Code Security Report: 1 high severity findings, 6 total findings [vp-rem]

[mend-developer-platform-dev]

Code Security Report

Scan Metadata

Latest Scan: 2025-09-17 08:00AM
Total Findings: 6 | New Findings: 0 | Resolved Findings: 0
Tested Project Files: 32
Detected Programming Languages: 1 (Java*)

Most Relevant Findings

The list below presents the 6 most relevant findings that need your attention.

Severity	Vulnerability Type	CWE	File	Data Flows	Detected	Violated Workflows	Violation Priority	Violation SLA
High	Path/Directory Traversal	CWE-22	FileUploadController.java:63	1	2025-09-17 08:00AM	Code Test	HIGH	2025-10-17
Vulnerable Code vprofile-project3/src/main/java/com/visualpathit/account/controller/FileUploadController.java Lines 59 to 68 in f20a973 user.setProfileImgPath(serverFile.getAbsolutePath()); userService.save(user); BufferedOutputStream stream = new BufferedOutputStream( new FileOutputStream(serverFile)); stream.write(bytes); stream.close(); logger.info("Server File Location=" + serverFile.getAbsolutePath()); Data Flows (1 detected) vprofile-project3/src/main/java/com/visualpathit/account/controller/FileUploadController.java Line 38 in f20a973 String uploadFileHandler(@RequestParam("name") String name,@RequestParam("userName") String userName, vprofile-project3/src/main/java/com/visualpathit/account/controller/FileUploadController.java Line 54 in f20a973 File serverFile = new File(dir.getAbsolutePath() vprofile-project3/src/main/java/com/visualpathit/account/controller/FileUploadController.java Line 63 in f20a973 new FileOutputStream(serverFile)); vprofile-project3/src/main/java/com/visualpathit/account/controller/FileUploadController.java Line 38 in f20a973 String uploadFileHandler(@RequestParam("name") String name,@RequestParam("userName") String userName, vprofile-project3/src/main/java/com/visualpathit/account/controller/FileUploadController.java Line 54 in f20a973 File serverFile = new File(dir.getAbsolutePath() vprofile-project3/src/main/java/com/visualpathit/account/controller/FileUploadController.java Line 63 in f20a973 new FileOutputStream(serverFile)); Secure Code Warrior Training Material 🎓 Training Secure Code Warrior Path/Directory Traversal Training 📺 Videos Secure Code Warrior Path/Directory Traversal Video 📚 Further Reading OWASP Input Validation Cheat Sheet OWASP Path Traversal
Medium	Error Messages Information Exposure	CWE-209	ElasticsearchUtil.java:44	1	2025-09-17 08:00AM
Vulnerable Code https://github.com/amaybaum-dev/vprofile-project3/blob/f20a9732d324ab43455db3e23a304fc8df0108ac/src/main/java/com/visualpathit/account/utils/ElasticsearchUtil.java#L40-L49 Data Flows (1 detected) vprofile-project3/src/main/java/com/visualpathit/account/utils/ElasticsearchUtil.java Line 44 in f20a973 e.printStackTrace(); vprofile-project3/src/main/java/com/visualpathit/account/utils/ElasticsearchUtil.java Line 44 in f20a973 e.printStackTrace(); Secure Code Warrior Training Material 🎓 Training Secure Code Warrior Error Messages Information Exposure Training 📺 Videos Secure Code Warrior Error Messages Information Exposure Video
Medium	Error Messages Information Exposure	CWE-209	FileUploadController.java:72	1	2025-09-17 08:00AM
Vulnerable Code vprofile-project3/src/main/java/com/visualpathit/account/controller/FileUploadController.java Lines 68 to 77 in f20a973 + serverFile.getAbsolutePath()); return "You successfully uploaded file=" + name +".png"; } catch (Exception e) { return "You failed to upload " + name +".png" + " => " + e.getMessage(); } } else { return "You failed to upload " + name +".png" + " because the file was empty."; } Data Flows (1 detected) vprofile-project3/src/main/java/com/visualpathit/account/controller/FileUploadController.java Line 72 in f20a973 return "You failed to upload " + name +".png" + " => " + e.getMessage(); vprofile-project3/src/main/java/com/visualpathit/account/controller/FileUploadController.java Line 72 in f20a973 return "You failed to upload " + name +".png" + " => " + e.getMessage(); Secure Code Warrior Training Material 🎓 Training Secure Code Warrior Error Messages Information Exposure Training 📺 Videos Secure Code Warrior Error Messages Information Exposure Video
Medium	Error Messages Information Exposure	CWE-209	ProducerServiceImpl.java:49	1	2025-09-17 08:00AM
Vulnerable Code vprofile-project3/src/main/java/com/visualpathit/account/service/ProducerServiceImpl.java Lines 45 to 54 in f20a973 channel.close(); connection.close(); } catch (IOException io) { System.out.println("IOException"); io.printStackTrace(); } catch (TimeoutException toe) { System.out.println("TimeoutException : " + toe.getMessage()); toe.printStackTrace(); } return "response"; Data Flows (1 detected) vprofile-project3/src/main/java/com/visualpathit/account/service/ProducerServiceImpl.java Line 49 in f20a973 io.printStackTrace(); vprofile-project3/src/main/java/com/visualpathit/account/service/ProducerServiceImpl.java Line 49 in f20a973 io.printStackTrace(); Secure Code Warrior Training Material 🎓 Training Secure Code Warrior Error Messages Information Exposure Training 📺 Videos Secure Code Warrior Error Messages Information Exposure Video
Medium	Error Messages Information Exposure	CWE-209	ProducerServiceImpl.java:52	1	2025-09-17 08:00AM
Vulnerable Code https://github.com/amaybaum-dev/vprofile-project3/blob/f20a9732d324ab43455db3e23a304fc8df0108ac/src/main/java/com/visualpathit/account/service/ProducerServiceImpl.java#L48-L57 Data Flows (1 detected) vprofile-project3/src/main/java/com/visualpathit/account/service/ProducerServiceImpl.java Line 52 in f20a973 toe.printStackTrace(); vprofile-project3/src/main/java/com/visualpathit/account/service/ProducerServiceImpl.java Line 52 in f20a973 toe.printStackTrace(); Secure Code Warrior Training Material 🎓 Training Secure Code Warrior Error Messages Information Exposure Training 📺 Videos Secure Code Warrior Error Messages Information Exposure Video
Low	Log Forging	CWE-117	FileUploadController.java:67	1	2025-09-17 08:00AM
Vulnerable Code vprofile-project3/src/main/java/com/visualpathit/account/controller/FileUploadController.java Lines 63 to 72 in f20a973 new FileOutputStream(serverFile)); stream.write(bytes); stream.close(); logger.info("Server File Location=" + serverFile.getAbsolutePath()); return "You successfully uploaded file=" + name +".png"; } catch (Exception e) { return "You failed to upload " + name +".png" + " => " + e.getMessage(); Data Flows (1 detected) vprofile-project3/src/main/java/com/visualpathit/account/controller/FileUploadController.java Line 38 in f20a973 String uploadFileHandler(@RequestParam("name") String name,@RequestParam("userName") String userName, vprofile-project3/src/main/java/com/visualpathit/account/controller/FileUploadController.java Line 54 in f20a973 File serverFile = new File(dir.getAbsolutePath() vprofile-project3/src/main/java/com/visualpathit/account/controller/FileUploadController.java Line 68 in f20a973 + serverFile.getAbsolutePath()); vprofile-project3/src/main/java/com/visualpathit/account/controller/FileUploadController.java Line 67 in f20a973 logger.info("Server File Location=" vprofile-project3/src/main/java/com/visualpathit/account/controller/FileUploadController.java Line 38 in f20a973 String uploadFileHandler(@RequestParam("name") String name,@RequestParam("userName") String userName, vprofile-project3/src/main/java/com/visualpathit/account/controller/FileUploadController.java Line 54 in f20a973 File serverFile = new File(dir.getAbsolutePath() vprofile-project3/src/main/java/com/visualpathit/account/controller/FileUploadController.java Line 68 in f20a973 + serverFile.getAbsolutePath()); vprofile-project3/src/main/java/com/visualpathit/account/controller/FileUploadController.java Line 67 in f20a973 logger.info("Server File Location=" Secure Code Warrior Training Material 🎓 Training Secure Code Warrior Log Forging Training 📺 Videos Secure Code Warrior Log Forging Video 📚 Further Reading OWASP Log Forging

Findings Overview

Severity	Vulnerability Type	CWE	Language	Count
High	Path/Directory Traversal	CWE-22	Java*	1
Medium	Error Messages Information Exposure	CWE-209	Java*	4
Low	Log Forging	CWE-117	Java*	1