Giters

checkmarx-ts / checkmarx-github-action

Checkmarx Scan Github Action

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

[Cx] Low - Use_Of_Hardcoded_Password

github-actions opened this issue · comments

commented

Low - Use_Of_Hardcoded_Password

0 Node - Line 46 - "cxPassword"

checkmarx-github-action/src/cli/token.js

Lines 45 to 47 in 761ed15

let cxUsername = core.getInput('cxUsername', { required: true })
let cxPassword = core.getInput('cxPassword', { required: true })

1 Node - Line 46 - getInput

checkmarx-github-action/src/cli/token.js

Lines 45 to 47 in 761ed15

let cxUsername = core.getInput('cxUsername', { required: true })
let cxPassword = core.getInput('cxPassword', { required: true })

2 Node - Line 46 - cxPassword

checkmarx-github-action/src/cli/token.js

Lines 45 to 47 in 761ed15

let cxUsername = core.getInput('cxUsername', { required: true })
let cxPassword = core.getInput('cxPassword', { required: true })

3 Node - Line 64 - cxPassword

checkmarx-github-action/src/cli/token.js

Lines 63 to 65 in 761ed15

if (utils.isValidString(cxPassword)) {
password = cxPassword.trim()
} else {

4 Node - Line 64 - trim

checkmarx-github-action/src/cli/token.js

Lines 63 to 65 in 761ed15

if (utils.isValidString(cxPassword)) {
password = cxPassword.trim()
} else {

5 Node - Line 64 - password

checkmarx-github-action/src/cli/token.js

Lines 63 to 65 in 761ed15

if (utils.isValidString(cxPassword)) {
password = cxPassword.trim()
} else {

6 Node - Line 80 - password

checkmarx-github-action/src/cli/token.js

Lines 79 to 81 in 761ed15

" -CxUser " + user +
" -CxPassword " + password

Comments

Project Details
Checkmarx Version: 9.0.0.40085 HF1
Project ID: 6
Project Name: checkmarx-github-action-master
Preset: Checkmarx Default
Owner: miguel
Team: CxServer\SP\EMEA

Scan Details
Initiator Name: Miguel Freitas
Scan ID: 1000043
LOC: 4702
Files Scanned: 11
Scan Type: Full
Scan URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ViewerMain.aspx?scanid=1000043&projectid=6
Scan Comment: git master@761ed15e17ca0cdf00f7a3e835e7e0f73bbd340e
Scan Type: 00h:01m:13s
Scan Start Date: Wed Jun 10 2020 02:15:56 GMT+0000 (Coordinated Universal Time)
Scan Time: 00h:01m:13s
Source Origin: LocalPath
Visibility: Public

Result Details
Query ID: 3933
Query Path: JavaScript\Cx\JavaScript Server Side Vulnerabilities\Use Of Hardcoded Password Version:1
Query Group: JavaScript_Server_Side_Vulnerabilities
Query Name: Use_Of_Hardcoded_Password
Query Language: JavaScript
Query Language Hash: 0935562945055365
Query Language Change Date: Tue May 19 2020 00:00:00 GMT+0000 (Coordinated Universal Time)
Query Version Code: 97095146
Query Severity: Low
Query Severity Index: 1
Similarity ID: -481426439
Path ID: 6
Result ID: 1000043
Result State: 0
Result Severity: Low
Result Status: Recurrent
Result Assignee:

Mitigation Details
Checkmarx Recommendations URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ScanQueryDescription.aspx?queryID=3933&queryVersionCode=97095146&queryTitle=Use_Of_Hardcoded_Password
CWE ID: 259
CWE URL: https://cwe.mitre.org/data/definitions/259.html