Light

prevelate / dotnetdemo Goto Github PK

View Code? Open in Web Editor NEW

0.0 0.0 0.0 206 KB

C# 75.32% Dockerfile 0.52% Shell 0.14% Python 24.03%

dotnetdemo's Introduction

Vulnerable Java Web Application

This repository provides a simple and self-contained Java web application with security flaws common to mid-00's legacy projects that have not been updated.

The application uses Spring Boot and an embedded H2 database that resets every time it starts. If you break it just restart and everything will be reset.

The application will run on HTTPS port 9000. If this port is not available you will need to change the application.properties file on the source folder with the new one. (if you are using docker you just need to map the container's 9000 port to another port in the host).

Running the application manually

If you have a Java 8 + Maven 3.x development environment, just import the project on your IDE and run the class com.github.rafaelrpinto.vulnerablejavawebapp.config.AppLauncher.

Running with docker

If your workstation is not configured for Java 8 development the easiest way to run the application is with Docker.

# gets the code
git clone https://github.com/rafaelrpinto/VulnerableJavaWebApplication
cd VulnerableJavaWebApplication

# creates the docker image
docker build -t vulnerable-java-application:0.1 .

# creates/starts the container
docker run --name vulnerable-java-application -p 9000:9000 -d vulnerable-java-application:0.1

Testing the application with Arachni and ModSecurity

The ARACHNI.MD file has an example of default security scan with automatic login and other tweaks enabled. For more scanning options check https://github.com/Arachni/arachni.

The ModSecurity scripts to protect this application are available in my other repository.

The article that I wrote explaining how to use Arachni to check this application is available on linkedin.

If is there any problem running the application or you want to add more security flaws, feel free to open an issue or send a pull request.

dotnetdemo's People

Contributors

Watchers

dotnetdemo's Issues

CX Improper_Exception_Handling @ Controllers/TokensController.cs [master]

Improper_Exception_Handling issue exists @ Controllers/TokensController.cs in branch master

The method TokenInfo at line 24 of Controllers\TokensController.cs performs an operation that could be expected to throw an exception, and is not properly wrapped in a try-catch block. This constitutes Improper Exception Handling.

Severity: Low

CWE:248

Recommended Fix

Lines: 29

Code (Line #29):

               Where(b => b.email == email).

CX Insufficiently_Protected_Credentials @ Models/User.cs [feature-checkmarx]

Insufficiently_Protected_Credentials issue exists @ Models/User.cs in branch feature-checkmarx

Method authorizeCreateAccessToken at line 79 of Models\User.cs gets a user password from the FirstOrDefault element. This element’s value then flows through the code without being encrypted and is written to the database in } at line 29 of Models\User.cs. This may enable passwords to be stolen by an attacker.

Severity: Low

CWE:522

Recommended Fix

Lines: 86

Code (Line #86):

            FirstOrDefault();

CX Unsafe_Object_Binding @ Controllers/PasswordResetsController.cs [master]

Unsafe_Object_Binding issue exists @ Controllers/PasswordResetsController.cs in branch master

The passwordResetRequest at Controllers\PasswordResetsController.cs in line 23 may unintentionally allow setting the value of SaveChanges in Put, in the object Controllers\PasswordResetsController.cs at line 57.

Severity: Medium

CWE:915

Vulnerability details and guidance

Lines: 23 63

Code (Line #23):

      public IActionResult Put([FromBody] PasswordResetRequest passwordResetRequest)

Code (Line #63):

      public IActionResult Post([FromBody] PasswordResetRequest passwordResetRequest)

CX SQL_Injection @ Controllers/ProductsController.cs [master]

SQL_Injection issue exists @ Controllers/ProductsController.cs in branch master

The application's Search method executes an SQL query with query, at line 73 of Controllers\ProductsController.cs. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
An attacker would be able to inject arbitrary syntax and data into the SQL query, by crafting a malicious payload and providing it via the input keyword; this input is then read by the Search method at line 65 of Controllers\ProductsController.cs. This input then flows through the code, into a query and to the database server - without sanitization.
This may enable an SQL Injection attack.

Severity: High

CWE:89

Vulnerability details and guidance

Lines: 65

Code (Line #65):

      public IActionResult Search(string keyword)

CX Missing_HSTS_Header @ Startup.cs [master]

Missing_HSTS_Header issue exists @ Startup.cs in branch master

The web-application does not define an HSTS header, leaving it vulnerable to attack.

Severity: Medium

CWE:346

Vulnerability details and guidance

Lines: 20

Code (Line #20):

    public class Startup

CX Improper_Exception_Handling @ Controllers/PasswordResetsController.cs [feature-checkmarx]

Improper_Exception_Handling issue exists @ Controllers/PasswordResetsController.cs in branch feature-checkmarx

The method Put at line 23 of Controllers\PasswordResetsController.cs performs an operation that could be expected to throw an exception, and is not properly wrapped in a try-catch block. This constitutes Improper Exception Handling.

Severity: Low

CWE:248

Recommended Fix

Lines: 51 85 86 71 56 57 43

Code (Line #51):

            Where(b => b.email == resetRequest.email).

Code (Line #85):

         _context.PasswordResetRequests.Add(passwordResetRequest);

Code (Line #86):

         _context.SaveChanges();

Code (Line #71):

            Where(b => b.email == passwordResetRequest.email).

Code (Line #56):

         _context.Users.Update(existingUser);

Code (Line #57):

         _context.SaveChanges();

Code (Line #43):

            Where(b => b.key == passwordResetRequest.key).FirstOrDefault();

CX Improper_Exception_Handling @ Controllers/AuthorizationsController.cs [master]

Improper_Exception_Handling issue exists @ Controllers/AuthorizationsController.cs in branch master

The method GetTokenSSO at line 58 of Controllers\AuthorizationsController.cs performs an operation that could be expected to throw an exception, and is not properly wrapped in a try-catch block. This constitutes Improper Exception Handling.

Severity: Low

CWE:248

Vulnerability details and guidance

Lines: 58

Code (Line #58):

            Where(b => b.ID == userId.ToObject<int>()).

CX Improper_Exception_Handling @ Controllers/ProductsController.cs [master]

Improper_Exception_Handling issue exists @ Controllers/ProductsController.cs in branch master

The method Post at line 32 of Controllers\ProductsController.cs performs an operation that could be expected to throw an exception, and is not properly wrapped in a try-catch block. This constitutes Improper Exception Handling.

Severity: Low

CWE:248

Recommended Fix

Lines: 48 49 40

Code (Line #48):

         _context.Products.Add(product);

Code (Line #49):

         _context.SaveChanges();

Code (Line #40):

            Where(b => (b.name == product.name) || (b.skuId == product.skuId)).

CX Unsafe_Object_Binding @ Controllers/RegistrationsController.cs [master]

Unsafe_Object_Binding issue exists @ Controllers/RegistrationsController.cs in branch master

The registrationRequest at Controllers\RegistrationsController.cs in line 22 may unintentionally allow setting the value of SaveChanges in Post, in the object Controllers\RegistrationsController.cs at line 46.

Severity: Medium

CWE:915

Vulnerability details and guidance

Lines: 22

Code (Line #22):

      public IActionResult Post([FromBody] RegistrationRequest registrationRequest)

CX Improper_Exception_Handling @ Controllers/PasswordResetsController.cs [master]

Improper_Exception_Handling issue exists @ Controllers/PasswordResetsController.cs in branch master

The method Put at line 51 of Controllers\PasswordResetsController.cs performs an operation that could be expected to throw an exception, and is not properly wrapped in a try-catch block. This constitutes Improper Exception Handling.

Severity: Low

CWE:248

Vulnerability details and guidance

Lines: 51 85 86 71 56 57 43

Code (Line #51):

            Where(b => b.email == resetRequest.email).

Code (Line #85):

         _context.PasswordResetRequests.Add(passwordResetRequest);

Code (Line #86):

         _context.SaveChanges();

Code (Line #71):

            Where(b => b.email == passwordResetRequest.email).

Code (Line #56):

         _context.Users.Update(existingUser);

Code (Line #57):

         _context.SaveChanges();

Code (Line #43):

            Where(b => b.key == passwordResetRequest.key).FirstOrDefault();

CX Heap_Inspection @ Models/AuthorizationRequest.cs [master]

Heap_Inspection issue exists @ Models/AuthorizationRequest.cs in branch master

Method } at line 13 of Models\AuthorizationRequest.cs defines password, which is designated to contain user passwords. However, while plaintext passwords are later assigned to password, this variable is never cleared from memory.

Severity: Low

CWE:244

Vulnerability details and guidance

Lines: 13

Code (Line #13):

      public string password { get; set; }

CX Improper_Resource_Shutdown_or_Release @ Controllers/ProductsController.cs [master]

Improper_Resource_Shutdown_or_Release issue exists @ Controllers/ProductsController.cs in branch master

The application's Import method in Controllers\ProductsController.cs defines and initializes the reader object at 82. This object encapsulates a limited computing resource, such as open file streams, database connections, or network streams. This resource is not properly closed and released in all situations.

Severity: Low

CWE:404

Vulnerability details and guidance

Lines: 82

Code (Line #82):

         XmlReader reader = XmlReader.Create(HttpContext.Request.Body);

CX Insecure_Cookie @ Startup.cs [master]

Insecure_Cookie issue exists @ Startup.cs in branch master

The Startup.cs application configuration file, at line 20, does not define sensitive application cookies with the "secure" flag, which could cause the client to send those cookies in plaintext over an insecure network communication (HTTP). This may lead to a Session Hijacking attack.

Severity: Medium

CWE:614

Vulnerability details and guidance

Lines: 20

Code (Line #20):

    public class Startup

CX Improper_Exception_Handling @ Controllers/UsersController.cs [master]

Improper_Exception_Handling issue exists @ Controllers/UsersController.cs in branch master

The method Put at line 50 of Controllers\UsersController.cs performs an operation that could be expected to throw an exception, and is not properly wrapped in a try-catch block. This constitutes Improper Exception Handling.

Severity: Low

CWE:248

Vulnerability details and guidance

Lines: 65 49 66 50

Code (Line #65):

         _context.Users.Remove(user);

Code (Line #49):

         _context.Users.Update(existingUser);

Code (Line #66):

         _context.SaveChanges();

Code (Line #50):

         _context.SaveChanges();

CX Improper_Exception_Handling @ Controllers/RegistrationsController.cs [master]

Improper_Exception_Handling issue exists @ Controllers/RegistrationsController.cs in branch master

The method Post at line 30 of Controllers\RegistrationsController.cs performs an operation that could be expected to throw an exception, and is not properly wrapped in a try-catch block. This constitutes Improper Exception Handling.

Severity: Low

CWE:248

Vulnerability details and guidance

Lines: 45 46 30

Code (Line #45):

         _context.Users.Add(user);

Code (Line #46):

         _context.SaveChanges();

Code (Line #30):

            Where(b => b.email == registrationRequest.email).

CX Improper_Restriction_of_XXE_Ref @ Controllers/ImportsController.cs [master]

Improper_Restriction_of_XXE_Ref issue exists @ Controllers/ImportsController.cs in branch master

The Post loads and parses XML using Load, at line 29 of Controllers\ImportsController.cs.

Severity: Medium

CWE:611

Vulnerability details and guidance

Lines: 29

Code (Line #29):

         xmlDocument.Load(HttpContext.Request.Body);

CX Use_Of_Broken_Or_Risky_Cryptographic_Algorithm @ Controllers/PasswordResetsController.cs [feature-checkmarx]

Use_Of_Broken_Or_Risky_Cryptographic_Algorithm issue exists @ Controllers/PasswordResetsController.cs in branch feature-checkmarx

In Post, the application protects sensitive data using a cryptographic algorithm, ComputeHash, that is considered weak or even trivially broken, in Controllers\PasswordResetsController.cs at line 63.

Severity: Low

CWE:327

Recommended Fix

Lines: 80

Code (Line #80):

         var hash = md5.ComputeHash(System.Text.Encoding.ASCII.GetBytes(passwordResetRequest.email));

CX Heap_Inspection @ Models/User.cs [master]

Heap_Inspection issue exists @ Models/User.cs in branch master

Method } at line 29 of Models\User.cs defines password, which is designated to contain user passwords. However, while plaintext passwords are later assigned to password, this variable is never cleared from memory.

Severity: Medium

CWE:244

Recommended Fix

Lines: 29

Code (Line #29):

      public string password { get; set; }

CX Improper_Exception_Handling @ Controllers/AuthorizationsController.cs [feature-checkmarx]

Improper_Exception_Handling issue exists @ Controllers/AuthorizationsController.cs in branch feature-checkmarx

The method GetTokenSSO at line 41 of Controllers\AuthorizationsController.cs performs an operation that could be expected to throw an exception, and is not properly wrapped in a try-catch block. This constitutes Improper Exception Handling.

Severity: Low

CWE:248

Recommended Fix

Lines: 58

Code (Line #58):

            Where(b => b.ID == userId.ToObject<int>()).

CX Improper_Exception_Handling @ Controllers/TokensController.cs [feature-checkmarx]

Improper_Exception_Handling issue exists @ Controllers/TokensController.cs in branch feature-checkmarx

The method TokenInfo at line 24 of Controllers\TokensController.cs performs an operation that could be expected to throw an exception, and is not properly wrapped in a try-catch block. This constitutes Improper Exception Handling.

Severity: Low

CWE:248

Recommended Fix

Lines: 29

Code (Line #29):

               Where(b => b.email == email).

CX Improper_Exception_Handling @ Models/User.cs [master]

Improper_Exception_Handling issue exists @ Models/User.cs in branch master

The method authorizeCreateAccessToken at line 79 of Models\User.cs performs an operation that could be expected to throw an exception, and is not properly wrapped in a try-catch block. This constitutes Improper Exception Handling.

Severity: Low

CWE:248

Recommended Fix

Lines: 85

Code (Line #85):

            Where(b => b.email == authorizationRequest.email).

CX Use_Of_Broken_Or_Risky_Cryptographic_Algorithm @ Controllers/PasswordResetsController.cs [master]

Use_Of_Broken_Or_Risky_Cryptographic_Algorithm issue exists @ Controllers/PasswordResetsController.cs in branch master

In Post, the application protects sensitive data using a cryptographic algorithm, ComputeHash, that is considered weak or even trivially broken, in Controllers\PasswordResetsController.cs at line 80.

Severity: Low

CWE:327

Vulnerability details and guidance

Lines: 80

Code (Line #80):

         var hash = md5.ComputeHash(System.Text.Encoding.ASCII.GetBytes(passwordResetRequest.email));

CX Improper_Exception_Handling @ Models/User.cs [feature-checkmarx]

Improper_Exception_Handling issue exists @ Models/User.cs in branch feature-checkmarx

The method authorizeCreateAccessToken at line 79 of Models\User.cs performs an operation that could be expected to throw an exception, and is not properly wrapped in a try-catch block. This constitutes Improper Exception Handling.

Severity: Low

CWE:248

Recommended Fix

Lines: 85

Code (Line #85):

            Where(b => b.email == authorizationRequest.email).

CX Unsafe_Object_Binding @ Controllers/UsersController.cs [feature-checkmarx]

Unsafe_Object_Binding issue exists @ Controllers/UsersController.cs in branch feature-checkmarx

The user at Controllers\UsersController.cs in line 33 may unintentionally allow setting the value of SaveChanges in Put, in the object Controllers\UsersController.cs at line 50.

Severity: Medium

CWE:915

Vulnerability details and guidance

Lines: 33

Code (Line #33):

      public IActionResult Put(int id, [FromBody] Models.UserUpdateRequest user)

CX Heap_Inspection @ Models/UserUpdateRequest.cs [master]

Heap_Inspection issue exists @ Models/UserUpdateRequest.cs in branch master

Method } at line 20 of Models\UserUpdateRequest.cs defines password, which is designated to contain user passwords. However, while plaintext passwords are later assigned to password, this variable is never cleared from memory.

Severity: Low

CWE:244

Vulnerability details and guidance

Lines: 20 24

Code (Line #20):

      public string password { get; set; }

Code (Line #24):

      public string passwordConfirmation { get; set; }

CX Improper_Exception_Handling @ Controllers/UsersController.cs [feature-checkmarx]

Improper_Exception_Handling issue exists @ Controllers/UsersController.cs in branch feature-checkmarx

The method Put at line 33 of Controllers\UsersController.cs performs an operation that could be expected to throw an exception, and is not properly wrapped in a try-catch block. This constitutes Improper Exception Handling.

Severity: Low

CWE:248

Recommended Fix

Lines: 49 65 50 66

Code (Line #49):

         _context.Users.Update(existingUser);

Code (Line #65):

         _context.Users.Remove(user);

Code (Line #50):

         _context.SaveChanges();

Code (Line #66):

         _context.SaveChanges();

CX Heap_Inspection @ Models/PasswordResetRequest.cs [feature-checkmarx]

Heap_Inspection issue exists @ Models/PasswordResetRequest.cs in branch feature-checkmarx

Method } at line 11 of Models\PasswordResetRequest.cs defines password, which is designated to contain user passwords. However, while plaintext passwords are later assigned to password, this variable is never cleared from memory.

Severity: Medium

CWE:244

Recommended Fix

Lines: 11 12

Code (Line #11):

      public string password { get; set; }

Code (Line #12):

      public string passwordConfirmation { get; set; }

CX Unsafe_Object_Binding @ Controllers/UsersController.cs [master]

Unsafe_Object_Binding issue exists @ Controllers/UsersController.cs in branch master

The user at Controllers\UsersController.cs in line 33 may unintentionally allow setting the value of SaveChanges in Put, in the object Controllers\UsersController.cs at line 50.

Severity: Medium

CWE:915

Vulnerability details and guidance

Lines: 33

Code (Line #33):

      public IActionResult Put(int id, [FromBody] Models.UserUpdateRequest user)

CX Use_Of_Broken_Or_Risky_Cryptographic_Algorithm @ Models/User.cs [feature-checkmarx]

Use_Of_Broken_Or_Risky_Cryptographic_Algorithm issue exists @ Models/User.cs in branch feature-checkmarx

In getHashedPassword, the application protects sensitive data using a cryptographic algorithm, ComputeHash, that is considered weak or even trivially broken, in Models\User.cs at line 71.

Severity: Low

CWE:327

Recommended Fix

Lines: 74

Code (Line #74):

         var hash = md5.ComputeHash(System.Text.Encoding.ASCII.GetBytes(password));

CX Overly_Permissive_Cross_Origin_Resource_Sharing_Policy @ Startup.cs [master]

Overly_Permissive_Cross_Origin_Resource_Sharing_Policy issue exists @ Startup.cs in branch master

The method builder.AllowAnyOrigin found at line 37 in Startup.cs sets an overly permissive CORS access control origin header.

Severity: Low

CWE:346

Vulnerability details and guidance

Lines: 37

Code (Line #37):

                    builder => builder.AllowAnyOrigin()

CX Deserialization_of_Untrusted_Data @ Controllers/ProductsController.cs [master]

Deserialization_of_Untrusted_Data issue exists @ Controllers/ProductsController.cs in branch master

The serialized object Body processed in Import in the file Controllers\ProductsController.cs at line 85 is deserialized by Deserialize in the file Controllers\ProductsController.cs at line 85.

Severity: High

CWE:502

Vulnerability details and guidance

Lines: 87

Code (Line #87):

         XmlReader reader = XmlReader.Create(HttpContext.Request.Body);

CX Heap_Inspection @ Models/AuthorizationRequest.cs [feature-checkmarx]

Heap_Inspection issue exists @ Models/AuthorizationRequest.cs in branch feature-checkmarx

Method } at line 13 of Models\AuthorizationRequest.cs defines password, which is designated to contain user passwords. However, while plaintext passwords are later assigned to password, this variable is never cleared from memory.

Severity: Medium

CWE:244

Recommended Fix

Lines: 13

Code (Line #13):

      public string password { get; set; }

CX SQL_Injection @ Controllers/ProductsController.cs [feature-checkmarx]

SQL_Injection issue exists @ Controllers/ProductsController.cs in branch feature-checkmarx

The application's Search method executes an SQL query with query, at line 73 of Controllers\ProductsController.cs. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
An attacker would be able to inject arbitrary syntax and data into the SQL query, by crafting a malicious payload and providing it via the input keyword; this input is then read by the Search method at line 65 of Controllers\ProductsController.cs. This input then flows through the code, into a query and to the database server - without sanitization.
This may enable an SQL Injection attack.

Severity: High

CWE:89

Vulnerability details and guidance

Lines: 65

Code (Line #65):

      public IActionResult Search(string keyword)

CX Heap_Inspection @ Models/UserUpdateRequest.cs [feature-checkmarx]

Heap_Inspection issue exists @ Models/UserUpdateRequest.cs in branch feature-checkmarx

Method } at line 20 of Models\UserUpdateRequest.cs defines password, which is designated to contain user passwords. However, while plaintext passwords are later assigned to password, this variable is never cleared from memory.

Severity: Medium

CWE:244

Recommended Fix

Lines: 20 24

Code (Line #20):

      public string password { get; set; }

Code (Line #24):

      public string passwordConfirmation { get; set; }

CX HttpOnlyCookies @ Startup.cs [master]

HttpOnlyCookies issue exists @ Startup.cs in branch master

The web application's Startup method creates a cookie Startup, at line 20 of Startup.cs, and returns it in the response. However, the application is not configured to automatically set the cookie with the "httpOnly" attribute, and the code does not explicitly add this to the cookie.

Severity: Medium

CWE:1004

Vulnerability details and guidance

Lines: 20

Code (Line #20):

    public class Startup

CX Heap_Inspection @ Models/RegistrationRequest.cs [master]

Heap_Inspection issue exists @ Models/RegistrationRequest.cs in branch master

Method } at line 17 of Models\RegistrationRequest.cs defines password, which is designated to contain user passwords. However, while plaintext passwords are later assigned to password, this variable is never cleared from memory.

Severity: Low

CWE:244

Vulnerability details and guidance

Lines: 17 21

Code (Line #17):

      public string password { get; set; }

Code (Line #21):

      public string passwordConfirmation { get; set; }

CX Heap_Inspection @ Data/GenericDataContext.cs [master]

Heap_Inspection issue exists @ Data/GenericDataContext.cs in branch master

Method } at line 13 of Data\GenericDataContext.cs defines PasswordResetRequests, which is designated to contain user passwords. However, while plaintext passwords are later assigned to PasswordResetRequests, this variable is never cleared from memory.

Severity: Medium

CWE:244

Vulnerability details and guidance

Lines: 13

Code (Line #13):

      public DbSet<PasswordResetRequest> PasswordResetRequests { get; set; }

CX Use_Of_Broken_Or_Risky_Cryptographic_Algorithm @ Models/User.cs [master]

Use_Of_Broken_Or_Risky_Cryptographic_Algorithm issue exists @ Models/User.cs in branch master

In getHashedPassword, the application protects sensitive data using a cryptographic algorithm, ComputeHash, that is considered weak or even trivially broken, in Models\User.cs at line 74.

Severity: Low

CWE:327

Vulnerability details and guidance

Lines: 74

Code (Line #74):

         var hash = md5.ComputeHash(System.Text.Encoding.ASCII.GetBytes(password));

CX Unsafe_Object_Binding @ Controllers/RegistrationsController.cs [feature-checkmarx]

Unsafe_Object_Binding issue exists @ Controllers/RegistrationsController.cs in branch feature-checkmarx

The registrationRequest at Controllers\RegistrationsController.cs in line 22 may unintentionally allow setting the value of SaveChanges in Post, in the object Controllers\RegistrationsController.cs at line 46.

Severity: Medium

CWE:915

Vulnerability details and guidance

Lines: 22

Code (Line #22):

      public IActionResult Post([FromBody] RegistrationRequest registrationRequest)

CX Heap_Inspection @ Models/PasswordResetRequest.cs [master]

Heap_Inspection issue exists @ Models/PasswordResetRequest.cs in branch master

Method } at line 11 of Models\PasswordResetRequest.cs defines password, which is designated to contain user passwords. However, while plaintext passwords are later assigned to password, this variable is never cleared from memory.

Severity: Low

CWE:244

Vulnerability details and guidance

Lines: 11 12

Code (Line #11):

      public string password { get; set; }

Code (Line #12):

      public string passwordConfirmation { get; set; }

CX Overly_Permissive_Cross_Origin_Resource_Sharing_Policy @ Startup.cs [feature-checkmarx]

Overly_Permissive_Cross_Origin_Resource_Sharing_Policy issue exists @ Startup.cs in branch feature-checkmarx

The method builder.AllowAnyOrigin found at line 37 in Startup.cs sets an overly permissive CORS access control origin header.

Severity: Low

CWE:346

Recommended Fix

Lines: 37

Code (Line #37):

                    builder => builder.AllowAnyOrigin()

CX Improper_Resource_Shutdown_or_Release @ Controllers/ImportsController.cs [master]

Improper_Resource_Shutdown_or_Release issue exists @ Controllers/ImportsController.cs in branch master

The application's Post method in Controllers\ImportsController.cs defines and initializes the XmlTextReader object at 44. This object encapsulates a limited computing resource, such as open file streams, database connections, or network streams. This resource is not properly closed and released in all situations.

Severity: Low

CWE:404

Vulnerability details and guidance

Lines: 44

Code (Line #44):

            var reader = new XmlTextReader(new StringReader(xmlItem.InnerXml));

CX Insecure_Cookie @ Startup.cs [feature-checkmarx]

Insecure_Cookie issue exists @ Startup.cs in branch feature-checkmarx

The Startup.cs application configuration file, at line 20, does not define sensitive application cookies with the "secure" flag, which could cause the client to send those cookies in plaintext over an insecure network communication (HTTP). This may lead to a Session Hijacking attack.

Severity: Medium

CWE:614

Vulnerability details and guidance

Lines: 20

Code (Line #20):

    public class Startup

CX Improper_Restriction_of_XXE_Ref @ Controllers/ImportsController.cs [feature-checkmarx]

Improper_Restriction_of_XXE_Ref issue exists @ Controllers/ImportsController.cs in branch feature-checkmarx

The Post loads and parses XML using Load, at line 29 of Controllers\ImportsController.cs.

Severity: Medium

CWE:611

Vulnerability details and guidance

Lines: 29

Code (Line #29):

         xmlDocument.Load(HttpContext.Request.Body);

CX Unsafe_Object_Binding @ Controllers/ProductsController.cs [master]

Unsafe_Object_Binding issue exists @ Controllers/ProductsController.cs in branch master

The product at Controllers\ProductsController.cs in line 32 may unintentionally allow setting the value of SaveChanges in Post, in the object Controllers\ProductsController.cs at line 49.

Severity: Medium

CWE:915

Vulnerability details and guidance

Lines: 32

Code (Line #32):

      public IActionResult Post([FromBody] Product product)

CX Blind_SQL_Injections @ Controllers/ProductsController.cs [master]

Blind_SQL_Injections issue exists @ Controllers/ProductsController.cs in branch master

The application's Search method executes an SQL query with query, at line 73 of Controllers\ProductsController.cs. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
If an exception is thrown by the database code, it is caught and handled. An attacker could still use inferential or boolean exploitation techniques to retrieve the data, by altering the user input keyword. This is read in the Search method, at line 65 of Controllers\ProductsController.cs, and used without sanitization in the SQL query that is sent to the database server.
This may enable a Blind SQL Injection attack.

Severity: Low

CWE:89

Vulnerability details and guidance

Lines: 65

Code (Line #65):

      public IActionResult Search(string keyword)

CX Missing_HSTS_Header @ Startup.cs [feature-checkmarx]

Missing_HSTS_Header issue exists @ Startup.cs in branch feature-checkmarx

The web-application does not define an HSTS header, leaving it vulnerable to attack.

Severity: Medium

CWE:346

Vulnerability details and guidance

Lines: 20

Code (Line #20):

    public class Startup

CX HttpOnlyCookies @ Startup.cs [feature-checkmarx]

HttpOnlyCookies issue exists @ Startup.cs in branch feature-checkmarx

The web application's Startup method creates a cookie Startup, at line 20 of Startup.cs, and returns it in the response. However, the application is not configured to automatically set the cookie with the "httpOnly" attribute, and the code does not explicitly add this to the cookie.

Severity: Medium

CWE:1004

Vulnerability details and guidance

Lines: 20

Code (Line #20):

    public class Startup

CX Improper_Exception_Handling @ Controllers/ProductsController.cs [feature-checkmarx]

Improper_Exception_Handling issue exists @ Controllers/ProductsController.cs in branch feature-checkmarx

The method Post at line 32 of Controllers\ProductsController.cs performs an operation that could be expected to throw an exception, and is not properly wrapped in a try-catch block. This constitutes Improper Exception Handling.

Severity: Low

CWE:248

Recommended Fix

Lines: 48 49 40

Code (Line #48):

         _context.Products.Add(product);

Code (Line #49):

         _context.SaveChanges();

Code (Line #40):

            Where(b => (b.name == product.name) || (b.skuId == product.skuId)).

CX Insufficiently_Protected_Credentials @ Models/User.cs [master]

Insufficiently_Protected_Credentials issue exists @ Models/User.cs in branch master

Method authorizeCreateAccessToken at line 79 of Models\User.cs gets a user password from the FirstOrDefault element. This element’s value then flows through the code without being encrypted and is written to the database in } at line 29 of Models\User.cs. This may enable passwords to be stolen by an attacker.

Severity: Low

CWE:522

Recommended Fix

Lines: 86

Code (Line #86):

            FirstOrDefault();

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.