Update README.md by olgakil · Pull Request #1 · olgakil/NodeGoat

olgakil · 2021-10-05T06:46:22Z

No description provided.

olgakil · 2021-10-14T08:04:59Z

Checkmarx AST - Scan Summary & Details - 41b74e66-f7e9-4a51-a299-3f951f89002f

CxAST Violation Summary

59 HIGH
29 MEDIUM
27 LOW

CxAST Results

Severity	Issue	File / Package	Scan Engine
HIGH	CVE-2014-10064	Npm-qs-0.6.6	CxSCA
HIGH	CVE-2015-8858	Npm-uglify-js-2.4.24	CxSCA
HIGH	CVE-2016-10540	Npm-minimatch-0.3.0	CxSCA
HIGH	CVE-2016-2515	Npm-hawk-1.0.0	CxSCA
HIGH	CVE-2017-1000048	Npm-qs-0.6.6	CxSCA
HIGH	CVE-2017-15010	Npm-tough-cookie-2.2.2	CxSCA
HIGH	CVE-2017-16042	Npm-growl-1.9.2	CxSCA
HIGH	CVE-2017-16138	Npm-mime-1.2.11	CxSCA
HIGH	CVE-2017-18077	Npm-brace-expansion-1.1.6	CxSCA
HIGH	CVE-2018-1000620	Npm-cryptiles-0.2.2	CxSCA
HIGH	CVE-2018-16487	Npm-lodash-2.4.2	CxSCA
HIGH	CVE-2018-16492	Npm-extend-3.0.0	CxSCA
HIGH	CVE-2018-20834	Npm-tar-2.2.1	CxSCA
HIGH	CVE-2018-3728	Npm-hoek-0.9.1	CxSCA
HIGH	CVE-2018-3737	Npm-sshpk-1.10.1	CxSCA
HIGH	CVE-2019-10744	Npm-lodash-2.4.2	CxSCA
HIGH	CVE-2019-10746	Npm-mixin-deep-1.3.1	CxSCA
HIGH	CVE-2019-10747	Npm-set-value-0.4.3	CxSCA
HIGH	CVE-2019-13173	Npm-fstream-1.0.10	CxSCA
HIGH	CVE-2019-16776	Npm-npm-3.10.10	CxSCA
HIGH	CVE-2019-19919	Npm-handlebars-4.0.5	CxSCA
HIGH	CVE-2019-20149	Npm-kind-of-6.0.2	CxSCA
HIGH	CVE-2020-7610	Npm-bson-1.0.9	CxSCA
HIGH	CVE-2020-7662	Npm-websocket-extensions-0.1.3	CxSCA
HIGH	CVE-2020-7729	Npm-grunt-1.0.3	CxSCA
HIGH	CVE-2020-7774	Npm-y18n-3.2.1	CxSCA
HIGH	CVE-2020-8116	Npm-dot-prop-4.2.0	CxSCA
HIGH	CVE-2020-8203	Npm-lodash-2.4.2	CxSCA
HIGH	Code_Injection	/app/routes/contributions.js: 32, 33, 34	CxSAST
HIGH	Cx19ff021e-0a61	Npm-ms-0.7.1	CxSCA
HIGH	Cx25851531-b11c	Npm-handlebars-4.0.5	CxSCA
HIGH	Cx28d8d81d-c124	Npm-stringstream-0.0.5	CxSCA
HIGH	Cx2d55b83a-7aa0	Npm-braces-1.8.5	CxSCA
HIGH	Cx34952daa-9ece	Npm-brace-expansion-1.1.6	CxSCA
HIGH	Cx3972335c-f90e	Npm-handlebars-4.0.5	CxSCA
HIGH	Cx3ec48c7c-8c0c	Npm-handlebars-4.0.5	CxSCA
HIGH	Cx3f1b0502-ac0d	Npm-console-browserify-1.1.0	CxSCA
HIGH	Cx3f7e7954-ea58	Npm-ms-0.7.1	CxSCA
HIGH	Cx61ff18e9-706e	Npm-utile-0.2.1	CxSCA
HIGH	Cx6f6f1276-7a2e	Npm-tar-2.2.1	CxSCA
HIGH	Cx89601373-08db	Npm-debug-2.6.9	CxSCA
HIGH	Cx8bc4df28-fcf5	Npm-debug-2.6.9	CxSCA
HIGH	Cx9b722ba4-719b	Npm-handlebars-4.0.5	CxSCA
HIGH	Cx9fce0189-774f	Npm-handlebars-4.0.5	CxSCA
HIGH	Cxa8a11659-1098	Npm-tunnel-agent-0.4.3	CxSCA
HIGH	Cxb1cb3481-32bd	Npm-qs-0.6.6	CxSCA
HIGH	Cxb244cccc-f1c7	Npm-ws-1.1.5	CxSCA
HIGH	Cxc6f5432f-0440	Npm-is-my-json-valid-2.15.0	CxSCA
HIGH	Cxcc09496a-59c8	Npm-js-yaml-3.5.5	CxSCA
HIGH	Cxceacc68c-fe31	Npm-cookie-signature-1.0.6	CxSCA
HIGH	Cxd6310b1b-a0d3	Npm-handlebars-4.0.5	CxSCA
HIGH	Cxd6c215a2-86bd	Npm-mongodb-2.2.36	CxSCA
HIGH	Cxd6e8f98a-7605	Npm-handlebars-4.0.5	CxSCA
HIGH	Cxe299c2b0-ccc8	Npm-domutils-1.5.1	CxSCA
HIGH	Cxe578f4ea-ca81	Npm-lodash-2.4.2	CxSCA
HIGH	Cxec49316b-56df	Npm-js-yaml-3.5.5	CxSCA
HIGH	Cxf3872f17-a858	Npm-ws-1.1.5	CxSCA
HIGH	Cxf6e7f2c1-dc59	Npm-yauzl-2.10.0	CxSCA
HIGH	Reflected_XSS	/app/routes/index.js: 87	CxSAST
MEDIUM	CVE-2014-7191	Npm-qs-0.6.6	CxSCA
MEDIUM	CVE-2016-1000232	Npm-tough-cookie-2.2.2	CxSCA
MEDIUM	CVE-2017-16026	Npm-request-2.36.0	CxSCA
MEDIUM	CVE-2017-16028	Npm-randomatic-1.1.5	CxSCA
MEDIUM	CVE-2017-16137	Npm-debug-2.2.0	CxSCA
MEDIUM	CVE-2018-1002204	Npm-adm-zip-0.4.4	CxSCA
MEDIUM	CVE-2018-3721	Npm-lodash-2.4.2	CxSCA
MEDIUM	CVE-2019-1010266	Npm-lodash-2.4.2	CxSCA
MEDIUM	CVE-2019-10795	Npm-undefsafe-2.0.2	CxSCA
MEDIUM	CVE-2019-16775	Npm-npm-3.10.10	CxSCA
MEDIUM	CVE-2019-16777	Npm-npm-3.10.10	CxSCA
MEDIUM	CVE-2019-2391	Npm-bson-1.0.9	CxSCA
MEDIUM	CVE-2020-11119	Npm-debug-2.2.0	CxSCA
MEDIUM	CVE-2020-15095	Npm-npm-3.10.10	CxSCA
MEDIUM	CVE-2020-15366	Npm-ajv-6.11.0	CxSCA
MEDIUM	CVE-2020-7598	Npm-minimist-0.0.10	CxSCA
MEDIUM	CVE-2020-7608	Npm-yargs-parser-2.4.1	CxSCA
MEDIUM	CVE-2020-8244	Npm-bl-1.0.3	CxSCA
MEDIUM	Client_Potential_XSS	/app/assets/vendor/chart/raphael-min.js: 3413	CxSAST
MEDIUM	Client_Privacy_Violation	/artifacts/db-reset.js: 18, 27, 35	CxSAST
MEDIUM	Cx14b19a02-387a	Npm-body-parser-1.19.0	CxSCA
MEDIUM	Cx435a6fda-ca38	Npm-commander-2.8.1	CxSCA
MEDIUM	Cx65603961-769c	Npm-debug-2.6.9	CxSCA
MEDIUM	Cx6b14edb9-2afd	Npm-helmet-csp-1.2.2	CxSCA
MEDIUM	Cx77c0fe72-ea38	Npm-yauzl-2.4.1	CxSCA
MEDIUM	Cxa6b1c6b3-0f59	Npm-http-signature-0.10.1	CxSCA
MEDIUM	Cxee7cbf9f-8b8d	Npm-marked-0.3.9	CxSCA
MEDIUM	NPM Install Command Without Pinned Version	/Dockerfile: 5	CxKICS
MEDIUM	Privacy_Violation	/app/routes/profile.js: 45, 46, 47	CxSAST
LOW	CVE-2017-18869	Npm-chownr-1.0.1	CxSCA
LOW	Chown Flag Exists	/Dockerfile: 13	CxKICS
LOW	Client_JQuery_Deprecated_Symbols	/app/assets/vendor/bootstrap/bootstrap-tour.js: 326, 413, 433, 615	CxSAST
LOW	Client_JQuery_Deprecated_Symbols	/app/assets/vendor/chart/raphael-min.js: 1659, 3380	CxSAST
LOW	Client_JQuery_Deprecated_Symbols	/app/assets/vendor/bootstrap/bootstrap.js: 79, 86, 225, 240, 253, 255, 259, 274, 327, 331, 570, 575, 648, 675, 689	CxSAST
LOW	Client_JQuery_Deprecated_Symbols	/app/assets/vendor/chart/morris-0.4.3.min.js: 41, 44, 46, 49	CxSAST
LOW	Client_Password_In_Comment	/app/data/user-dao.js: 29	CxSAST
LOW	Client_Password_In_Comment	/app/data/profile-dao.js: 32	CxSAST
LOW	Client_Use_Of_Iframe_Without_Sandbox	/app/views/tutorial/ssrf.html: 23	CxSAST
LOW	Cxda14f253-4e52	Npm-bluebird-3.4.7	CxSCA
LOW	Healthcheck Instruction Missing	/Dockerfile: 1	CxKICS
LOW	Log_Forging	/app/routes/session.js: 55	CxSAST
LOW	Open_Redirect	/app/routes/memos.js: 23	CxSAST
LOW	Open_Redirect	/app/routes/profile.js: 50	CxSAST
LOW	Open_Redirect	/app/routes/session.js: 55	CxSAST
LOW	Open_Redirect	/app/routes/contributions.js: 44	CxSAST
LOW	Open_Redirect	/app/routes/allocations.js: 18	CxSAST
LOW	Open_Redirect	/app/routes/index.js: 74, 87	CxSAST
LOW	Unprotected_Cookie	/app/routes/research.js: 18	CxSAST
LOW	Unsafe_Use_Of_Target_blank	/app/views/tutorial/a7.html: 31	CxSAST
LOW	Unsafe_Use_Of_Target_blank	/app/views/tutorial/a1.html: 141, 179	CxSAST
LOW	Unsafe_Use_Of_Target_blank	/app/views/login.html: 46, 79	CxSAST
LOW	Unsafe_Use_Of_Target_blank	/app/views/layout.html: 62	CxSAST
LOW	Unsafe_Use_Of_Target_blank	/app/views/tutorial/a8.html: 59	CxSAST
LOW	Use_Of_Hardcoded_Password	/test/security/profile-test.js: 37	CxSAST
LOW	Use_Of_Hardcoded_Password	/app/routes/session.js: 166, 167	CxSAST
LOW	Use_Of_Hardcoded_Password	/artifacts/db-reset.js: 18, 27, 35	CxSAST

olgakil added 2 commits October 5, 2021 09:46

Update README.md

2792895

Merge branch 'master' into test

65f211d

olgakil closed this Oct 5, 2021

olgakil reopened this Oct 5, 2021

olgakil closed this Oct 6, 2021

olgakil reopened this Oct 6, 2021

olgakil closed this Oct 14, 2021

olgakil reopened this Oct 14, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update README.md#1

Update README.md#1
olgakil wants to merge 2 commits intomasterfrom
test

olgakil commented Oct 5, 2021

Uh oh!

olgakil commented Oct 14, 2021

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

olgakil commented Oct 5, 2021

Uh oh!

olgakil commented Oct 14, 2021

CxAST Violation Summary

CxAST Results

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant