Giters

checkmarx-ts / checkmarx-github-action

Checkmarx Scan Github Action

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

[Cx] Low - Use_Of_Hardcoded_Password

github-actions opened this issue · comments

commented

Low - Use_Of_Hardcoded_Password

0 Node - Line 36 - "cxPassword"

checkmarx-github-action/src/cli/sast.js

Lines 35 to 37 in 75f5605

let cxUsername = core.getInput('cxUsername', { required: false })
let cxPassword = core.getInput('cxPassword', { required: false })
let cxToken = core.getInput('cxToken', { required: false })

1 Node - Line 36 - getInput

checkmarx-github-action/src/cli/sast.js

Lines 35 to 37 in 75f5605

let cxUsername = core.getInput('cxUsername', { required: false })
let cxPassword = core.getInput('cxPassword', { required: false })
let cxToken = core.getInput('cxToken', { required: false })

2 Node - Line 36 - cxPassword

checkmarx-github-action/src/cli/sast.js

Lines 35 to 37 in 75f5605

let cxUsername = core.getInput('cxUsername', { required: false })
let cxPassword = core.getInput('cxPassword', { required: false })
let cxToken = core.getInput('cxToken', { required: false })

3 Node - Line 77 - cxPassword

checkmarx-github-action/src/cli/sast.js

Lines 76 to 78 in 75f5605

if (utils.isValidString(cxPassword)) {
password = cxPassword.trim()

Comments

Project Details
Checkmarx Version: 9.0.0.40085 HF1
Project ID: 6
Project Name: checkmarx-github-action-master
Preset: Checkmarx Default
Owner: miguel
Team: CxServer\SP\EMEA

Scan Details
Initiator Name: Miguel Freitas
Scan ID: 1000041
LOC: 4677
Files Scanned: 11
Scan Type: Full
Scan URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ViewerMain.aspx?scanid=1000041&projectid=6
Scan Comment: git master@75f56054b051803fc858730ecc0c3d6ef5480265
Scan Type: 00h:01m:09s
Scan Start Date: Wed Jun 10 2020 01:25:20 GMT+0000 (Coordinated Universal Time)
Scan Time: 00h:01m:09s
Source Origin: LocalPath
Visibility: Public

Result Details
Query ID: 3933
Query Path: JavaScript\Cx\JavaScript Server Side Vulnerabilities\Use Of Hardcoded Password Version:1
Query Group: JavaScript_Server_Side_Vulnerabilities
Query Name: Use_Of_Hardcoded_Password
Query Language: JavaScript
Query Language Hash: 0935562945055365
Query Language Change Date: Tue May 19 2020 00:00:00 GMT+0000 (Coordinated Universal Time)
Query Version Code: 97095146
Query Severity: Low
Query Severity Index: 1
Similarity ID: 331685664
Path ID: 3
Result ID: 1000041
Result State: 0
Result Severity: Low
Result Status: New
Result Assignee:

Mitigation Details
Checkmarx Recommendations URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ScanQueryDescription.aspx?queryID=3933&queryVersionCode=97095146&queryTitle=Use_Of_Hardcoded_Password
CWE ID: 259
CWE URL: https://cwe.mitre.org/data/definitions/259.html