1+ <?xml version =" 1.0" encoding =" utf-8"
2+ <CxXMLResults InitiatorName =" Initiator Name" Owner =" domain\user" ScanId =" 1000227" ProjectId =" 121" ProjectName =" Webgoat" TeamFullPathOnReportDate =" team\full\path" DeepLink =" https://checkmarxserver.com/CxWebClient/ViewerMain.aspx?scanid=1000227& projectid=121" ScanStart =" Sunday, February 25, 2018 11:35:52 AM" Preset =" Checkmarx Default" ScanTime =" 00h:07m:13s" LinesOfCodeScanned =" 92054" FilesScanned =" 480" ReportCreationTime =" Monday, April 22, 2019 3:12:18 PM" Team =" team_name" CheckmarxVersion =" 8.6.0 HF1" ScanComments =" " ScanType =" Full" SourceOrigin =" LocalPath" Visibility =" Public"
3+ <Query id =" 594" categories =" PCI DSS v3.2;PCI DSS (3.2) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection,FISMA 2014;System And Information Integrity,NIST SP 800-53;SI-10 Information Input Validation (P1),OWASP Top 10 2017;A1-Injection,OWASP Mobile Top 10 2016;M7-Client Code Quality" cweId =" 89" name =" SQL_Injection" group =" Java_High_Risk" Severity =" High" Language =" Java" LanguageHash =" 0125540914009541" LanguageChangeDate =" 2018-02-12T00:00:00.0000000" SeverityIndex =" 3" QueryPath =" Java\Cx\Java High Risk\SQL Injection Version:1" QueryVersionCode =" 56142311"
4+ <Result NodeId =" 10002270020" FileName =" WebGoat/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge5/challenge6/Assignment5.java" Status =" New" Line =" 38" Column =" 52" FalsePositive =" False" Severity =" High" AssignToUser =" " state =" 0" Remark =" " DeepLink =" https://checkmarxserver.com/CxWebClient/ViewerMain.aspx?scanid=1000227& projectid=121& pathid=20" SeverityIndex =" 3"
5+ <Path ResultId =" 1000227" PathId =" 20" SimilarityId =" -1145061043"
6+ <PathNode >
7+ <FileName >WebGoat/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge5/challenge6/Assignment5.java</FileName >
8+ <Line >38</Line >
9+ <Column >52</Column >
10+ <NodeId >1</NodeId >
11+ <Name >username_login</Name >
12+ <Type ></Type >
13+ <Length >14</Length >
14+ <Snippet >
15+ <Line >
16+ <Number >38</Number >
17+ <Code > public AttackResult login(@RequestParam String username_login, @RequestParam String password_login) throws Exception {</Code >
18+ </Line >
19+ </Snippet >
20+ </PathNode >
21+ <PathNode >
22+ <FileName >WebGoat/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge5/challenge6/Assignment5.java</FileName >
23+ <Line >49</Line >
24+ <Column >134</Column >
25+ <NodeId >2</NodeId >
26+ <Name >username_login</Name >
27+ <Type ></Type >
28+ <Length >14</Length >
29+ <Snippet >
30+ <Line >
31+ <Number >49</Number >
32+ <Code > PreparedStatement statement = connection.prepareStatement("select password from " + USERS_TABLE_NAME + " where userid = '" + username_login + "' and password = '" + password_login + "'");</Code >
33+ </Line >
34+ </Snippet >
35+ </PathNode >
36+ <PathNode >
37+ <FileName >WebGoat/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge5/challenge6/Assignment5.java</FileName >
38+ <Line >49</Line >
39+ <Column >66</Column >
40+ <NodeId >3</NodeId >
41+ <Name >prepareStatement</Name >
42+ <Type ></Type >
43+ <Length >1</Length >
44+ <Snippet >
45+ <Line >
46+ <Number >49</Number >
47+ <Code > PreparedStatement statement = connection.prepareStatement("select password from " + USERS_TABLE_NAME + " where userid = '" + username_login + "' and password = '" + password_login + "'");</Code >
48+ </Line >
49+ </Snippet >
50+ </PathNode >
51+ <PathNode >
52+ <FileName >WebGoat/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge5/challenge6/Assignment5.java</FileName >
53+ <Line >49</Line >
54+ <Column >27</Column >
55+ <NodeId >4</NodeId >
56+ <Name >statement</Name >
57+ <Type ></Type >
58+ <Length >9</Length >
59+ <Snippet >
60+ <Line >
61+ <Number >49</Number >
62+ <Code > PreparedStatement statement = connection.prepareStatement("select password from " + USERS_TABLE_NAME + " where userid = '" + username_login + "' and password = '" + password_login + "'");</Code >
63+ </Line >
64+ </Snippet >
65+ </PathNode >
66+ <PathNode >
67+ <FileName >WebGoat/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge5/challenge6/Assignment5.java</FileName >
68+ <Line >50</Line >
69+ <Column >31</Column >
70+ <NodeId >5</NodeId >
71+ <Name >statement</Name >
72+ <Type ></Type >
73+ <Length >9</Length >
74+ <Snippet >
75+ <Line >
76+ <Number >50</Number >
77+ <Code > ResultSet resultSet = statement.executeQuery();</Code >
78+ </Line >
79+ </Snippet >
80+ </PathNode >
81+ <PathNode >
82+ <FileName >WebGoat/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge5/challenge6/Assignment5.java</FileName >
83+ <Line >50</Line >
84+ <Column >53</Column >
85+ <NodeId >6</NodeId >
86+ <Name >executeQuery</Name >
87+ <Type ></Type >
88+ <Length >1</Length >
89+ <Snippet >
90+ <Line >
91+ <Number >50</Number >
92+ <Code > ResultSet resultSet = statement.executeQuery();</Code >
93+ </Line >
94+ </Snippet >
95+ </PathNode >
96+ </Path >
97+ </Result >
98+ <Result NodeId =" 10002270021" FileName =" WebGoat/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge5/challenge6/Assignment5.java" Status =" New" Line =" 38" Column =" 89" FalsePositive =" False" Severity =" High" AssignToUser =" " state =" 0" Remark =" " DeepLink =" https://checkmarxserver.com/CxWebClient/ViewerMain.aspx?scanid=1000227& projectid=121& pathid=21" SeverityIndex =" 3"
99+ <Path ResultId =" 1000227" PathId =" 21" SimilarityId =" -658085948"
100+ <PathNode >
101+ <FileName >WebGoat/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge5/challenge6/Assignment5.java</FileName >
102+ <Line >38</Line >
103+ <Column >89</Column >
104+ <NodeId >1</NodeId >
105+ <Name >password_login</Name >
106+ <Type ></Type >
107+ <Length >14</Length >
108+ <Snippet >
109+ <Line >
110+ <Number >38</Number >
111+ <Code > public AttackResult login(@RequestParam String username_login, @RequestParam String password_login) throws Exception {</Code >
112+ </Line >
113+ </Snippet >
114+ </PathNode >
115+ <PathNode >
116+ <FileName >WebGoat/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge5/challenge6/Assignment5.java</FileName >
117+ <Line >49</Line >
118+ <Column >174</Column >
119+ <NodeId >2</NodeId >
120+ <Name >password_login</Name >
121+ <Type ></Type >
122+ <Length >14</Length >
123+ <Snippet >
124+ <Line >
125+ <Number >49</Number >
126+ <Code > PreparedStatement statement = connection.prepareStatement("select password from " + USERS_TABLE_NAME + " where userid = '" + username_login + "' and password = '" + password_login + "'");</Code >
127+ </Line >
128+ </Snippet >
129+ </PathNode >
130+ <PathNode >
131+ <FileName >WebGoat/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge5/challenge6/Assignment5.java</FileName >
132+ <Line >49</Line >
133+ <Column >66</Column >
134+ <NodeId >3</NodeId >
135+ <Name >prepareStatement</Name >
136+ <Type ></Type >
137+ <Length >1</Length >
138+ <Snippet >
139+ <Line >
140+ <Number >49</Number >
141+ <Code > PreparedStatement statement = connection.prepareStatement("select password from " + USERS_TABLE_NAME + " where userid = '" + username_login + "' and password = '" + password_login + "'");</Code >
142+ </Line >
143+ </Snippet >
144+ </PathNode >
145+ <PathNode >
146+ <FileName >WebGoat/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge5/challenge6/Assignment5.java</FileName >
147+ <Line >49</Line >
148+ <Column >27</Column >
149+ <NodeId >4</NodeId >
150+ <Name >statement</Name >
151+ <Type ></Type >
152+ <Length >9</Length >
153+ <Snippet >
154+ <Line >
155+ <Number >49</Number >
156+ <Code > PreparedStatement statement = connection.prepareStatement("select password from " + USERS_TABLE_NAME + " where userid = '" + username_login + "' and password = '" + password_login + "'");</Code >
157+ </Line >
158+ </Snippet >
159+ </PathNode >
160+ <PathNode >
161+ <FileName >WebGoat/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge5/challenge6/Assignment5.java</FileName >
162+ <Line >50</Line >
163+ <Column >31</Column >
164+ <NodeId >5</NodeId >
165+ <Name >statement</Name >
166+ <Type ></Type >
167+ <Length >9</Length >
168+ <Snippet >
169+ <Line >
170+ <Number >50</Number >
171+ <Code > ResultSet resultSet = statement.executeQuery();</Code >
172+ </Line >
173+ </Snippet >
174+ </PathNode >
175+ <PathNode >
176+ <FileName >WebGoat/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge5/challenge6/Assignment5.java</FileName >
177+ <Line >50</Line >
178+ <Column >53</Column >
179+ <NodeId >6</NodeId >
180+ <Name >executeQuery</Name >
181+ <Type ></Type >
182+ <Length >1</Length >
183+ <Snippet >
184+ <Line >
185+ <Number >50</Number >
186+ <Code > ResultSet resultSet = statement.executeQuery();</Code >
187+ </Line >
188+ </Snippet >
189+ </PathNode >
190+ </Path >
191+ </Result >
192+ <Result NodeId =" 10002270022" FileName =" WebGoat/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge6/Assignment6.java" Status =" New" Line =" 43" Column =" 62" FalsePositive =" False" Severity =" High" AssignToUser =" " state =" 0" Remark =" " DeepLink =" https://checkmarxserver.com/CxWebClient/ViewerMain.aspx?scanid=1000227& projectid=121& pathid=22" SeverityIndex =" 3"
193+ <Path ResultId =" 1000227" PathId =" 22" SimilarityId =" 1359889495"
194+ <PathNode >
195+ <FileName >WebGoat/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge6/Assignment6.java</FileName >
196+ <Line >43</Line >
197+ <Column >62</Column >
198+ <NodeId >1</NodeId >
199+ <Name >username_reg</Name >
200+ <Type ></Type >
201+ <Length >12</Length >
202+ <Snippet >
203+ <Line >
204+ <Number >43</Number >
205+ <Code > public AttackResult registerNewUser(@RequestParam String username_reg, @RequestParam String email_reg, @RequestParam String password_reg) throws Exception {</Code >
206+ </Line >
207+ </Snippet >
208+ </PathNode >
209+ <PathNode >
210+ <FileName >WebGoat/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge6/Assignment6.java</FileName >
211+ <Line >50</Line >
212+ <Column >102</Column >
213+ <NodeId >2</NodeId >
214+ <Name >username_reg</Name >
215+ <Type ></Type >
216+ <Length >12</Length >
217+ <Snippet >
218+ <Line >
219+ <Number >50</Number >
220+ <Code > String checkUserQuery = "select userid from " + USERS_TABLE_NAME + " where userid = '" + username_reg + "'";</Code >
221+ </Line >
222+ </Snippet >
223+ </PathNode >
224+ <PathNode >
225+ <FileName >WebGoat/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge6/Assignment6.java</FileName >
226+ <Line >50</Line >
227+ <Column >20</Column >
228+ <NodeId >3</NodeId >
229+ <Name >checkUserQuery</Name >
230+ <Type ></Type >
231+ <Length >14</Length >
232+ <Snippet >
233+ <Line >
234+ <Number >50</Number >
235+ <Code > String checkUserQuery = "select userid from " + USERS_TABLE_NAME + " where userid = '" + username_reg + "'";</Code >
236+ </Line >
237+ </Snippet >
238+ </PathNode >
239+ <PathNode >
240+ <FileName >WebGoat/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge6/Assignment6.java</FileName >
241+ <Line >52</Line >
242+ <Column >58</Column >
243+ <NodeId >4</NodeId >
244+ <Name >checkUserQuery</Name >
245+ <Type ></Type >
246+ <Length >14</Length >
247+ <Snippet >
248+ <Line >
249+ <Number >52</Number >
250+ <Code > ResultSet resultSet = statement.executeQuery(checkUserQuery);</Code >
251+ </Line >
252+ </Snippet >
253+ </PathNode >
254+ <PathNode >
255+ <FileName >WebGoat/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge6/Assignment6.java</FileName >
256+ <Line >52</Line >
257+ <Column >57</Column >
258+ <NodeId >5</NodeId >
259+ <Name >executeQuery</Name >
260+ <Type ></Type >
261+ <Length >1</Length >
262+ <Snippet >
263+ <Line >
264+ <Number >52</Number >
265+ <Code > ResultSet resultSet = statement.executeQuery(checkUserQuery);</Code >
266+ </Line >
267+ </Snippet >
268+ </PathNode >
269+ </Path >
270+ </Result >
271+ </Query >
272+ </CxXMLResults >
0 commit comments