Skip to content

[CC-467] Add Checkmarx action #144

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 22, 2023
Merged

[CC-467] Add Checkmarx action #144

merged 1 commit into from
Jun 22, 2023

Conversation

GreatG0ose
Copy link
Contributor

No description provided.

@GreatG0ose GreatG0ose requested a review from Ryouzanpaku June 22, 2023 11:35
@github-actions
Copy link

Logo
Checkmarx One – Scan Summary & Detailse6951db4-d982-4001-a87b-f9306898cab8

New Issues

Severity Issue Source File / Package Checkmarx Insight
HIGH Client_DOM_Stored_XSS /examples/Applepay/index.php: 187 Attack Vector
HIGH Client_DOM_Stored_XSS /examples/Applepay/index.php: 166 Attack Vector
HIGH Stored_XSS /src/Services/ResourceService.php: 395 Attack Vector
HIGH Stored_XSS /examples/InstallmentSecured/confirm.php: 61 Attack Vector
HIGH Stored_XSS /examples/InstallmentSecured/confirm.php: 61 Attack Vector
HIGH Stored_XSS /examples/InstallmentSecured/confirm.php: 61 Attack Vector
HIGH Stored_XSS /examples/InstallmentSecured/confirm.php: 61 Attack Vector
HIGH Stored_XSS /src/Unzer.php: 400 Attack Vector
HIGH Stored_XSS /src/Unzer.php: 400 Attack Vector
HIGH Stored_XSS /src/Unzer.php: 400 Attack Vector
HIGH Stored_XSS /src/Unzer.php: 400 Attack Vector
MEDIUM Header_Injection /examples/Applepay/merchantvalidation.php: 65 Attack Vector
MEDIUM Open_Redirect /examples/PayPalRecurring/Controller.php: 54 Attack Vector
MEDIUM Privacy_Violation /src/Resources/Payment.php: 153 Attack Vector
LOW Client_Hardcoded_Domain /examples/Alipay/index.php: 37 Attack Vector
LOW Client_Hardcoded_Domain /examples/Alipay/index.php: 42 Attack Vector
LOW Client_Hardcoded_Domain /examples/Applepay/index.php: 37 Attack Vector
LOW Client_Hardcoded_Domain /examples/Applepay/index.php: 42 Attack Vector
LOW Client_Hardcoded_Domain /examples/Bancontact/index.php: 37 Attack Vector
LOW Client_Hardcoded_Domain /examples/Bancontact/index.php: 42 Attack Vector
LOW Client_Hardcoded_Domain /examples/BankTransfer/index.php: 37 Attack Vector
LOW Client_Hardcoded_Domain /examples/BankTransfer/index.php: 42 Attack Vector
LOW Client_Hardcoded_Domain /examples/Card/index.php: 37 Attack Vector
LOW Client_Hardcoded_Domain /examples/Card/index.php: 42 Attack Vector
LOW Client_Hardcoded_Domain /examples/CardExtended/index.php: 37 Attack Vector
LOW Client_Hardcoded_Domain /examples/CardExtended/index.php: 42 Attack Vector
LOW Client_Hardcoded_Domain /examples/CardRecurring/index.php: 37 Attack Vector
LOW Client_Hardcoded_Domain /examples/CardRecurring/index.php: 42 Attack Vector
LOW Client_Hardcoded_Domain /examples/EmbeddedPayPage/index.php: 38 Attack Vector
LOW Client_Hardcoded_Domain /examples/EmbeddedPayPage/index.php: 39 Attack Vector
LOW Client_Hardcoded_Domain /examples/EmbeddedPayPage/index.php: 42 Attack Vector
LOW Client_Hardcoded_Domain /examples/EmbeddedPayPage/index.php: 43 Attack Vector
LOW Client_Hardcoded_Domain /examples/EPSCharge/index.php: 37 Attack Vector
LOW Client_Hardcoded_Domain /examples/EPSCharge/index.php: 42 Attack Vector
LOW Client_Hardcoded_Domain /examples/Giropay/index.php: 37 Attack Vector
LOW Client_Hardcoded_Domain /examples/Giropay/index.php: 42 Attack Vector
LOW Client_Hardcoded_Domain /examples/HostedPayPage/index.php: 38 Attack Vector
LOW Client_Hardcoded_Domain /examples/HostedPayPage/index.php: 43 Attack Vector
LOW Client_Hardcoded_Domain /examples/IDeal/index.php: 37 Attack Vector
LOW Client_Hardcoded_Domain /examples/IDeal/index.php: 42 Attack Vector
LOW Client_Hardcoded_Domain /examples/index.php: 48 Attack Vector
LOW Client_Hardcoded_Domain /examples/index.php: 51 Attack Vector
LOW Client_Hardcoded_Domain /examples/index.php: 55 Attack Vector
LOW Client_Hardcoded_Domain /examples/InstallmentSecured/confirm.php: 85 Attack Vector
LOW Client_Hardcoded_Domain /examples/InstallmentSecured/confirm.php: 89 Attack Vector
LOW Client_Hardcoded_Domain /examples/InstallmentSecured/index.php: 37 Attack Vector
LOW Client_Hardcoded_Domain /examples/InstallmentSecured/index.php: 42 Attack Vector
LOW Client_Hardcoded_Domain /examples/Invoice/index.php: 40 Attack Vector
LOW Client_Hardcoded_Domain /examples/InvoiceSecured/index.php: 38 Attack Vector
LOW Client_Hardcoded_Domain /examples/InvoiceSecured/index.php: 43 Attack Vector
LOW Client_Hardcoded_Domain /examples/Klarna/index.php: 37 Attack Vector
LOW Client_Hardcoded_Domain /examples/Klarna/index.php: 42 Attack Vector
LOW Client_Hardcoded_Domain /examples/PaylaterInvoice/index.php: 38 Attack Vector
LOW Client_Hardcoded_Domain /examples/PaylaterInvoice/index.php: 43 Attack Vector
LOW Client_Hardcoded_Domain /examples/PayPal/index.php: 37 Attack Vector
LOW Client_Hardcoded_Domain /examples/PayPal/index.php: 42 Attack Vector
LOW Client_Hardcoded_Domain /examples/PayPalRecurring/index.php: 37 Attack Vector
LOW Client_Hardcoded_Domain /examples/PayPalRecurring/index.php: 42 Attack Vector
LOW Client_Hardcoded_Domain /examples/PostFinanceCard/index.php: 37 Attack Vector
LOW Client_Hardcoded_Domain /examples/PostFinanceCard/index.php: 42 Attack Vector
LOW Client_Hardcoded_Domain /examples/PostFinanceEfinance/index.php: 37 Attack Vector
LOW Client_Hardcoded_Domain /examples/PostFinanceEfinance/index.php: 42 Attack Vector
LOW Client_Hardcoded_Domain /examples/Prepayment/index.php: 40 Attack Vector
LOW Client_Hardcoded_Domain /examples/Przelewy24/index.php: 37 Attack Vector
LOW Client_Hardcoded_Domain /examples/Przelewy24/index.php: 42 Attack Vector
LOW Client_Hardcoded_Domain /examples/SepaDirectDebitSecured/index.php: 37 Attack Vector
LOW Client_Hardcoded_Domain /examples/SepaDirectDebitSecured/index.php: 42 Attack Vector
LOW Client_Hardcoded_Domain /examples/Sofort/index.php: 37 Attack Vector
LOW Client_Hardcoded_Domain /examples/Sofort/index.php: 42 Attack Vector
LOW Client_Hardcoded_Domain /examples/Webhooks/fetchAll.php: 60 Attack Vector
LOW Client_Hardcoded_Domain /examples/Webhooks/fetchAll.php: 64 Attack Vector
LOW Client_Hardcoded_Domain /examples/Webhooks/index.php: 67 Attack Vector
LOW Client_Hardcoded_Domain /examples/Webhooks/index.php: 71 Attack Vector
LOW Client_Hardcoded_Domain /examples/Webhooks/removeAll.php: 65 Attack Vector
LOW Client_Hardcoded_Domain /examples/Webhooks/removeAll.php: 69 Attack Vector
LOW Client_Hardcoded_Domain /examples/Wechatpay/index.php: 37 Attack Vector
LOW Client_Hardcoded_Domain /examples/Wechatpay/index.php: 42 Attack Vector
LOW Trust_Boundary_Violation_in_Session_Variables /examples/CardRecurring/RecurringPaymentController.php: 56 Attack Vector
LOW Trust_Boundary_Violation_in_Session_Variables /examples/Sofort/Controller.php: 54 Attack Vector
LOW Trust_Boundary_Violation_in_Session_Variables /examples/Card/Controller.php: 55 Attack Vector
LOW Trust_Boundary_Violation_in_Session_Variables /examples/SepaDirectDebitSecured/Controller.php: 56 Attack Vector
LOW Trust_Boundary_Violation_in_Session_Variables /examples/SepaDirectDebitSecured/Controller.php: 57 Attack Vector
LOW Trust_Boundary_Violation_in_Session_Variables /examples/EPSCharge/Controller.php: 57 Attack Vector
LOW Trust_Boundary_Violation_in_Session_Variables /examples/CardRecurring/RecurringPaymentController.php: 56 Attack Vector
LOW Trust_Boundary_Violation_in_Session_Variables /examples/EPSCharge/Controller.php: 57 Attack Vector
LOW Trust_Boundary_Violation_in_Session_Variables /examples/Applepay/Controller.php: 51 Attack Vector
LOW Trust_Boundary_Violation_in_Session_Variables /examples/InvoiceSecured/Controller.php: 60 Attack Vector
LOW Trust_Boundary_Violation_in_Session_Variables /examples/InvoiceSecured/Controller.php: 61 Attack Vector
LOW Trust_Boundary_Violation_in_Session_Variables /examples/InvoiceSecured/Controller.php: 60 Attack Vector
LOW Trust_Boundary_Violation_in_Session_Variables /examples/InvoiceSecured/Controller.php: 61 Attack Vector
LOW Trust_Boundary_Violation_in_Session_Variables /examples/Card/Controller.php: 55 Attack Vector
LOW Trust_Boundary_Violation_in_Session_Variables /examples/EPSCharge/Controller.php: 57 Attack Vector
LOW Trust_Boundary_Violation_in_Session_Variables /examples/Applepay/Controller.php: 51 Attack Vector
LOW Trust_Boundary_Violation_in_Session_Variables /examples/InvoiceSecured/Controller.php: 60 Attack Vector
LOW Trust_Boundary_Violation_in_Session_Variables /examples/InvoiceSecured/Controller.php: 61 Attack Vector
LOW Trust_Boundary_Violation_in_Session_Variables /examples/Alipay/Controller.php: 54 Attack Vector
LOW Trust_Boundary_Violation_in_Session_Variables /examples/Alipay/Controller.php: 54 Attack Vector
LOW Trust_Boundary_Violation_in_Session_Variables /examples/Bancontact/Controller.php: 54 Attack Vector
LOW Trust_Boundary_Violation_in_Session_Variables /examples/Bancontact/Controller.php: 54 Attack Vector
LOW Trust_Boundary_Violation_in_Session_Variables /examples/Giropay/Controller.php: 57 Attack Vector
LOW Trust_Boundary_Violation_in_Session_Variables /examples/Przelewy24/Controller.php: 57 Attack Vector
LOW Trust_Boundary_Violation_in_Session_Variables /examples/Giropay/Controller.php: 57 Attack Vector
LOW Trust_Boundary_Violation_in_Session_Variables /examples/Przelewy24/Controller.php: 57 Attack Vector
LOW

More results are available on AST platform

@GreatG0ose GreatG0ose merged commit bedfabe into master Jun 22, 2023
@GreatG0ose GreatG0ose deleted the CC-467/check-marx-action branch June 22, 2023 11:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Ryouzanpaku Ryouzanpaku Ryouzanpaku approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@GreatG0ose @Ryouzanpaku