobshep/mobileshepherd/Insecure_Data_Storage1.java

Lines 90 to 95 in cc1ee60

public void createDatabase() {
try {
String path = DB_PATH + DB_NAME;
Users = this.openOrCreateDatabase(path, MODE_PRIVATE, null);
Users.execSQL("CREATE TABLE IF NOT EXISTS Users " +

1 Data Flow/s detected
View Data Flow 1

SecurityShepherd/src/MobileShepherd/MobileShepherd/app/src/main/java/com/mobshep/mobileshepherd/Insecure_Data_Storage1.java

Line 95 in cc1ee60

Users.execSQL("CREATE TABLE IF NOT EXISTS Users " +

HighExternal Data In SQL Queries

CWE-89

mProvider.java:186

12023-06-26 03:15pm
More info

SecurityShepherd/src/MobileShepherd/CProviderLeakage1/app/src/main/java/com/app/module/mProvider.java

Lines 181 to 186 in cc1ee60

}
// Recreates the table when the database needs to be upgraded
@Override
public void onUpgrade(SQLiteDatabase sqlDB, int oldVersion, int newVersion) {
sqlDB.execSQL("DROP TABLE IF EXISTS " + TABLE_NAME);

1 Data Flow/s detected
View Data Flow 1

SecurityShepherd/src/MobileShepherd/CProviderLeakage1/app/src/main/java/com/app/module/mProvider.java

Line 186 in cc1ee60

sqlDB.execSQL("DROP TABLE IF EXISTS " + TABLE_NAME);

HighExternal Data In SQL Queries

CWE-89

SessionProvider.java:220

12023-06-26 03:15pm
More info

SecurityShepherd/src/MobileShepherd/ShepherdLogin/app/src/main/java/com/mobshep/shepherdlogin/SessionProvider.java

Lines 215 to 220 in cc1ee60

}
// Recreates the table when the database needs to be upgraded
@Override
public void onUpgrade(SQLiteDatabase sqlDB, int oldVersion, int newVersion) {
sqlDB.execSQL("DROP TABLE IF EXISTS " + TABLE_NAME);

1 Data Flow/s detected
View Data Flow 1

SecurityShepherd/src/MobileShepherd/ShepherdLogin/app/src/main/java/com/mobshep/shepherdlogin/SessionProvider.java

Line 220 in cc1ee60

sqlDB.execSQL("DROP TABLE IF EXISTS " + TABLE_NAME);

HighExternal Data In SQL Queries

CWE-89

Insecure_Data_Storage1.java:52

12023-06-26 03:15pm
More info

SecurityShepherd/src/MobileShepherd/InsecureData1/app/src/main/java/com/mobshep/insecuredata1/Insecure_Data_Storage1.java

Lines 47 to 52 in cc1ee60

}
public void createDatabase() {
try {
Users = this.openOrCreateDatabase("Users", MODE_PRIVATE, null);
Users.execSQL("CREATE TABLE IF NOT EXISTS Users " +

1 Data Flow/s detected
View Data Flow 1

SecurityShepherd/src/MobileShepherd/InsecureData1/app/src/main/java/com/mobshep/insecuredata1/Insecure_Data_Storage1.java

Line 52 in cc1ee60

Users.execSQL("CREATE TABLE IF NOT EXISTS Users " +

HighExternal Data In SQL Queries

CWE-89

Insecure_Data_Storage.java:52

12023-06-26 03:15pm
More info

SecurityShepherd/src/MobileShepherd/InsecureData/app/src/main/java/com/mobshep/insecuredata/Insecure_Data_Storage.java

Lines 47 to 52 in cc1ee60

}
public void createDatabase() {
try {
Members = this.openOrCreateDatabase("Members", MODE_PRIVATE, null);
Members.execSQL("CREATE TABLE IF NOT EXISTS Members " +

1 Data Flow/s detected
View Data Flow 1

SecurityShepherd/src/MobileShepherd/InsecureData/app/src/main/java/com/mobshep/insecuredata/Insecure_Data_Storage.java

Line 52 in cc1ee60

Members.execSQL("CREATE TABLE IF NOT EXISTS Members " +

Findings Overview

Severity Vulnerability Type CWE Language Count
High External Data In SQL Queries CWE-89 Android Java 15
High DOM Based Cross-Site Scripting CWE-79 JavaScript / Node.js 3
High Arbitrary Code Injection CWE-94 Android Java 4
Medium Miscellaneous Dangerous Functions CWE-676 Android Java 409
Medium Log Messages CWE-209 Android Java 64
Medium Heap Inspection CWE-244 Android Java 145
Medium Hardcoded Password/Credentials CWE-798 Android Java 11
Medium Location Information CWE-200 Android Java 2
Medium Intents Usage CWE-926 Android Java 102
Medium Shared Preferences Usage CWE-200 Android Java 3
Medium Insecure Data Storage CWE-200 Android Java 8
Medium Insufficient Transport Layer Protection CWE-319 Android Java 106
Low External URL Access Android Java 16
Low Log Forging CWE-117 JavaScript / Node.js 2
Low Weak Encryption Strength CWE-326 Android Java 23
Low Application Configuration CWE-16 Android Java 24

Metadata

Metadata

Assignees

No one assigned

    Labels

    Mend: code security findingsCode security findings detected by Mend

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions