Security Findings — nodegoat
Hi maintainers!
An automated scan of this repository using ansede-static (a free, open-source, zero-dependency SAST engine scanning 8 languages) identified the following potential security vulnerabilities:
Summary
| Severity |
Count |
| Critical |
1 |
| High |
2 |
Findings
1. CWE-95: Code injection via eval() at line 33 [+9 related]
| Detail |
Value |
| Rule |
JS-004 |
| CWE |
CWE-95 |
| Severity |
CRITICAL |
| Confidence |
1.00 |
| File |
C:\Users\matth\OneDrive\Desktop\ansede-static-focus\tmp\clones\nodegoat\app\routes\contributions.js:33 |
| Analysis |
incident-cluster |
Description: CWE-95: Code injection via eval() at line 33 [+9 related]
Recommendation: N/A
2. CWE-601: Open redirect via tainted variable at line 72 [+1 related]
| Detail |
Value |
| Rule |
JS-039 |
| CWE |
CWE-601 |
| Severity |
HIGH |
| Confidence |
1.00 |
| File |
C:\Users\matth\OneDrive\Desktop\ansede-static-focus\tmp\clones\nodegoat\app\routes\index.js:72 |
| Analysis |
incident-cluster |
Description: CWE-601: Open redirect via tainted variable at line 72 [+1 related]
Recommendation: N/A
3. CWE-918: SSRF via tainted variable at line 16
| Detail |
Value |
| Rule |
JS-040 |
| CWE |
CWE-918 |
| Severity |
HIGH |
| Confidence |
0.96 |
| File |
C:\Users\matth\OneDrive\Desktop\ansede-static-focus\tmp\clones\nodegoat\app\routes\research.js:16 |
| Analysis |
syntax-ast |
Description: CWE-918: SSRF via tainted variable at line 16
Recommendation: N/A
About ansede-static
ansede-static is a free, open-source, zero-dependency SAST engine that scans code for security vulnerabilities across 7 languages (Python, JavaScript, TypeScript, Java, C#, Go, Ruby, PHP).
To reproduce: pip install ansede-static && ansede-static /path/to/repo
This is an automated responsible disclosure notification generated by ansede-static v2.3.0-dev. Please review the findings above at your earliest convenience.
Security Findings — nodegoat
Hi maintainers!
An automated scan of this repository using ansede-static (a free, open-source, zero-dependency SAST engine scanning 8 languages) identified the following potential security vulnerabilities:
Summary
Findings
1. CWE-95: Code injection via eval() at line 33 [+9 related]
JS-004C:\Users\matth\OneDrive\Desktop\ansede-static-focus\tmp\clones\nodegoat\app\routes\contributions.js:33Description: CWE-95: Code injection via eval() at line 33 [+9 related]
Recommendation: N/A
2. CWE-601: Open redirect via tainted variable at line 72 [+1 related]
JS-039C:\Users\matth\OneDrive\Desktop\ansede-static-focus\tmp\clones\nodegoat\app\routes\index.js:72Description: CWE-601: Open redirect via tainted variable at line 72 [+1 related]
Recommendation: N/A
3. CWE-918: SSRF via tainted variable at line 16
JS-040C:\Users\matth\OneDrive\Desktop\ansede-static-focus\tmp\clones\nodegoat\app\routes\research.js:16Description: CWE-918: SSRF via tainted variable at line 16
Recommendation: N/A
About ansede-static
ansede-static is a free, open-source, zero-dependency SAST engine that scans code for security vulnerabilities across 7 languages (Python, JavaScript, TypeScript, Java, C#, Go, Ruby, PHP).
pip install ansede-staticTo reproduce:
pip install ansede-static && ansede-static /path/to/repoThis is an automated responsible disclosure notification generated by ansede-static v2.3.0-dev. Please review the findings above at your earliest convenience.