-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathfindings.json
More file actions
1 lines (1 loc) · 5.3 KB
/
Copy pathfindings.json
File metadata and controls
1 lines (1 loc) · 5.3 KB
1
{"version":"1.144.1","results":[{"check_id":"javascript.express.security.audit.express-path-join-resolve-traversal.express-path-join-resolve-traversal","path":"demo-01-configuration\\vulnerable-pattern-test.js","start":{"line":82,"col":52,"offset":2893},"end":{"line":82,"col":60,"offset":2901},"extra":{"message":"Possible writing outside of the destination, make sure that the target path is nested in the intended destination","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["express","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.express.security.audit.express-path-join-resolve-traversal.express-path-join-resolve-traversal","shortlink":"https://sg.run/weRn"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}}],"errors":[{"code":3,"level":"warn","type":["PartialParsing",[{"path":"demo-03-xss\\vulnerable-react-app\\UserProfile.jsx","start":{"line":321,"col":37,"offset":0},"end":{"line":322,"col":5,"offset":31}}]],"message":"Syntax error at line demo-03-xss\\vulnerable-react-app\\UserProfile.jsx:321:\n `(/* */oNcLiCk=alert() )//\r\n */\r` was unexpected","path":"demo-03-xss\\vulnerable-react-app\\UserProfile.jsx","spans":[{"file":"demo-03-xss\\vulnerable-react-app\\UserProfile.jsx","start":{"line":321,"col":37,"offset":0},"end":{"line":322,"col":5,"offset":31}}]}],"paths":{"scanned":["demo-01-configuration\\README.md","demo-01-configuration\\vulnerable-pattern-test.js","demo-02-sql-injection\\secure\\api.js","demo-02-sql-injection\\vulnerable\\api.js","demo-03-xss\\secure-react-app\\package.json","demo-03-xss\\secure-react-app\\server.js","demo-03-xss\\secure-react-app\\UserProfile.jsx","demo-03-xss\\vulnerable-react-app\\App.jsx","demo-03-xss\\vulnerable-react-app\\package.json","demo-03-xss\\vulnerable-react-app\\UserProfile.jsx","demo-04-custom-scanners\\idor-app\\api\\documents.js","demo-04-custom-scanners\\idor-app\\db.js","demo-04-custom-scanners\\idor-app\\package.json","demo-04-custom-scanners\\idor-app\\server.js","demo-04-custom-scanners\\reports\\generate-report.js","demo-04-custom-scanners\\scanner\\idor-scanner.js","demo-04-custom-scanners\\scanner\\package.json","demo-04-custom-scanners\\scanner\\race-condition-scanner.js","lesson-01-demo-runbook-final.md","prompts\\custom-scanner.md","prompts\\sql-detection.md","prompts\\xss-scanning.md","README.md"]},"time":{"rules":[],"rules_parse_time":0.7539148330688477,"profiling_times":{"config_time":2.928598642349243,"core_time":1.485689401626587,"ignores_time":0.0005671977996826172,"total_time":4.415284633636475},"parsing_time":{"total_time":0.0,"per_file_time":{"mean":0.0,"std_dev":0.0},"very_slow_stats":{"time_ratio":0.0,"count_ratio":0.0},"very_slow_files":[]},"scanning_time":{"total_time":2.3385887145996094,"per_file_time":{"mean":0.03712045578729539,"std_dev":0.006813275667296898},"very_slow_stats":{"time_ratio":0.0,"count_ratio":0.0},"very_slow_files":[]},"matching_time":{"total_time":0.0,"per_file_and_rule_time":{"mean":0.0,"std_dev":0.0},"very_slow_stats":{"time_ratio":0.0,"count_ratio":0.0},"very_slow_rules_on_files":[]},"tainting_time":{"total_time":0.0,"per_def_and_rule_time":{"mean":0.0,"std_dev":0.0},"very_slow_stats":{"time_ratio":0.0,"count_ratio":0.0},"very_slow_rules_on_defs":[]},"fixpoint_timeouts":[{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at demo-02-sql-injection\\secure\\api.js:1:0 [rules: 1, first: javascript.express.security.injection.raw-html-format.raw-html-format]","location":{"path":"demo-02-sql-injection\\secure\\api.js","start":{"line":1,"col":1,"offset":0},"end":{"line":1,"col":1,"offset":0}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at demo-03-xss\\secure-react-app\\UserProfile.jsx:44:9 [rules: 1, first: javascript.express.security.cors-misconfiguration.cors-misconfiguration]","location":{"path":"demo-03-xss\\secure-react-app\\UserProfile.jsx","start":{"line":44,"col":10,"offset":1349},"end":{"line":44,"col":21,"offset":1360}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at demo-03-xss\\vulnerable-react-app\\UserProfile.jsx:23:9 [rules: 2, first: typescript.react.security.audit.react-dangerouslysetinnerhtml.react-dangerouslysetinnerhtml]","location":{"path":"demo-03-xss\\vulnerable-react-app\\UserProfile.jsx","start":{"line":23,"col":10,"offset":719},"end":{"line":23,"col":21,"offset":730}}}],"prefiltering":{"project_level_time":0.0,"file_level_time":0.0,"rules_with_project_prefilters_ratio":0.0,"rules_with_file_prefilters_ratio":0.9876796714579056,"rules_selected_ratio":0.12012320328542095,"rules_matched_ratio":0.12012320328542095},"targets":[],"total_bytes":0,"max_memory_bytes":987115904},"engine_requested":"OSS","skipped_rules":[],"profiling_results":[]}