Update checkmarx-ast-cli binaries with 2.3.15 #405

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merged

cx-ben-alvo merged 2 commits into main from feature/update_cli

Feb 26, 2025

Contributor

cx-pedro-lopes commented Feb 26, 2025

Updates checkmarx-ast-cli to 2.3.15

Auto-generated by [create-pull-request][2]

github-actions and others added 2 commits

February 26, 2025 08:32


          Track Checkmarx CLI binaries with Git LFS

b58404d


          Update checkmarx-ast-cli to 2.3.15

1a097f9

cx-pedro-lopes requested a review from cx-daniel-greenspan as a code owner

February 26, 2025 08:33

cx-pedro-lopes added the cxone label

cx-pedro-lopes requested a review from cx-ben-alvo as a code owner

February 26, 2025 08:33

cx-pedro-lopes force-pushed the feature/update_cli branch from d137e53 to 1a097f9 Compare

February 26, 2025 08:33

github-actions bot added the feature label

cx-ben-alvo approved these changes

View reviewed changes

Collaborator

cx-ben-alvo commented Feb 26, 2025 •

edited by cx-rami-gerassi

Loading

Checkmarx One – Scan Summary & Details – c1cb75c9-4d71-4c33-ae55-91c471b0767a

New Issues (28)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	Input_Path_Not_Canonicalized	/src/main/java/com/checkmarx/ast/wrapper/Execution.java: 112	details Method executeCommand at line 112 of /src/main/java/com/checkmarx/ast/wrapper/Execution.java gets dynamic data from the get element. This element’s... Attack Vector
	Stored_Command_Injection	/src/test/resources/python-vul-file.py: 56	details The application's do_GET method calls an OS (shell) command with program, at line 57 of /src/test/resources/python-vul-file.py, using an untrusted ... Attack Vector
	Stored_Command_Injection	/src/main/java/com/checkmarx/ast/wrapper/Execution.java: 112	details The application's buildProcess method calls an OS (shell) command with start, at line 148 of /src/main/java/com/checkmarx/ast/wrapper/Execution.jav... Attack Vector
	Incorrect_Permission_Assignment_For_File_System_Resources	/src/test/java/com/checkmarx/ast/RemediationTest.java: 12	details A file is created on the file system by path in /src/test/java/com/checkmarx/ast/RemediationTest.java at line 12 with potentially dangerous permiss... Attack Vector
	Incorrect_Permission_Assignment_For_File_System_Resources	/src/main/java/com/checkmarx/ast/wrapper/Execution.java: 189	details A file is created on the file system by destination in /src/main/java/com/checkmarx/ast/wrapper/Execution.java at line 189 with potentially dangero... Attack Vector
	Incorrect_Permission_Assignment_For_File_System_Resources	/src/main/java/com/checkmarx/ast/wrapper/Execution.java: 110	details A file is created on the file system by outputFile in /src/main/java/com/checkmarx/ast/wrapper/Execution.java at line 110 with potentially dangerou... Attack Vector
	Information_Exposure_Through_an_Error_Message	/src/main/java/com/checkmarx/ast/results/result/Node.java: 79	details Method parse, at line 79 of /src/main/java/com/checkmarx/ast/results/result/Node.java, handles an Exception or runtime Error e. During the exceptio... Attack Vector
	Information_Exposure_Through_an_Error_Message	/src/main/java/com/checkmarx/ast/predicate/Predicate.java: 68	details Method parse, at line 68 of /src/main/java/com/checkmarx/ast/predicate/Predicate.java, handles an Exception or runtime Error e. During the exceptio... Attack Vector
	Information_Exposure_Through_an_Error_Message	/src/main/java/com/checkmarx/ast/learnMore/LearnMore.java: 62	details Method parse, at line 62 of /src/main/java/com/checkmarx/ast/learnMore/LearnMore.java, handles an Exception or runtime Error e. During the exceptio... Attack Vector
	Information_Exposure_Through_an_Error_Message	/src/main/java/com/checkmarx/ast/codebashing/CodeBashing.java: 57	details Method parse, at line 57 of /src/main/java/com/checkmarx/ast/codebashing/CodeBashing.java, handles an Exception or runtime Error e. During the exce... Attack Vector
	Information_Exposure_Through_an_Error_Message	/src/main/java/com/checkmarx/ast/kicsRealtimeResults/KicsRealtimeResults.java: 49	details Method parse, at line 49 of /src/main/java/com/checkmarx/ast/kicsRealtimeResults/KicsRealtimeResults.java, handles an Exception or runtime Error e.... Attack Vector
	Information_Exposure_Through_an_Error_Message	/src/main/java/com/checkmarx/ast/remediation/KicsRemediation.java: 41	details Method parse, at line 41 of /src/main/java/com/checkmarx/ast/remediation/KicsRemediation.java, handles an Exception or runtime Error e. During the ... Attack Vector
	Information_Exposure_Through_an_Error_Message	/src/main/java/com/checkmarx/ast/utils/JsonParser.java: 17	details Method parse, at line 17 of /src/main/java/com/checkmarx/ast/utils/JsonParser.java, handles an Exception or runtime Error e. During the exception h... Attack Vector
	Information_Exposure_Through_an_Error_Message	/src/test/resources/python-vul-file.py: 71	details Method do_GET, at line 71 of /src/test/resources/python-vul-file.py, handles an Exception or runtime Error ex. During the exception handling code, ... Attack Vector
	Information_Exposure_Through_an_Error_Message	/src/test/resources/python-vul-file.py: 72	details Method do_GET, at line 72 of /src/test/resources/python-vul-file.py, handles an Exception or runtime Error format_exc. During the exception handlin... Attack Vector
	Reversible_One_Way_Hash	/src/main/java/com/checkmarx/ast/wrapper/Execution.java: 38	details The application is using a weak hashing primitive getInstance, in /src/main/java/com/checkmarx/ast/wrapper/Execution.java at line 209 Attack Vector
	Stored_Code_Injection	/src/test/resources/python-vul-file.py: 56	details The application's do_GET method receives and dynamically executes user-controlled code using exec, at line 57 of /src/test/resources/python-vul-fil... Attack Vector
	Stored_Log_Forging	/src/main/java/com/checkmarx/ast/wrapper/Execution.java: 59	details Method executeCommand at line 59 of /src/main/java/com/checkmarx/ast/wrapper/Execution.java gets user input from element readLine. This element’s v... Attack Vector
	Stored_Log_Forging	/src/main/java/com/checkmarx/ast/wrapper/Execution.java: 112	details Method executeCommand at line 112 of /src/main/java/com/checkmarx/ast/wrapper/Execution.java gets user input from element readAllBytes. This elemen... Attack Vector
	Stored_Log_Forging	/src/main/java/com/checkmarx/ast/wrapper/Execution.java: 59	details Method executeCommand at line 59 of /src/main/java/com/checkmarx/ast/wrapper/Execution.java gets user input from element readLine. This element’s v... Attack Vector
	Stored_Log_Forging	/src/main/java/com/checkmarx/ast/wrapper/Execution.java: 59	details Method executeCommand at line 59 of /src/main/java/com/checkmarx/ast/wrapper/Execution.java gets user input from element readLine. This element’s v... Attack Vector
	Stored_Log_Forging	/src/main/java/com/checkmarx/ast/wrapper/Execution.java: 59	details Method executeCommand at line 59 of /src/main/java/com/checkmarx/ast/wrapper/Execution.java gets user input from element readLine. This element’s v... Attack Vector
	Stored_Log_Forging	/src/main/java/com/checkmarx/ast/wrapper/Execution.java: 59	details Method executeCommand at line 59 of /src/main/java/com/checkmarx/ast/wrapper/Execution.java gets user input from element readLine. This element’s v... Attack Vector
	Stored_Log_Forging	/src/main/java/com/checkmarx/ast/wrapper/Execution.java: 59	details Method executeCommand at line 59 of /src/main/java/com/checkmarx/ast/wrapper/Execution.java gets user input from element readLine. This element’s v... Attack Vector
	Stored_Log_Forging	/src/main/java/com/checkmarx/ast/wrapper/Execution.java: 112	details Method executeCommand at line 112 of /src/main/java/com/checkmarx/ast/wrapper/Execution.java gets user input from element readAllBytes. This elemen... Attack Vector
	Stored_Log_Forging	/src/main/java/com/checkmarx/ast/wrapper/Execution.java: 59	details Method executeCommand at line 59 of /src/main/java/com/checkmarx/ast/wrapper/Execution.java gets user input from element readLine. This element’s v... Attack Vector
	Stored_Log_Forging	/src/main/java/com/checkmarx/ast/wrapper/Execution.java: 112	details Method executeCommand at line 112 of /src/main/java/com/checkmarx/ast/wrapper/Execution.java gets user input from element readAllBytes. This elemen... Attack Vector
	Stored_Log_Forging	/src/main/java/com/checkmarx/ast/wrapper/Execution.java: 100	details Method executeCommand at line 100 of /src/main/java/com/checkmarx/ast/wrapper/Execution.java gets user input from element readLine. This element’s ... Attack Vector

Fixed Issues (3)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	~~Missing_HSTS_Header~~	/src/test/resources/python-vul-file.py: 76
	~~Missing_HSTS_Header~~	/src/test/resources/python-vul-file.py: 76
	~~Missing_HSTS_Header~~	/src/test/resources/python-vul-file.py: 76

cx-ben-alvo merged commit 2b6cf21 into main

5 checks passed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels