Vulnerability fix (powered by Mobb Autofixer) by eitanMobb · Pull Request #7 · eitanMobb/WebGoat

eitanMobb · 2024-05-17T19:16:05Z

Fix for issues done with the help of Mobb

eitanMobb · 2024-05-17T19:20:28Z

Checkmarx One – Scan Summary & Details – 5cdbb938-147d-4657-a539-6d58c7471fa3

New Issues

Severity	Issue	Source File / Package	Checkmarx Insight
	CVE-2024-22262	Maven-org.springframework:spring-web-6.0.13	Vulnerable Package
	CVE-2024-31573	Maven-org.xmlunit:xmlunit-core-2.9.1	Vulnerable Package

Fixed Issues

Severity	Issue	Source File / Package
	Client_DOM_Stored_XSS	/src/main/resources/lessons/jwt/js/jwt-voting.js: 43
	Client_DOM_Stored_XSS	/src/main/resources/lessons/clientsidefiltering/js/clientSideFiltering.js: 17
	Client_DOM_Stored_XSS	/src/main/resources/lessons/xxe/js/xxe.js: 72
	Client_DOM_Stored_XSS	/src/main/resources/lessons/sqlinjection/js/assignment13.js: 43
	Client_DOM_Stored_XSS	/src/main/resources/lessons/csrf/js/csrf-review.js: 35
	Client_DOM_Stored_XSS	/src/main/resources/lessons/xss/js/stored-xss.js: 35
	Client_DOM_Stored_XSS	/src/main/resources/lessons/challenges/js/challenge8.js: 46
	Client_DOM_Stored_XSS	/src/main/resources/webgoat/static/js/goatApp/support/GoatUtils.js: 56
	Client_DOM_Stored_XSS	/src/main/resources/lessons/challenges/js/challenge8.js: 7
	Client_DOM_Stored_XSS	/src/main/resources/lessons/jwt/js/jwt-voting.js: 43
	Client_DOM_Stored_XSS	/src/main/resources/lessons/clientsidefiltering/js/clientSideFiltering.js: 17
	Client_DOM_Stored_XSS	/src/main/resources/lessons/xxe/js/xxe.js: 72
	Client_DOM_Stored_XSS	/src/main/resources/lessons/sqlinjection/js/assignment13.js: 43
	Client_DOM_Stored_XSS	/src/main/resources/lessons/csrf/js/csrf-review.js: 35
	Client_DOM_Stored_XSS	/src/main/resources/lessons/xss/js/stored-xss.js: 35
	Client_DOM_Stored_XSS	/src/main/resources/lessons/challenges/js/challenge8.js: 46
	Client_DOM_Stored_XSS	/src/main/resources/webgoat/static/js/goatApp/support/GoatUtils.js: 56
	Client_DOM_Stored_XSS	/src/main/resources/lessons/challenges/js/challenge8.js: 7
	Client_DOM_Stored_XSS	/src/main/resources/lessons/xss/js/stored-xss.js: 35
	Client_DOM_Stored_XSS	/src/main/resources/lessons/jwt/js/jwt-voting.js: 43
	Client_DOM_Stored_XSS	/src/main/resources/lessons/clientsidefiltering/js/clientSideFiltering.js: 17
	Client_DOM_Stored_XSS	/src/main/resources/lessons/xxe/js/xxe.js: 72
	Client_DOM_Stored_XSS	/src/main/resources/lessons/sqlinjection/js/assignment13.js: 43
	Client_DOM_Stored_XSS	/src/main/resources/lessons/csrf/js/csrf-review.js: 35
	Client_DOM_Stored_XSS	/src/main/resources/lessons/xss/js/stored-xss.js: 35
	Client_DOM_Stored_XSS	/src/main/resources/lessons/challenges/js/challenge8.js: 46
	Client_DOM_Stored_XSS	/src/main/resources/webgoat/static/js/goatApp/support/GoatUtils.js: 56
	Client_DOM_Stored_XSS	/src/main/resources/lessons/challenges/js/challenge8.js: 7
	Client_DOM_Stored_XSS	/src/main/resources/lessons/challenges/js/challenge8.js: 7
	Client_DOM_Stored_XSS	/src/main/resources/lessons/jwt/js/jwt-voting.js: 43
	Client_DOM_Stored_XSS	/src/main/resources/lessons/clientsidefiltering/js/clientSideFiltering.js: 17
	Client_DOM_Stored_XSS	/src/main/resources/lessons/xxe/js/xxe.js: 72
	Client_DOM_Stored_XSS	/src/main/resources/lessons/sqlinjection/js/assignment13.js: 43
	Client_DOM_Stored_XSS	/src/main/resources/lessons/csrf/js/csrf-review.js: 35
	Client_DOM_Stored_XSS	/src/main/resources/lessons/xss/js/stored-xss.js: 35
	Client_DOM_Stored_XSS	/src/main/resources/lessons/challenges/js/challenge8.js: 46
	Client_DOM_Stored_XSS	/src/main/resources/webgoat/static/js/goatApp/support/GoatUtils.js: 56
	Client_DOM_Stored_XSS	/src/main/resources/lessons/challenges/js/challenge8.js: 46
	Client_DOM_Stored_XSS	/src/main/resources/webgoat/static/js/goatApp/support/GoatUtils.js: 56
	Client_DOM_Stored_XSS	/src/main/resources/lessons/xss/js/stored-xss.js: 35
	Client_DOM_Stored_XSS	/src/main/resources/lessons/sqlinjection/js/assignment13.js: 43
	Client_DOM_Stored_XSS	/src/main/resources/lessons/challenges/js/challenge8.js: 7
	Client_DOM_Stored_XSS	/src/main/resources/lessons/csrf/js/csrf-review.js: 35
	Client_DOM_Stored_XSS	/src/main/resources/lessons/clientsidefiltering/js/clientSideFiltering.js: 17
	Client_DOM_Stored_XSS	/src/main/resources/lessons/xxe/js/xxe.js: 72
	Client_DOM_Stored_XSS	/src/main/resources/lessons/jwt/js/jwt-voting.js: 43
	Client_DOM_Stored_XSS	/src/main/resources/lessons/sqlinjection/js/assignment13.js: 43
	Client_DOM_Stored_XSS	/src/main/resources/lessons/challenges/js/challenge8.js: 7
	Client_DOM_Stored_XSS	/src/main/resources/lessons/csrf/js/csrf-review.js: 35
	Client_DOM_Stored_XSS	/src/main/resources/lessons/challenges/js/challenge8.js: 46
	Client_DOM_Stored_XSS	/src/main/resources/lessons/jwt/js/jwt-voting.js: 43
	Client_DOM_Stored_XSS	/src/main/resources/webgoat/static/js/goatApp/support/GoatUtils.js: 56
	Client_DOM_Stored_XSS	/src/main/resources/lessons/clientsidefiltering/js/clientSideFiltering.js: 17
	Client_DOM_Stored_XSS	/src/main/resources/lessons/xxe/js/xxe.js: 72
	Deserialization_of_Untrusted_Data	/src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java: 49
	Deserialization_of_Untrusted_Data	/src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponentsLesson.java: 40
	Deserialization_of_Untrusted_Data	/src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponentsLesson.java: 40
	Deserialization_of_Untrusted_Data	/src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java: 49
	Deserialization_of_Untrusted_Data	/src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java: 49
	Deserialization_of_Untrusted_Data	/src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponentsLesson.java: 40
	Deserialization_of_Untrusted_Data	/src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponentsLesson.java: 40
	Deserialization_of_Untrusted_Data	/src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java: 49
	Reflected_XSS_All_Clients	/src/main/java/org/owasp/webgoat/lessons/passwordreset/ResetLinkAssignment.java: 98
	Reflected_XSS_All_Clients	/src/main/java/org/owasp/webgoat/lessons/passwordreset/ResetLinkAssignment.java: 98
	Reflected_XSS_All_Clients	/src/main/java/org/owasp/webgoat/lessons/passwordreset/ResetLinkAssignment.java: 98
	Reflected_XSS_All_Clients	/src/main/java/org/owasp/webgoat/lessons/passwordreset/ResetLinkAssignment.java: 98
	SQL_Injection	/src/main/java/org/owasp/webgoat/container/users/RegistrationController.java: 54
	SQL_Injection	/src/main/java/org/owasp/webgoat/container/users/RegistrationController.java: 44
	SQL_Injection	/src/main/java/org/owasp/webgoat/container/users/RegistrationController.java: 44
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java: 52
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java: 56
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidation.java: 47
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java: 60
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java: 60
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java: 60
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java: 60
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java: 59
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java: 59
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java: 59
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java: 59
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java: 58
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java: 56
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java: 55
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java: 55
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java: 55
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java: 50
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java: 50
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java: 70
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java: 58
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java: 57
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java: 54
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java: 53
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/jwt/claimmisuse/JWTHeaderKIDEndpoint.java: 86
	SQL_Injection	/src/main/java/org/owasp/webgoat/container/users/RegistrationController.java: 54
	SQL_Injection	/src/main/java/org/owasp/webgoat/container/users/RegistrationController.java: 44
	SQL_Injection	/src/main/java/org/owasp/webgoat/container/users/RegistrationController.java: 44
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java: 52
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java: 56
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidation.java: 47
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java: 60
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java: 60
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java: 60
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java: 60
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java: 59
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java: 59
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java: 59
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java: 59
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java: 58
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java: 56
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java: 55
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java: 55
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java: 55
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java: 50
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java: 50
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java: 70
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java: 58
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java: 57
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java: 54
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java: 53
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/jwt/claimmisuse/JWTHeaderKIDEndpoint.java: 86
	SQL_Injection	/src/main/java/org/owasp/webgoat/container/users/RegistrationController.java: 54
	SQL_Injection	/src/main/java/org/owasp/webgoat/container/users/RegistrationController.java: 44
	SQL_Injection	/src/main/java/org/owasp/webgoat/container/users/RegistrationController.java: 44
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/jwt/claimmisuse/JWTHeaderKIDEndpoint.java: 86
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java: 60
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java: 59
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidation.java: 47
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java: 59
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java: 56
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java: 52
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java: 59
	SQL_Injection	/src/main/java/org/owasp/webgoat/container/users/RegistrationController.java: 44
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java: 58
	SQL_Injection	/src/main/java/org/owasp/webgoat/container/users/RegistrationController.java: 44
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java: 56
	SQL_Injection	/src/main/java/org/owasp/webgoat/container/users/RegistrationController.java: 54
	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java: 55
	SQL_Injection

More results are available on AST platform

Mobb autofixer added 5 commits May 17, 2024 19:16

mobb fix commit: a76bfe4f-1324-4c5d-9596-eb5880946e58

8b8c689

mobb fix commit: 5448e374-5308-4dac-9e33-b17cc565aaa3

faa8ec8

mobb fix commit: 6884f349-4249-4bcb-98b4-5333abefa3d5

fbdac5e

mobb fix commit: dc3ce104-8e80-44aa-a8d1-8f123068c2c6

8467e12

mobb fix commit: 881a1334-b3b8-47b5-96d8-80e37fa500b5

7b0faba

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Vulnerability fix (powered by Mobb Autofixer)#7

Vulnerability fix (powered by Mobb Autofixer)#7
eitanMobb wants to merge 5 commits intomainfrom
Mobb-fix-f98a0

eitanMobb commented May 17, 2024

Uh oh!

eitanMobb commented May 17, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Comments

Conversation

eitanMobb commented May 17, 2024

Uh oh!

eitanMobb commented May 17, 2024

New Issues

Fixed Issues

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Comments