Skip to content

fixed issue with flow state-bn3 #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fixed issue with flow state-bn3 #1

wants to merge 1 commit into from

Conversation

conikeec
Copy link
Owner

No description provided.

@github-actions GitHub Actions
Copy link

Qwiet LogoQwiet Logo

Checking analysis of application shiftleft-java-demo against 1 build rules.

Using sl version 0.9.2497 (0632665920e93cc9bd5b2aa9f1d3709e524cf697).

Checking findings on scan 78.

Results per rule:

  • No critical or high SAST findings: FAIL
    (24 matched vulnerabilities; configured threshold is 0).

    First 5 findings:

         ID   CVSS    Rating    Title                                                                                                               
     1020    9.0   critical   Remote Code Execution: Code Injection Through Attacker-controlled Data via foo in SearchController.doGetSearch  
     1021    9.0   critical   Directory Traversal: Attacker-controlled Data Used in File Path via request in CustomerController.checkCookie   
     1022    9.0   critical   Directory Traversal: Attacker-controlled Data Used in File Path via request in CustomerController.saveSettings  
      804    8.0     high     Cross-Site Scripting: Attacker-Controlled Data Used as HTML Content via foo in SearchController.doGetSearch     
      922    8.0     high     Cross-Site Scripting: Attacker-Controlled Data Used as HTML Content via phoneNumber in CustomerController.debug 
     Severity rating   Count 
     Critical              3 
     High                 21 
     Medium                0 
     Low                   0 
     Category                Count 
     Sensitive Data Leak        12 
     Cross-Site Scripting        8 
     Directory Traversal         2 
     Remote Code Execution       1 
     Deserialization             1 
     OWASP 2021 Category                        Count 
     A01-Broken-Access-Control                     14 
     A03-Injection                                  9 
     A08-Software-And-Data-Integrity-Failures       1 

1 rule failed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@conikeec