Giters

checkmarx-ts / checkmarx-github-action

Checkmarx Scan Github Action

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

[Cx] Medium - Use_Of_Hardcoded_Password

miguelfreitas93 opened this issue · comments

commented

Medium - Use_Of_Hardcoded_Password

0 Node - Line 36 - "cxPassword"

checkmarx-github-action/src/cxsast.js

Lines 35 to 37 in 7873b79

let cxPassword = core.getInput('cxPassword', { required: false })
let cxToken = core.getInput('cxToken', { required: false })
let cxProject = core.getInput('cxProject', { required: false })

1 Node - Line 36 - getInput

checkmarx-github-action/src/cxsast.js

Lines 35 to 37 in 7873b79

let cxPassword = core.getInput('cxPassword', { required: false })
let cxToken = core.getInput('cxToken', { required: false })
let cxProject = core.getInput('cxProject', { required: false })

2 Node - Line 36 - cxPassword

checkmarx-github-action/src/cxsast.js

Lines 35 to 37 in 7873b79

let cxPassword = core.getInput('cxPassword', { required: false })
let cxToken = core.getInput('cxToken', { required: false })
let cxProject = core.getInput('cxProject', { required: false })

3 Node - Line 78 - cxPassword

checkmarx-github-action/src/cxsast.js

Lines 77 to 79 in 7873b79

password = cxPassword.trim()
} else {
let message = "Please provide 'cxPassword' input (string)"

4 Node - Line 78 - trim

checkmarx-github-action/src/cxsast.js

Lines 77 to 79 in 7873b79

password = cxPassword.trim()
} else {
let message = "Please provide 'cxPassword' input (string)"

5 Node - Line 78 - password

checkmarx-github-action/src/cxsast.js

Lines 77 to 79 in 7873b79

password = cxPassword.trim()
} else {
let message = "Please provide 'cxPassword' input (string)"

6 Node - Line 260 - password

checkmarx-github-action/src/cxsast.js

Lines 259 to 261 in 7873b79

credentials = " -CxUser " + user + " -CxPassword " + password
}

Comments
Miguel Freitas checkmarx-github-action-master, [Monday, June 8, 2020 9:52:12 PM]: Changed severity to Medium
Miguel Freitas checkmarx-github-action-master, [Monday, June 8, 2020 9:52:01 PM]: Changed status to Proposed Not Exploitable
Miguel Freitas checkmarx-github-action-master, [Monday, June 8, 2020 9:51:59 PM]: Changed status to Urgent

Project Details
Checkmarx Version: 9.0.0.40085 HF1
Project ID: 6
Project Name: checkmarx-github-action-master
Preset: Checkmarx Default
Owner: miguel
Team: CxServer\SP\EMEA

Scan Details
Initiator Name: Miguel Freitas
Scan ID: 1000039
LOC: 4642
Files Scanned: 10
Scan Type: Full
Scan URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ViewerMain.aspx?scanid=1000039&projectid=6
Scan Comment: git master@7873b79400662eb591cf013e49150cc3df417edb
Scan Type: 00h:01m:16s
Scan Start Date: Tue Jun 09 2020 23:58:09 GMT+0100 (British Summer Time)
Scan Time: 00h:01m:16s
Source Origin: LocalPath
Visibility: Public

Result Details
Query ID: 3933
Query Path: JavaScript\Cx\JavaScript Server Side Vulnerabilities\Use Of Hardcoded Password Version:1
Query Group: JavaScript_Server_Side_Vulnerabilities
Query Name: Use_Of_Hardcoded_Password
Query Language: JavaScript
Query Language Hash: 0935562945055365
Query Language Change Date: Tue May 19 2020 00:00:00 GMT+0100 (British Summer Time)
Query Version Code: 97095146
Query Severity: Low
Query Severity Index: 1
Similarity ID: 1559227974
Path ID: 4
Result ID: 1000039
Result State: 4
Result Severity: Medium
Result Status: Recurrent
Result Assignee:

Mitigation Details
Checkmarx Recommendations URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ScanQueryDescription.aspx?queryID=3933&queryVersionCode=97095146&queryTitle=Use_Of_Hardcoded_Password
CWE ID: 259
CWE URL: https://cwe.mitre.org/data/definitions/259.html