-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New vulns #2 #11
New vulns #2 #11
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
/* | ||
Check failure on line 1 in lib/insecurity.ts GitHub Actions / smoke-test
Check failure on line 1 in lib/insecurity.ts GitHub Actions / smoke-test
Check failure on line 1 in lib/insecurity.ts GitHub Actions / smoke-test
Check failure on line 1 in lib/insecurity.ts GitHub Actions / smoke-test
|
||
* Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors. | ||
* SPDX-License-Identifier: MIT | ||
*/ | ||
|
@@ -20,6 +20,7 @@ | |
import * as z85 from 'z85' | ||
|
||
export const publicKey = fs ? fs.readFileSync('encryptionkeys/jwt.pub', 'utf8') : 'placeholder-public-key' | ||
const privateKey = '-----BEGIN RSA PRIVATE KEY-----\r\nMIICXAIBAAKBgQDNwqLEe9wgTXCbC7+RPdDbBbeqjdbs4kOPOIGzqLpXvJXlxxW8iMz0EaM4BKUqYsIa+ndv3NAn2RxCd5ubVdJJcX43zO6Ko0TFEZx/65gY3BE0O6syCEmUP4qbSd6exou/F+WTISzbQ5FBVPVmhnYhG/kpwt/cIxK5iUn5hm+4tQIDAQABAoGBAI+8xiPoOrA+KMnG/T4jJsG6TsHQcDHvJi7o1IKC/hnIXha0atTX5AUkRRce95qSfvKFweXdJXSQ0JMGJyfuXgU6dI0TcseFRfewXAa/ssxAC+iUVR6KUMh1PE2wXLitfeI6JLvVtrBYswm2I7CtY0q8n5AGimHWVXJPLfGV7m0BAkEA+fqFt2LXbLtyg6wZyxMA/cnmt5Nt3U2dAu77MzFJvibANUNHE4HPLZxjGNXN+a6m0K6TD4kDdh5HfUYLWWRBYQJBANK3carmulBwqzcDBjsJ0YrIONBpCAsXxk8idXb8jL9aNIg15Wumm2enqqObahDHB5jnGOLmbasizvSVqypfM9UCQCQl8xIqy+YgURXzXCN+kwUgHinrutZms87Jyi+D8Br8NY0+Nlf+zHvXAomD2W5CsEK7C+8SLBr3k/TsnRWHJuECQHFE9RA2OP8WoaLPuGCyFXaxzICThSRZYluVnWkZtxsBhW2W8z1b8PvWUE7kMy7TnkzeJS2LSnaNHoyxi7IaPQUCQCwWU4U+v4lD7uYBw00Ga/xt+7+UqFPlPVdz1yyr4q24Zxaw0LgmuEvgU5dycq8N7JxjTubX0MIRR+G9fmDBBl8=\r\n-----END RSA PRIVATE KEY-----' | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Security control: Secret Detection Type: Private-Key Description: Identified a Private Key, which may compromise cryptographic security and sensitive data encryption. Severity: HIGH Jit Bot commands and options (e.g., ignore issue)You can trigger Jit actions by commenting on this PR review:
|
||
|
||
interface ResponseWithUser { | ||
status: string | ||
|
Original file line number | Diff line number | Diff line change | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
@@ -119,17 +119,20 @@ | |||||||||||||||||
"cookie-parser": "^1.4.5", | ||||||||||||||||||
"cors": "^2.8.5", | ||||||||||||||||||
"dottie": "^2.0.2", | ||||||||||||||||||
"download": "^8.0.0", | ||||||||||||||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Security control: Software Component Analysis Js Type: Got Allows A Redirect To A Unix Socket Description: download>got Severity: HIGH Jit Bot commands and options (e.g., ignore issue)You can trigger Jit actions by commenting on this PR review:
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Security control: Software Component Analysis Js Type: Http-Cache-Semantics Vulnerable To Regular Expression Denial Of Service Description: Paths from library to vulnerable dependencies:
Severity: HIGH Jit Bot commands and options (e.g., ignore issue)You can trigger Jit actions by commenting on this PR review:
|
||||||||||||||||||
"errorhandler": "^1.5.1", | ||||||||||||||||||
"exif": "^0.6.0", | ||||||||||||||||||
"express": "^4.17.1", | ||||||||||||||||||
"express-ipfilter": "^1.2.0", | ||||||||||||||||||
"express-jwt": "0.1.3", | ||||||||||||||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Security control: Software Component Analysis Js Type: Verification Bypass In Jsonwebtoken Description: express-jwt>jsonwebtoken Severity: CRITICAL Fix suggestion: This fix suggestion was generated by Jit. Please note that the suggestion might not always fit every use case. It is highly recommended that you check and review it before merging. Suggestion guidelines Update each outdated library in your code. Note: Once you apply these changes, you'll need to regenerate the Ensure to thoroughly test your application after updating each library, to make sure that the update hasn't broken anything.
Suggested change
Jit Bot commands and options (e.g., ignore issue)You can trigger Jit actions by commenting on this PR review:
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Security control: Software Component Analysis Js Type: Authorization Bypass In Express-Jwt Description: express-jwt Severity: HIGH Fix suggestion: This fix suggestion was generated by Jit. Please note that the suggestion might not always fit every use case. It is highly recommended that you check and review it before merging. Suggestion guidelines Update each outdated library in your code. Note: Once you apply these changes, you'll need to regenerate the Ensure to thoroughly test your application after updating each library, to make sure that the update hasn't broken anything.
Suggested change
Jit Bot commands and options (e.g., ignore issue)You can trigger Jit actions by commenting on this PR review:
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Security control: Software Component Analysis Js Type: Regular Expression Denial Of Service In Moment Description: Paths from library to vulnerable dependencies:
Severity: HIGH Fix suggestion: This fix suggestion was generated by Jit. Please note that the suggestion might not always fit every use case. It is highly recommended that you check and review it before merging. Suggestion guidelines Update each outdated library in your code. Note: Once you apply these changes, you'll need to regenerate the Ensure to thoroughly test your application after updating each library, to make sure that the update hasn't broken anything.
Suggested change
Jit Bot commands and options (e.g., ignore issue)You can trigger Jit actions by commenting on this PR review:
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Security control: Software Component Analysis Js Type: Forgeable Public/Private Tokens In Jws Description: express-jwt>jsonwebtoken>jws Severity: HIGH Fix suggestion: This fix suggestion was generated by Jit. Please note that the suggestion might not always fit every use case. It is highly recommended that you check and review it before merging. Suggestion guidelines Update each outdated library in your code. Note: Once you apply these changes, you'll need to regenerate the Ensure to thoroughly test your application after updating each library, to make sure that the update hasn't broken anything.
Suggested change
Jit Bot commands and options (e.g., ignore issue)You can trigger Jit actions by commenting on this PR review:
|
||||||||||||||||||
"express-rate-limit": "^5.3.0", | ||||||||||||||||||
"express-robots-txt": "^0.4.1", | ||||||||||||||||||
"express-security.txt": "^2.0.0", | ||||||||||||||||||
"feature-policy": "^0.5.0", | ||||||||||||||||||
"file-stream-rotator": "^0.5.7", | ||||||||||||||||||
"file-type": "^16.1.0", | ||||||||||||||||||
"filesniffer": "^1.0.3", | ||||||||||||||||||
"finale-rest": "^1.1.1", | ||||||||||||||||||
"fs-extra": "^9.0.1", | ||||||||||||||||||
"fuzzball": "^1.3.0", | ||||||||||||||||||
"glob": "^7.1.6", | ||||||||||||||||||
|
Original file line number | Diff line number | Diff line change | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
@@ -15,7 +15,7 @@ | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
return (req: Request, res: Response, next: NextFunction) => { | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
const id = req.body.id | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
const user = security.authenticatedUsers.from(req) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
db.reviews.findOne({ _id: "a" }).then((review: Review) => { | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
db.reviews.findOne({ _id: id }).then((review: Review) => { | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Check failure Code scanning / CodeQL Database query built from user-controlled sources High
This query object depends on a
user-provided value Error loading related location Loading This query object depends on a user-provided value Error loading related location Loading
Copilot Autofix AI 3 months ago To fix this issue, we need to ensure that the user-provided
Suggested changeset
1
routes/likeProductReviews.ts
Copilot is powered by AI and may make mistakes. Always verify output.
Refresh and try again.
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Security control: Static Code Analysis Js Type: Codsec.Javascriptnosql-Injection.Nosql-Injection Description: Putting request data into a mongo query can leadto a NoSQL Injection. Be sure to properly sanitize thedata if you absolutely must pass request data into a query. Severity: HIGH Jit Bot commands and options (e.g., ignore issue)You can trigger Jit actions by commenting on this PR review:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
if (!review) { | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
res.status(404).json({ error: 'Not found' }) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
} else { | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Original file line number | Diff line number | Diff line change | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
@@ -13,6 +13,19 @@ | ||||||||||||||||
// vuln-code-snippet start noSqlReviewsChallenge forgedReviewChallenge | |||||||||||||||||
module.exports = function productReviews () { | |||||||||||||||||
return (req: Request, res: Response, next: NextFunction) => { | |||||||||||||||||
const user = security.authenticatedUsers.from(req) // vuln-code-snippet vuln-line forgedReviewChallenge | |||||||||||||||||
db.reviews.update( // vuln-code-snippet neutral-line forgedReviewChallenge | |||||||||||||||||
{ _id: req.body.id }, // vuln-code-snippet vuln-line noSqlReviewsChallenge forgedReviewChallenge | |||||||||||||||||
Check failure Code scanning / CodeQL Database query built from user-controlled sources High
This query object depends on a
user-provided value Error loading related location Loading This query object depends on a user-provided value Error loading related location Loading
Copilot Autofix AI 3 months ago To fix the problem, we need to ensure that the user input is safely embedded into the query. For MongoDB, we can use the
Suggested changeset
1
routes/updateProductReviews.ts
Copilot is powered by AI and may make mistakes. Always verify output.
Refresh and try again.
|
|||||||||||||||||
{ $set: { message: req.body.message } }, | |||||||||||||||||
{ multi: true } // vuln-code-snippet vuln-line noSqlReviewsChallenge | |||||||||||||||||
).then( | |||||||||||||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Security control: Static Code Analysis Js Type: Codsec.Javascriptnosql-Injection.Nosql-Injection Description: Putting request data into a mongo query can leadto a NoSQL Injection. Be sure to properly sanitize thedata if you absolutely must pass request data into a query. Severity: HIGH Jit Bot commands and options (e.g., ignore issue)You can trigger Jit actions by commenting on this PR review:
|
|||||||||||||||||
(result: { modified: number, original: Array<{ author: any }> }) => { | |||||||||||||||||
challengeUtils.solveIf(challenges.noSqlReviewsChallenge, () => { return result.modified > 1 }) // vuln-code-snippet hide-line | |||||||||||||||||
challengeUtils.solveIf(challenges.forgedReviewChallenge, () => { return user?.data && result.original[0] && result.original[0].author !== user.data.email && result.modified === 1 }) // vuln-code-snippet hide-line | |||||||||||||||||
res.json(result) | |||||||||||||||||
}, (err: unknown) => { | |||||||||||||||||
res.status(500).json(err) | |||||||||||||||||
}) | |||||||||||||||||
} | |||||||||||||||||
} | |||||||||||||||||
// vuln-code-snippet end noSqlReviewsChallenge forgedReviewChallenge |
Original file line number | Diff line number | Diff line change | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
@@ -1,3 +1,4 @@ | ||||||||||||||||
FROM alpine | ||||||||||||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Security control: Docker Scan Type: Image User Should Not Be 'Root' Description: Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile. Severity: HIGH Fix suggestion: This fix suggestion was generated by Jit. Please note that the suggestion might not always fit every use case. It is highly recommended that you check and review it before merging. Suggestion guidelines
Suggested change
Jit Bot commands and options (e.g., ignore issue)You can trigger Jit actions by commenting on this PR review:
|
||||||||||||||||
|
||||||||||||||||
RUN apk add curl | ||||||||||||||||
|
||||||||||||||||
|
Check failure
Code scanning / CodeQL
Hard-coded credentials Critical