High - Use_Of_Hardcoded_Password

0 Node - Line 46 - "cxPassword"

checkmarx-github-action/src/cxtoken.js

Lines 45 to 47 in 7873b79

	let cxUsername = core.getInput('cxUsername', { required: true })
	let cxPassword = core.getInput('cxPassword', { required: true })

1 Node - Line 46 - getInput

checkmarx-github-action/src/cxtoken.js

Lines 45 to 47 in 7873b79

	let cxUsername = core.getInput('cxUsername', { required: true })
	let cxPassword = core.getInput('cxPassword', { required: true })

2 Node - Line 46 - cxPassword

checkmarx-github-action/src/cxtoken.js

Lines 45 to 47 in 7873b79

	let cxUsername = core.getInput('cxUsername', { required: true })
	let cxPassword = core.getInput('cxPassword', { required: true })

3 Node - Line 64 - cxPassword

checkmarx-github-action/src/cxtoken.js

Lines 63 to 65 in 7873b79

	if (utils.isValidString(cxPassword)) {
	password = cxPassword
	} else {

4 Node - Line 64 - password

checkmarx-github-action/src/cxtoken.js

Lines 63 to 65 in 7873b79

	if (utils.isValidString(cxPassword)) {
	password = cxPassword
	} else {

5 Node - Line 82 - password

checkmarx-github-action/src/cxtoken.js

Lines 81 to 83 in 7873b79

	" -CxUser " + user +
	" -CxPassword " + password

Comments
Miguel Freitas checkmarx-github-action-master, [Monday, June 8, 2020 9:52:09 PM]: Changed severity to High

---

Project Details
Checkmarx Version: 9.0.0.40085 HF1
Project ID: 6
Project Name: checkmarx-github-action-master
Preset: Checkmarx Default
Owner: miguel
Team: CxServer\SP\EMEA

---

Scan Details
Initiator Name: Miguel Freitas
Scan ID: 1000039
LOC: 4642
Files Scanned: 10
Scan Type: Full
Scan URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ViewerMain.aspx?scanid=1000039&projectid=6
Scan Comment: git master@7873b79400662eb591cf013e49150cc3df417edb
Scan Type: 00h:01m:16s
Scan Start Date: Tue Jun 09 2020 23:58:09 GMT+0100 (British Summer Time)
Scan Time: 00h:01m:16s
Source Origin: LocalPath
Visibility: Public

---

Result Details
Query ID: 3933
Query Path: JavaScript\Cx\JavaScript Server Side Vulnerabilities\Use Of Hardcoded Password Version:1
Query Group: JavaScript_Server_Side_Vulnerabilities
Query Name: Use_Of_Hardcoded_Password
Query Language: JavaScript
Query Language Hash: 0935562945055365
Query Language Change Date: Tue May 19 2020 00:00:00 GMT+0100 (British Summer Time)
Query Version Code: 97095146
Query Severity: Low
Query Severity Index: 1
Similarity ID: 99642897
Path ID: 6
Result ID: 1000039
Result State: 0
Result Severity: High
Result Status: Recurrent
Result Assignee:

---

Mitigation Details
Checkmarx Recommendations URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ScanQueryDescription.aspx?queryID=3933&queryVersionCode=97095146&queryTitle=Use_Of_Hardcoded_Password
CWE ID: 259
CWE URL: https://cwe.mitre.org/data/definitions/259.html

Low - Use_Of_Hardcoded_Password

0 Node - Line 9 - "cxPassword"

checkmarx-github-action/src/github/inputs.js

Lines 8 to 10 in facff16

	const CX_USERNAME = 'cxUsername'
	const CX_PASSWORD = 'cxPassword'
	const CX_PROJECT = 'cxProject'

1 Node - Line 9 - CX_PASSWORD

checkmarx-github-action/src/github/inputs.js

Lines 8 to 10 in facff16

	const CX_USERNAME = 'cxUsername'
	const CX_PASSWORD = 'cxPassword'
	const CX_PROJECT = 'cxProject'

2 Node - Line 181 - CX_PASSWORD

checkmarx-github-action/src/github/inputs.js

Lines 180 to 182 in facff16

	CX_USERNAME: CX_USERNAME,
	CX_PASSWORD: CX_PASSWORD,
	CX_PROJECT: CX_PROJECT,

3 Node - Line 181 - CX_PASSWORD

checkmarx-github-action/src/github/inputs.js

Lines 180 to 182 in facff16

	CX_USERNAME: CX_USERNAME,
	CX_PASSWORD: CX_PASSWORD,
	CX_PROJECT: CX_PROJECT,

Comments

---

Project Details
Checkmarx Version: 9.0.0.40085 HF1
Project ID: 6
Project Name: checkmarx-github-action-master
Preset: Checkmarx Default
Owner: miguel
Team: CxServer\SP\EMEA

---

Scan Details
Initiator Name: Miguel Freitas
Scan ID: 1000052
LOC: 4604
Files Scanned: 13
Scan Type: Full
Scan URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ViewerMain.aspx?scanid=1000052&projectid=6
Scan Comment: git master@facff162845a8332880e780f7cec71927aac746a
Scan Type: 00h:01m:12s
Scan Start Date: Mon Jun 15 2020 11:12:20 GMT+0000 (Coordinated Universal Time)
Scan Time: 00h:01m:12s
Source Origin: LocalPath
Visibility: Public

---

Result Details
Query ID: 3933
Query Path: JavaScript\Cx\JavaScript Server Side Vulnerabilities\Use Of Hardcoded Password Version:1
Query Group: JavaScript_Server_Side_Vulnerabilities
Query Name: Use_Of_Hardcoded_Password
Query Language: JavaScript
Query Language Hash: 0935562945055365
Query Language Change Date: Tue May 19 2020 00:00:00 GMT+0000 (Coordinated Universal Time)
Query Version Code: 97095146
Query Severity: Low
Query Severity Index: 1
Similarity ID: 99642897
Path ID: 2
Result ID: 1000052
Result State: 0
Result Severity: Low
Result Status: Recurrent
Result Assignee:

---

Mitigation Details
Checkmarx Recommendations URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ScanQueryDescription.aspx?queryID=3933&queryVersionCode=97095146&queryTitle=Use_Of_Hardcoded_Password
CWE ID: 259
CWE URL: https://cwe.mitre.org/data/definitions/259.html

High - Use_Of_Hardcoded_Password

0 Node - Line 46 - "cxPassword"

checkmarx-github-action/src/cxtoken.js

Lines 45 to 47 in 7873b79

	let cxUsername = core.getInput('cxUsername', { required: true })
	let cxPassword = core.getInput('cxPassword', { required: true })

1 Node - Line 46 - getInput

checkmarx-github-action/src/cxtoken.js

Lines 45 to 47 in 7873b79

	let cxUsername = core.getInput('cxUsername', { required: true })
	let cxPassword = core.getInput('cxPassword', { required: true })

2 Node - Line 46 - cxPassword

checkmarx-github-action/src/cxtoken.js

Lines 45 to 47 in 7873b79

	let cxUsername = core.getInput('cxUsername', { required: true })
	let cxPassword = core.getInput('cxPassword', { required: true })

3 Node - Line 64 - cxPassword

checkmarx-github-action/src/cxtoken.js

Lines 63 to 65 in 7873b79

	if (utils.isValidString(cxPassword)) {
	password = cxPassword
	} else {

4 Node - Line 64 - password

checkmarx-github-action/src/cxtoken.js

Lines 63 to 65 in 7873b79

	if (utils.isValidString(cxPassword)) {
	password = cxPassword
	} else {

5 Node - Line 82 - password

checkmarx-github-action/src/cxtoken.js

Lines 81 to 83 in 7873b79

	" -CxUser " + user +
	" -CxPassword " + password

Comments
Miguel Freitas checkmarx-github-action-master, [Monday, June 8, 2020 9:52:09 PM]: Changed severity to High

---

Project Details
Checkmarx Version: 9.0.0.40085 HF1
Project ID: 6
Project Name: checkmarx-github-action-master
Preset: Checkmarx Default
Owner: miguel
Team: CxServer\SP\EMEA

---

Scan Details
Initiator Name: Miguel Freitas
Scan ID: 1000039
LOC: 4642
Files Scanned: 10
Scan Type: Full
Scan URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ViewerMain.aspx?scanid=1000039&projectid=6
Scan Comment: git master@7873b79400662eb591cf013e49150cc3df417edb
Scan Type: 00h:01m:16s
Scan Start Date: Tue Jun 09 2020 23:58:09 GMT+0100 (British Summer Time)
Scan Time: 00h:01m:16s
Source Origin: LocalPath
Visibility: Public

---

Result Details
Query ID: 3933
Query Path: JavaScript\Cx\JavaScript Server Side Vulnerabilities\Use Of Hardcoded Password Version:1
Query Group: JavaScript_Server_Side_Vulnerabilities
Query Name: Use_Of_Hardcoded_Password
Query Language: JavaScript
Query Language Hash: 0935562945055365
Query Language Change Date: Tue May 19 2020 00:00:00 GMT+0100 (British Summer Time)
Query Version Code: 97095146
Query Severity: Low
Query Severity Index: 1
Similarity ID: 99642897
Path ID: 6
Result ID: 1000039
Result State: 0
Result Severity: High
Result Status: Recurrent
Result Assignee:

---

Mitigation Details
Checkmarx Recommendations URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ScanQueryDescription.aspx?queryID=3933&queryVersionCode=97095146&queryTitle=Use_Of_Hardcoded_Password
CWE ID: 259
CWE URL: https://cwe.mitre.org/data/definitions/259.html

Medium - Use_Of_Hardcoded_Password

0 Node - Line 36 - "cxPassword"

checkmarx-github-action/src/cxsast.js

Lines 35 to 37 in 7873b79

	let cxPassword = core.getInput('cxPassword', { required: false })
	let cxToken = core.getInput('cxToken', { required: false })
	let cxProject = core.getInput('cxProject', { required: false })

1 Node - Line 36 - getInput

checkmarx-github-action/src/cxsast.js

Lines 35 to 37 in 7873b79

	let cxPassword = core.getInput('cxPassword', { required: false })
	let cxToken = core.getInput('cxToken', { required: false })
	let cxProject = core.getInput('cxProject', { required: false })

2 Node - Line 36 - cxPassword

checkmarx-github-action/src/cxsast.js

Lines 35 to 37 in 7873b79

	let cxPassword = core.getInput('cxPassword', { required: false })
	let cxToken = core.getInput('cxToken', { required: false })
	let cxProject = core.getInput('cxProject', { required: false })

3 Node - Line 78 - cxPassword

checkmarx-github-action/src/cxsast.js

Lines 77 to 79 in 7873b79

	password = cxPassword.trim()
	} else {
	let message = "Please provide 'cxPassword' input (string)"

4 Node - Line 78 - trim

checkmarx-github-action/src/cxsast.js

Lines 77 to 79 in 7873b79

	password = cxPassword.trim()
	} else {
	let message = "Please provide 'cxPassword' input (string)"

5 Node - Line 78 - password

checkmarx-github-action/src/cxsast.js

Lines 77 to 79 in 7873b79

	password = cxPassword.trim()
	} else {
	let message = "Please provide 'cxPassword' input (string)"

6 Node - Line 260 - password

checkmarx-github-action/src/cxsast.js

Lines 259 to 261 in 7873b79

	credentials = " -CxUser " + user + " -CxPassword " + password
	}

Comments
Miguel Freitas checkmarx-github-action-master, [Monday, June 8, 2020 9:52:12 PM]: Changed severity to Medium
Miguel Freitas checkmarx-github-action-master, [Monday, June 8, 2020 9:52:01 PM]: Changed status to Proposed Not Exploitable
Miguel Freitas checkmarx-github-action-master, [Monday, June 8, 2020 9:51:59 PM]: Changed status to Urgent

---

Project Details
Checkmarx Version: 9.0.0.40085 HF1
Project ID: 6
Project Name: checkmarx-github-action-master
Preset: Checkmarx Default
Owner: miguel
Team: CxServer\SP\EMEA

---

Scan Details
Initiator Name: Miguel Freitas
Scan ID: 1000039
LOC: 4642
Files Scanned: 10
Scan Type: Full
Scan URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ViewerMain.aspx?scanid=1000039&projectid=6
Scan Comment: git master@7873b79400662eb591cf013e49150cc3df417edb
Scan Type: 00h:01m:16s
Scan Start Date: Tue Jun 09 2020 23:58:09 GMT+0100 (British Summer Time)
Scan Time: 00h:01m:16s
Source Origin: LocalPath
Visibility: Public

---

Result Details
Query ID: 3933
Query Path: JavaScript\Cx\JavaScript Server Side Vulnerabilities\Use Of Hardcoded Password Version:1
Query Group: JavaScript_Server_Side_Vulnerabilities
Query Name: Use_Of_Hardcoded_Password
Query Language: JavaScript
Query Language Hash: 0935562945055365
Query Language Change Date: Tue May 19 2020 00:00:00 GMT+0100 (British Summer Time)
Query Version Code: 97095146
Query Severity: Low
Query Severity Index: 1
Similarity ID: 99642897
Path ID: 4
Result ID: 1000039
Result State: 4
Result Severity: Medium
Result Status: Recurrent
Result Assignee:

---

Mitigation Details
Checkmarx Recommendations URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ScanQueryDescription.aspx?queryID=3933&queryVersionCode=97095146&queryTitle=Use_Of_Hardcoded_Password
CWE ID: 259
CWE URL: https://cwe.mitre.org/data/definitions/259.html

Low - Use_Of_Hardcoded_Password

0 Node - Line 30 - "cxPassword"

checkmarx-github-action/src/cxosa.js

Lines 29 to 31 in 7873b79

	let cxUsername = core.getInput('cxUsername', { required: false })
	let cxPassword = core.getInput('cxPassword', { required: false })
	let cxProject = core.getInput('cxProject', { required: false })

1 Node - Line 30 - getInput

checkmarx-github-action/src/cxosa.js

Lines 29 to 31 in 7873b79

	let cxUsername = core.getInput('cxUsername', { required: false })
	let cxPassword = core.getInput('cxPassword', { required: false })
	let cxProject = core.getInput('cxProject', { required: false })

2 Node - Line 30 - cxPassword

checkmarx-github-action/src/cxosa.js

Lines 29 to 31 in 7873b79

	let cxUsername = core.getInput('cxUsername', { required: false })
	let cxPassword = core.getInput('cxPassword', { required: false })
	let cxProject = core.getInput('cxProject', { required: false })

3 Node - Line 67 - cxPassword

checkmarx-github-action/src/cxosa.js

Lines 66 to 68 in 7873b79

	if (utils.isValidString(cxPassword)) {
	password = cxPassword.trim()

Comments
Miguel Freitas checkmarx-github-action-master, [Monday, June 8, 2020 9:51:47 PM]: Changed status to Confirmed

---

Project Details
Checkmarx Version: 9.0.0.40085 HF1
Project ID: 6
Project Name: checkmarx-github-action-master
Preset: Checkmarx Default
Owner: miguel
Team: CxServer\SP\EMEA

---

Scan Details
Initiator Name: Miguel Freitas
Scan ID: 1000039
LOC: 4642
Files Scanned: 10
Scan Type: Full
Scan URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ViewerMain.aspx?scanid=1000039&projectid=6
Scan Comment: git master@7873b79400662eb591cf013e49150cc3df417edb
Scan Type: 00h:01m:16s
Scan Start Date: Tue Jun 09 2020 23:58:09 GMT+0100 (British Summer Time)
Scan Time: 00h:01m:16s
Source Origin: LocalPath
Visibility: Public

---

Result Details
Query ID: 3933
Query Path: JavaScript\Cx\JavaScript Server Side Vulnerabilities\Use Of Hardcoded Password Version:1
Query Group: JavaScript_Server_Side_Vulnerabilities
Query Name: Use_Of_Hardcoded_Password
Query Language: JavaScript
Query Language Hash: 0935562945055365
Query Language Change Date: Tue May 19 2020 00:00:00 GMT+0100 (British Summer Time)
Query Version Code: 97095146
Query Severity: Low
Query Severity Index: 1
Similarity ID: 99642897
Path ID: 1
Result ID: 1000039
Result State: 2
Result Severity: Low
Result Status: Recurrent
Result Assignee:

---

Mitigation Details
Checkmarx Recommendations URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ScanQueryDescription.aspx?queryID=3933&queryVersionCode=97095146&queryTitle=Use_Of_Hardcoded_Password
CWE ID: 259
CWE URL: https://cwe.mitre.org/data/definitions/259.html

Low - Use_Of_Hardcoded_Password

0 Node - Line 46 - "cxPassword"

checkmarx-github-action/src/cxtoken.js

Lines 45 to 47 in 7873b79

	let cxUsername = core.getInput('cxUsername', { required: true })
	let cxPassword = core.getInput('cxPassword', { required: true })

1 Node - Line 46 - getInput

checkmarx-github-action/src/cxtoken.js

Lines 45 to 47 in 7873b79

	let cxUsername = core.getInput('cxUsername', { required: true })
	let cxPassword = core.getInput('cxPassword', { required: true })

2 Node - Line 46 - cxPassword

checkmarx-github-action/src/cxtoken.js

Lines 45 to 47 in 7873b79

	let cxUsername = core.getInput('cxUsername', { required: true })
	let cxPassword = core.getInput('cxPassword', { required: true })

3 Node - Line 63 - cxPassword

checkmarx-github-action/src/cxtoken.js

Lines 62 to 64 in 7873b79

	if (utils.isValidString(cxPassword)) {
	password = cxPassword

Comments
Miguel Freitas checkmarx-github-action-master, [Monday, June 8, 2020 9:51:43 PM]: Changed status to Not Exploitable

---

Project Details
Checkmarx Version: 9.0.0.40085 HF1
Project ID: 6
Project Name: checkmarx-github-action-master
Preset: Checkmarx Default
Owner: miguel
Team: CxServer\SP\EMEA

---

Scan Details
Initiator Name: Miguel Freitas
Scan ID: 1000039
LOC: 4642
Files Scanned: 10
Scan Type: Full
Scan URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ViewerMain.aspx?scanid=1000039&projectid=6
Scan Comment: git master@7873b79400662eb591cf013e49150cc3df417edb
Scan Type: 00h:01m:16s
Scan Start Date: Tue Jun 09 2020 23:58:09 GMT+0100 (British Summer Time)
Scan Time: 00h:01m:16s
Source Origin: LocalPath
Visibility: Public

---

Result Details
Query ID: 3933
Query Path: JavaScript\Cx\JavaScript Server Side Vulnerabilities\Use Of Hardcoded Password Version:1
Query Group: JavaScript_Server_Side_Vulnerabilities
Query Name: Use_Of_Hardcoded_Password
Query Language: JavaScript
Query Language Hash: 0935562945055365
Query Language Change Date: Tue May 19 2020 00:00:00 GMT+0100 (British Summer Time)
Query Version Code: 97095146
Query Severity: Low
Query Severity Index: 1
Similarity ID: 99642897
Path ID: 5
Result ID: 1000039
Result State: 1
Result Severity: Low
Result Status: Recurrent
Result Assignee:

---

Mitigation Details
Checkmarx Recommendations URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ScanQueryDescription.aspx?queryID=3933&queryVersionCode=97095146&queryTitle=Use_Of_Hardcoded_Password
CWE ID: 259
CWE URL: https://cwe.mitre.org/data/definitions/259.html

High - Use_Of_Hardcoded_Password

0 Node - Line 46 - "cxPassword"

checkmarx-github-action/src/cxtoken.js

Lines 45 to 47 in 7873b79

	let cxUsername = core.getInput('cxUsername', { required: true })
	let cxPassword = core.getInput('cxPassword', { required: true })

1 Node - Line 46 - getInput

checkmarx-github-action/src/cxtoken.js

Lines 45 to 47 in 7873b79

	let cxUsername = core.getInput('cxUsername', { required: true })
	let cxPassword = core.getInput('cxPassword', { required: true })

2 Node - Line 46 - cxPassword

checkmarx-github-action/src/cxtoken.js

Lines 45 to 47 in 7873b79

	let cxUsername = core.getInput('cxUsername', { required: true })
	let cxPassword = core.getInput('cxPassword', { required: true })

3 Node - Line 64 - cxPassword

checkmarx-github-action/src/cxtoken.js

Lines 63 to 65 in 7873b79

	if (utils.isValidString(cxPassword)) {
	password = cxPassword
	} else {

4 Node - Line 64 - password

checkmarx-github-action/src/cxtoken.js

Lines 63 to 65 in 7873b79

	if (utils.isValidString(cxPassword)) {
	password = cxPassword
	} else {

5 Node - Line 82 - password

checkmarx-github-action/src/cxtoken.js

Lines 81 to 83 in 7873b79

	" -CxUser " + user +
	" -CxPassword " + password

Comments
Miguel Freitas checkmarx-github-action-master, [Monday, June 8, 2020 9:52:09 PM]: Changed severity to High

---

Project Details
Checkmarx Version: 9.0.0.40085 HF1
Project ID: 6
Project Name: checkmarx-github-action-master
Preset: Checkmarx Default
Owner: miguel
Team: CxServer\SP\EMEA

---

Scan Details
Initiator Name: Miguel Freitas
Scan ID: 1000039
LOC: 4642
Files Scanned: 10
Scan Type: Full
Scan URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ViewerMain.aspx?scanid=1000039&projectid=6
Scan Comment: git master@7873b79400662eb591cf013e49150cc3df417edb
Scan Type: 00h:01m:16s
Scan Start Date: Tue Jun 09 2020 23:58:09 GMT+0100 (British Summer Time)
Scan Time: 00h:01m:16s
Source Origin: LocalPath
Visibility: Public

---

Result Details
Query ID: 3933
Query Path: JavaScript\Cx\JavaScript Server Side Vulnerabilities\Use Of Hardcoded Password Version:1
Query Group: JavaScript_Server_Side_Vulnerabilities
Query Name: Use_Of_Hardcoded_Password
Query Language: JavaScript
Query Language Hash: 0935562945055365
Query Language Change Date: Tue May 19 2020 00:00:00 GMT+0100 (British Summer Time)
Query Version Code: 97095146
Query Severity: Low
Query Severity Index: 1
Similarity ID: 99642897
Path ID: 6
Result ID: 1000039
Result State: 0
Result Severity: High
Result Status: Recurrent
Result Assignee:

---

Mitigation Details
Checkmarx Recommendations URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ScanQueryDescription.aspx?queryID=3933&queryVersionCode=97095146&queryTitle=Use_Of_Hardcoded_Password
CWE ID: 259
CWE URL: https://cwe.mitre.org/data/definitions/259.html

Medium - Use_Of_Hardcoded_Password

0 Node - Line 36 - "cxPassword"

checkmarx-github-action/src/cxsast.js

Lines 35 to 37 in 7873b79

	let cxPassword = core.getInput('cxPassword', { required: false })
	let cxToken = core.getInput('cxToken', { required: false })
	let cxProject = core.getInput('cxProject', { required: false })

1 Node - Line 36 - getInput

checkmarx-github-action/src/cxsast.js

Lines 35 to 37 in 7873b79

	let cxPassword = core.getInput('cxPassword', { required: false })
	let cxToken = core.getInput('cxToken', { required: false })
	let cxProject = core.getInput('cxProject', { required: false })

2 Node - Line 36 - cxPassword

checkmarx-github-action/src/cxsast.js

Lines 35 to 37 in 7873b79

	let cxPassword = core.getInput('cxPassword', { required: false })
	let cxToken = core.getInput('cxToken', { required: false })
	let cxProject = core.getInput('cxProject', { required: false })

3 Node - Line 78 - cxPassword

checkmarx-github-action/src/cxsast.js

Lines 77 to 79 in 7873b79

	password = cxPassword.trim()
	} else {
	let message = "Please provide 'cxPassword' input (string)"

4 Node - Line 78 - trim

checkmarx-github-action/src/cxsast.js

Lines 77 to 79 in 7873b79

	password = cxPassword.trim()
	} else {
	let message = "Please provide 'cxPassword' input (string)"

5 Node - Line 78 - password

checkmarx-github-action/src/cxsast.js

Lines 77 to 79 in 7873b79

	password = cxPassword.trim()
	} else {
	let message = "Please provide 'cxPassword' input (string)"

6 Node - Line 260 - password

checkmarx-github-action/src/cxsast.js

Lines 259 to 261 in 7873b79

	credentials = " -CxUser " + user + " -CxPassword " + password
	}

Comments
Miguel Freitas checkmarx-github-action-master, [Monday, June 8, 2020 9:52:12 PM]: Changed severity to Medium
Miguel Freitas checkmarx-github-action-master, [Monday, June 8, 2020 9:52:01 PM]: Changed status to Proposed Not Exploitable
Miguel Freitas checkmarx-github-action-master, [Monday, June 8, 2020 9:51:59 PM]: Changed status to Urgent

---

Project Details
Checkmarx Version: 9.0.0.40085 HF1
Project ID: 6
Project Name: checkmarx-github-action-master
Preset: Checkmarx Default
Owner: miguel
Team: CxServer\SP\EMEA

---

Scan Details
Initiator Name: Miguel Freitas
Scan ID: 1000039
LOC: 4642
Files Scanned: 10
Scan Type: Full
Scan URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ViewerMain.aspx?scanid=1000039&projectid=6
Scan Comment: git master@7873b79400662eb591cf013e49150cc3df417edb
Scan Type: 00h:01m:16s
Scan Start Date: Tue Jun 09 2020 23:58:09 GMT+0100 (British Summer Time)
Scan Time: 00h:01m:16s
Source Origin: LocalPath
Visibility: Public

---

Result Details
Query ID: 3933
Query Path: JavaScript\Cx\JavaScript Server Side Vulnerabilities\Use Of Hardcoded Password Version:1
Query Group: JavaScript_Server_Side_Vulnerabilities
Query Name: Use_Of_Hardcoded_Password
Query Language: JavaScript
Query Language Hash: 0935562945055365
Query Language Change Date: Tue May 19 2020 00:00:00 GMT+0100 (British Summer Time)
Query Version Code: 97095146
Query Severity: Low
Query Severity Index: 1
Similarity ID: 99642897
Path ID: 4
Result ID: 1000039
Result State: 4
Result Severity: Medium
Result Status: Recurrent
Result Assignee:

---

Mitigation Details
Checkmarx Recommendations URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ScanQueryDescription.aspx?queryID=3933&queryVersionCode=97095146&queryTitle=Use_Of_Hardcoded_Password
CWE ID: 259
CWE URL: https://cwe.mitre.org/data/definitions/259.html

Low - Use_Of_Hardcoded_Password

0 Node - Line 30 - "cxPassword"

checkmarx-github-action/src/cxosa.js

Lines 29 to 31 in 7873b79

	let cxUsername = core.getInput('cxUsername', { required: false })
	let cxPassword = core.getInput('cxPassword', { required: false })
	let cxProject = core.getInput('cxProject', { required: false })

1 Node - Line 30 - getInput

checkmarx-github-action/src/cxosa.js

Lines 29 to 31 in 7873b79

	let cxUsername = core.getInput('cxUsername', { required: false })
	let cxPassword = core.getInput('cxPassword', { required: false })
	let cxProject = core.getInput('cxProject', { required: false })

2 Node - Line 30 - cxPassword

checkmarx-github-action/src/cxosa.js

Lines 29 to 31 in 7873b79

	let cxUsername = core.getInput('cxUsername', { required: false })
	let cxPassword = core.getInput('cxPassword', { required: false })
	let cxProject = core.getInput('cxProject', { required: false })

3 Node - Line 67 - cxPassword

checkmarx-github-action/src/cxosa.js

Lines 66 to 68 in 7873b79

	if (utils.isValidString(cxPassword)) {
	password = cxPassword.trim()

Comments
Miguel Freitas checkmarx-github-action-master, [Monday, June 8, 2020 9:51:47 PM]: Changed status to Confirmed

---

Project Details
Checkmarx Version: 9.0.0.40085 HF1
Project ID: 6
Project Name: checkmarx-github-action-master
Preset: Checkmarx Default
Owner: miguel
Team: CxServer\SP\EMEA

---

Scan Details
Initiator Name: Miguel Freitas
Scan ID: 1000039
LOC: 4642
Files Scanned: 10
Scan Type: Full
Scan URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ViewerMain.aspx?scanid=1000039&projectid=6
Scan Comment: git master@7873b79400662eb591cf013e49150cc3df417edb
Scan Type: 00h:01m:16s
Scan Start Date: Tue Jun 09 2020 23:58:09 GMT+0100 (British Summer Time)
Scan Time: 00h:01m:16s
Source Origin: LocalPath
Visibility: Public

---

Result Details
Query ID: 3933
Query Path: JavaScript\Cx\JavaScript Server Side Vulnerabilities\Use Of Hardcoded Password Version:1
Query Group: JavaScript_Server_Side_Vulnerabilities
Query Name: Use_Of_Hardcoded_Password
Query Language: JavaScript
Query Language Hash: 0935562945055365
Query Language Change Date: Tue May 19 2020 00:00:00 GMT+0100 (British Summer Time)
Query Version Code: 97095146
Query Severity: Low
Query Severity Index: 1
Similarity ID: 99642897
Path ID: 1
Result ID: 1000039
Result State: 2
Result Severity: Low
Result Status: Recurrent
Result Assignee:

---

Mitigation Details
Checkmarx Recommendations URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ScanQueryDescription.aspx?queryID=3933&queryVersionCode=97095146&queryTitle=Use_Of_Hardcoded_Password
CWE ID: 259
CWE URL: https://cwe.mitre.org/data/definitions/259.html

Low - Use_Of_Hardcoded_Password

0 Node - Line 46 - "cxPassword"

checkmarx-github-action/src/cxtoken.js

Lines 45 to 47 in 7873b79

	let cxUsername = core.getInput('cxUsername', { required: true })
	let cxPassword = core.getInput('cxPassword', { required: true })

1 Node - Line 46 - getInput

checkmarx-github-action/src/cxtoken.js

Lines 45 to 47 in 7873b79

	let cxUsername = core.getInput('cxUsername', { required: true })
	let cxPassword = core.getInput('cxPassword', { required: true })

2 Node - Line 46 - cxPassword

checkmarx-github-action/src/cxtoken.js

Lines 45 to 47 in 7873b79

	let cxUsername = core.getInput('cxUsername', { required: true })
	let cxPassword = core.getInput('cxPassword', { required: true })

3 Node - Line 63 - cxPassword

checkmarx-github-action/src/cxtoken.js

Lines 62 to 64 in 7873b79

	if (utils.isValidString(cxPassword)) {
	password = cxPassword

Comments
Miguel Freitas checkmarx-github-action-master, [Monday, June 8, 2020 9:51:43 PM]: Changed status to Not Exploitable

---

Project Details
Checkmarx Version: 9.0.0.40085 HF1
Project ID: 6
Project Name: checkmarx-github-action-master
Preset: Checkmarx Default
Owner: miguel
Team: CxServer\SP\EMEA

---

Scan Details
Initiator Name: Miguel Freitas
Scan ID: 1000039
LOC: 4642
Files Scanned: 10
Scan Type: Full
Scan URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ViewerMain.aspx?scanid=1000039&projectid=6
Scan Comment: git master@7873b79400662eb591cf013e49150cc3df417edb
Scan Type: 00h:01m:16s
Scan Start Date: Tue Jun 09 2020 23:58:09 GMT+0100 (British Summer Time)
Scan Time: 00h:01m:16s
Source Origin: LocalPath
Visibility: Public

---

Result Details
Query ID: 3933
Query Path: JavaScript\Cx\JavaScript Server Side Vulnerabilities\Use Of Hardcoded Password Version:1
Query Group: JavaScript_Server_Side_Vulnerabilities
Query Name: Use_Of_Hardcoded_Password
Query Language: JavaScript
Query Language Hash: 0935562945055365
Query Language Change Date: Tue May 19 2020 00:00:00 GMT+0100 (British Summer Time)
Query Version Code: 97095146
Query Severity: Low
Query Severity Index: 1
Similarity ID: 99642897
Path ID: 5
Result ID: 1000039
Result State: 1
Result Severity: Low
Result Status: Recurrent
Result Assignee:

---

Mitigation Details
Checkmarx Recommendations URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ScanQueryDescription.aspx?queryID=3933&queryVersionCode=97095146&queryTitle=Use_Of_Hardcoded_Password
CWE ID: 259
CWE URL: https://cwe.mitre.org/data/definitions/259.html

High - Use_Of_Hardcoded_Password

0 Node - Line 46 - "cxPassword"

checkmarx-github-action/src/cxtoken.js

Lines 45 to 47 in 7873b79

	let cxUsername = core.getInput('cxUsername', { required: true })
	let cxPassword = core.getInput('cxPassword', { required: true })

1 Node - Line 46 - getInput

checkmarx-github-action/src/cxtoken.js

Lines 45 to 47 in 7873b79

	let cxUsername = core.getInput('cxUsername', { required: true })
	let cxPassword = core.getInput('cxPassword', { required: true })

2 Node - Line 46 - cxPassword

checkmarx-github-action/src/cxtoken.js

Lines 45 to 47 in 7873b79

	let cxUsername = core.getInput('cxUsername', { required: true })
	let cxPassword = core.getInput('cxPassword', { required: true })

3 Node - Line 64 - cxPassword

checkmarx-github-action/src/cxtoken.js

Lines 63 to 65 in 7873b79

	if (utils.isValidString(cxPassword)) {
	password = cxPassword
	} else {

4 Node - Line 64 - password

checkmarx-github-action/src/cxtoken.js

Lines 63 to 65 in 7873b79

	if (utils.isValidString(cxPassword)) {
	password = cxPassword
	} else {

5 Node - Line 82 - password

checkmarx-github-action/src/cxtoken.js

Lines 81 to 83 in 7873b79

	" -CxUser " + user +
	" -CxPassword " + password

Comments
Miguel Freitas checkmarx-github-action-master, [Monday, June 8, 2020 9:52:09 PM]: Changed severity to High

---

Project Details
Checkmarx Version: 9.0.0.40085 HF1
Project ID: 6
Project Name: checkmarx-github-action-master
Preset: Checkmarx Default
Owner: miguel
Team: CxServer\SP\EMEA

---

Scan Details
Initiator Name: Miguel Freitas
Scan ID: 1000039
LOC: 4642
Files Scanned: 10
Scan Type: Full
Scan URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ViewerMain.aspx?scanid=1000039&projectid=6
Scan Comment: git master@7873b79400662eb591cf013e49150cc3df417edb
Scan Type: 00h:01m:16s
Scan Start Date: Tue Jun 09 2020 23:58:09 GMT+0100 (British Summer Time)
Scan Time: 00h:01m:16s
Source Origin: LocalPath
Visibility: Public

---

Result Details
Query ID: 3933
Query Path: JavaScript\Cx\JavaScript Server Side Vulnerabilities\Use Of Hardcoded Password Version:1
Query Group: JavaScript_Server_Side_Vulnerabilities
Query Name: Use_Of_Hardcoded_Password
Query Language: JavaScript
Query Language Hash: 0935562945055365
Query Language Change Date: Tue May 19 2020 00:00:00 GMT+0100 (British Summer Time)
Query Version Code: 97095146
Query Severity: Low
Query Severity Index: 1
Similarity ID: 99642897
Path ID: 6
Result ID: 1000039
Result State: 0
Result Severity: High
Result Status: Recurrent
Result Assignee:

---

Mitigation Details
Checkmarx Recommendations URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ScanQueryDescription.aspx?queryID=3933&queryVersionCode=97095146&queryTitle=Use_Of_Hardcoded_Password
CWE ID: 259
CWE URL: https://cwe.mitre.org/data/definitions/259.html

Medium - Use_Of_Hardcoded_Password

0 Node - Line 36 - "cxPassword"

checkmarx-github-action/src/cxsast.js

Lines 35 to 37 in 7873b79

	let cxPassword = core.getInput('cxPassword', { required: false })
	let cxToken = core.getInput('cxToken', { required: false })
	let cxProject = core.getInput('cxProject', { required: false })

1 Node - Line 36 - getInput

checkmarx-github-action/src/cxsast.js

Lines 35 to 37 in 7873b79

	let cxPassword = core.getInput('cxPassword', { required: false })
	let cxToken = core.getInput('cxToken', { required: false })
	let cxProject = core.getInput('cxProject', { required: false })

2 Node - Line 36 - cxPassword

checkmarx-github-action/src/cxsast.js

Lines 35 to 37 in 7873b79

	let cxPassword = core.getInput('cxPassword', { required: false })
	let cxToken = core.getInput('cxToken', { required: false })
	let cxProject = core.getInput('cxProject', { required: false })

3 Node - Line 78 - cxPassword

checkmarx-github-action/src/cxsast.js

Lines 77 to 79 in 7873b79

	password = cxPassword.trim()
	} else {
	let message = "Please provide 'cxPassword' input (string)"

4 Node - Line 78 - trim

checkmarx-github-action/src/cxsast.js

Lines 77 to 79 in 7873b79

	password = cxPassword.trim()
	} else {
	let message = "Please provide 'cxPassword' input (string)"

5 Node - Line 78 - password

checkmarx-github-action/src/cxsast.js

Lines 77 to 79 in 7873b79

	password = cxPassword.trim()
	} else {
	let message = "Please provide 'cxPassword' input (string)"

6 Node - Line 260 - password

checkmarx-github-action/src/cxsast.js

Lines 259 to 261 in 7873b79

	credentials = " -CxUser " + user + " -CxPassword " + password
	}

Comments
Miguel Freitas checkmarx-github-action-master, [Monday, June 8, 2020 9:52:12 PM]: Changed severity to Medium
Miguel Freitas checkmarx-github-action-master, [Monday, June 8, 2020 9:52:01 PM]: Changed status to Proposed Not Exploitable
Miguel Freitas checkmarx-github-action-master, [Monday, June 8, 2020 9:51:59 PM]: Changed status to Urgent

---

Project Details
Checkmarx Version: 9.0.0.40085 HF1
Project ID: 6
Project Name: checkmarx-github-action-master
Preset: Checkmarx Default
Owner: miguel
Team: CxServer\SP\EMEA

---

Scan Details
Initiator Name: Miguel Freitas
Scan ID: 1000039
LOC: 4642
Files Scanned: 10
Scan Type: Full
Scan URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ViewerMain.aspx?scanid=1000039&projectid=6
Scan Comment: git master@7873b79400662eb591cf013e49150cc3df417edb
Scan Type: 00h:01m:16s
Scan Start Date: Tue Jun 09 2020 23:58:09 GMT+0100 (British Summer Time)
Scan Time: 00h:01m:16s
Source Origin: LocalPath
Visibility: Public

---

Result Details
Query ID: 3933
Query Path: JavaScript\Cx\JavaScript Server Side Vulnerabilities\Use Of Hardcoded Password Version:1
Query Group: JavaScript_Server_Side_Vulnerabilities
Query Name: Use_Of_Hardcoded_Password
Query Language: JavaScript
Query Language Hash: 0935562945055365
Query Language Change Date: Tue May 19 2020 00:00:00 GMT+0100 (British Summer Time)
Query Version Code: 97095146
Query Severity: Low
Query Severity Index: 1
Similarity ID: 99642897
Path ID: 4
Result ID: 1000039
Result State: 4
Result Severity: Medium
Result Status: Recurrent
Result Assignee:

---

Mitigation Details
Checkmarx Recommendations URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ScanQueryDescription.aspx?queryID=3933&queryVersionCode=97095146&queryTitle=Use_Of_Hardcoded_Password
CWE ID: 259
CWE URL: https://cwe.mitre.org/data/definitions/259.html

High - Use_Of_Hardcoded_Password

0 Node - Line 46 - "cxPassword"

checkmarx-github-action/src/cxtoken.js

Lines 45 to 47 in 7873b79

	let cxUsername = core.getInput('cxUsername', { required: true })
	let cxPassword = core.getInput('cxPassword', { required: true })

1 Node - Line 46 - getInput

checkmarx-github-action/src/cxtoken.js

Lines 45 to 47 in 7873b79

	let cxUsername = core.getInput('cxUsername', { required: true })
	let cxPassword = core.getInput('cxPassword', { required: true })

2 Node - Line 46 - cxPassword

checkmarx-github-action/src/cxtoken.js

Lines 45 to 47 in 7873b79

	let cxUsername = core.getInput('cxUsername', { required: true })
	let cxPassword = core.getInput('cxPassword', { required: true })

3 Node - Line 64 - cxPassword

checkmarx-github-action/src/cxtoken.js

Lines 63 to 65 in 7873b79

	if (utils.isValidString(cxPassword)) {
	password = cxPassword
	} else {

4 Node - Line 64 - password

checkmarx-github-action/src/cxtoken.js

Lines 63 to 65 in 7873b79

	if (utils.isValidString(cxPassword)) {
	password = cxPassword
	} else {

5 Node - Line 82 - password

checkmarx-github-action/src/cxtoken.js

Lines 81 to 83 in 7873b79

	" -CxUser " + user +
	" -CxPassword " + password

Comments
Miguel Freitas checkmarx-github-action-master, [Monday, June 8, 2020 9:52:09 PM]: Changed severity to High

---

Project Details
Checkmarx Version: 9.0.0.40085 HF1
Project ID: 6
Project Name: checkmarx-github-action-master
Preset: Checkmarx Default
Owner: miguel
Team: CxServer\SP\EMEA

---

Scan Details
Initiator Name: Miguel Freitas
Scan ID: 1000039
LOC: 4642
Files Scanned: 10
Scan Type: Full
Scan URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ViewerMain.aspx?scanid=1000039&projectid=6
Scan Comment: git master@7873b79400662eb591cf013e49150cc3df417edb
Scan Type: 00h:01m:16s
Scan Start Date: Tue Jun 09 2020 23:58:09 GMT+0100 (British Summer Time)
Scan Time: 00h:01m:16s
Source Origin: LocalPath
Visibility: Public

---

Result Details
Query ID: 3933
Query Path: JavaScript\Cx\JavaScript Server Side Vulnerabilities\Use Of Hardcoded Password Version:1
Query Group: JavaScript_Server_Side_Vulnerabilities
Query Name: Use_Of_Hardcoded_Password
Query Language: JavaScript
Query Language Hash: 0935562945055365
Query Language Change Date: Tue May 19 2020 00:00:00 GMT+0100 (British Summer Time)
Query Version Code: 97095146
Query Severity: Low
Query Severity Index: 1
Similarity ID: 99642897
Path ID: 6
Result ID: 1000039
Result State: 0
Result Severity: High
Result Status: Recurrent
Result Assignee:

---

Mitigation Details
Checkmarx Recommendations URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ScanQueryDescription.aspx?queryID=3933&queryVersionCode=97095146&queryTitle=Use_Of_Hardcoded_Password
CWE ID: 259
CWE URL: https://cwe.mitre.org/data/definitions/259.html

Medium - Use_Of_Hardcoded_Password

0 Node - Line 36 - "cxPassword"

checkmarx-github-action/src/cxsast.js

Lines 35 to 37 in 7873b79

	let cxPassword = core.getInput('cxPassword', { required: false })
	let cxToken = core.getInput('cxToken', { required: false })
	let cxProject = core.getInput('cxProject', { required: false })

1 Node - Line 36 - getInput

checkmarx-github-action/src/cxsast.js

Lines 35 to 37 in 7873b79

	let cxPassword = core.getInput('cxPassword', { required: false })
	let cxToken = core.getInput('cxToken', { required: false })
	let cxProject = core.getInput('cxProject', { required: false })

2 Node - Line 36 - cxPassword

checkmarx-github-action/src/cxsast.js

Lines 35 to 37 in 7873b79

	let cxPassword = core.getInput('cxPassword', { required: false })
	let cxToken = core.getInput('cxToken', { required: false })
	let cxProject = core.getInput('cxProject', { required: false })

3 Node - Line 78 - cxPassword

checkmarx-github-action/src/cxsast.js

Lines 77 to 79 in 7873b79

	password = cxPassword.trim()
	} else {
	let message = "Please provide 'cxPassword' input (string)"

4 Node - Line 78 - trim

checkmarx-github-action/src/cxsast.js

Lines 77 to 79 in 7873b79

	password = cxPassword.trim()
	} else {
	let message = "Please provide 'cxPassword' input (string)"

5 Node - Line 78 - password

checkmarx-github-action/src/cxsast.js

Lines 77 to 79 in 7873b79

	password = cxPassword.trim()
	} else {
	let message = "Please provide 'cxPassword' input (string)"

6 Node - Line 260 - password

checkmarx-github-action/src/cxsast.js

Lines 259 to 261 in 7873b79

	credentials = " -CxUser " + user + " -CxPassword " + password
	}

Comments
Miguel Freitas checkmarx-github-action-master, [Monday, June 8, 2020 9:52:12 PM]: Changed severity to Medium
Miguel Freitas checkmarx-github-action-master, [Monday, June 8, 2020 9:52:01 PM]: Changed status to Proposed Not Exploitable
Miguel Freitas checkmarx-github-action-master, [Monday, June 8, 2020 9:51:59 PM]: Changed status to Urgent

---

Project Details
Checkmarx Version: 9.0.0.40085 HF1
Project ID: 6
Project Name: checkmarx-github-action-master
Preset: Checkmarx Default
Owner: miguel
Team: CxServer\SP\EMEA

---

Scan Details
Initiator Name: Miguel Freitas
Scan ID: 1000039
LOC: 4642
Files Scanned: 10
Scan Type: Full
Scan URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ViewerMain.aspx?scanid=1000039&projectid=6
Scan Comment: git master@7873b79400662eb591cf013e49150cc3df417edb
Scan Type: 00h:01m:16s
Scan Start Date: Tue Jun 09 2020 23:58:09 GMT+0100 (British Summer Time)
Scan Time: 00h:01m:16s
Source Origin: LocalPath
Visibility: Public

---

Result Details
Query ID: 3933
Query Path: JavaScript\Cx\JavaScript Server Side Vulnerabilities\Use Of Hardcoded Password Version:1
Query Group: JavaScript_Server_Side_Vulnerabilities
Query Name: Use_Of_Hardcoded_Password
Query Language: JavaScript
Query Language Hash: 0935562945055365
Query Language Change Date: Tue May 19 2020 00:00:00 GMT+0100 (British Summer Time)
Query Version Code: 97095146
Query Severity: Low
Query Severity Index: 1
Similarity ID: 99642897
Path ID: 4
Result ID: 1000039
Result State: 4
Result Severity: Medium
Result Status: Recurrent
Result Assignee:

---

Mitigation Details
Checkmarx Recommendations URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ScanQueryDescription.aspx?queryID=3933&queryVersionCode=97095146&queryTitle=Use_Of_Hardcoded_Password
CWE ID: 259
CWE URL: https://cwe.mitre.org/data/definitions/259.html

Low - Use_Of_Hardcoded_Password

0 Node - Line 30 - "cxPassword"

checkmarx-github-action/src/cxosa.js

Lines 29 to 31 in 7873b79

	let cxUsername = core.getInput('cxUsername', { required: false })
	let cxPassword = core.getInput('cxPassword', { required: false })
	let cxProject = core.getInput('cxProject', { required: false })

1 Node - Line 30 - getInput

checkmarx-github-action/src/cxosa.js

Lines 29 to 31 in 7873b79

	let cxUsername = core.getInput('cxUsername', { required: false })
	let cxPassword = core.getInput('cxPassword', { required: false })
	let cxProject = core.getInput('cxProject', { required: false })

2 Node - Line 30 - cxPassword

checkmarx-github-action/src/cxosa.js

Lines 29 to 31 in 7873b79

	let cxUsername = core.getInput('cxUsername', { required: false })
	let cxPassword = core.getInput('cxPassword', { required: false })
	let cxProject = core.getInput('cxProject', { required: false })

3 Node - Line 67 - cxPassword

checkmarx-github-action/src/cxosa.js

Lines 66 to 68 in 7873b79

	if (utils.isValidString(cxPassword)) {
	password = cxPassword.trim()

Comments
Miguel Freitas checkmarx-github-action-master, [Monday, June 8, 2020 9:51:47 PM]: Changed status to Confirmed

---

Project Details
Checkmarx Version: 9.0.0.40085 HF1
Project ID: 6
Project Name: checkmarx-github-action-master
Preset: Checkmarx Default
Owner: miguel
Team: CxServer\SP\EMEA

---

Scan Details
Initiator Name: Miguel Freitas
Scan ID: 1000039
LOC: 4642
Files Scanned: 10
Scan Type: Full
Scan URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ViewerMain.aspx?scanid=1000039&projectid=6
Scan Comment: git master@7873b79400662eb591cf013e49150cc3df417edb
Scan Type: 00h:01m:16s
Scan Start Date: Tue Jun 09 2020 23:58:09 GMT+0100 (British Summer Time)
Scan Time: 00h:01m:16s
Source Origin: LocalPath
Visibility: Public

---

Result Details
Query ID: 3933
Query Path: JavaScript\Cx\JavaScript Server Side Vulnerabilities\Use Of Hardcoded Password Version:1
Query Group: JavaScript_Server_Side_Vulnerabilities
Query Name: Use_Of_Hardcoded_Password
Query Language: JavaScript
Query Language Hash: 0935562945055365
Query Language Change Date: Tue May 19 2020 00:00:00 GMT+0100 (British Summer Time)
Query Version Code: 97095146
Query Severity: Low
Query Severity Index: 1
Similarity ID: 99642897
Path ID: 1
Result ID: 1000039
Result State: 2
Result Severity: Low
Result Status: Recurrent
Result Assignee:

---

Mitigation Details
Checkmarx Recommendations URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ScanQueryDescription.aspx?queryID=3933&queryVersionCode=97095146&queryTitle=Use_Of_Hardcoded_Password
CWE ID: 259
CWE URL: https://cwe.mitre.org/data/definitions/259.html

Low - Use_Of_Hardcoded_Password

0 Node - Line 46 - "cxPassword"

checkmarx-github-action/src/cxtoken.js

Lines 45 to 47 in 7873b79

	let cxUsername = core.getInput('cxUsername', { required: true })
	let cxPassword = core.getInput('cxPassword', { required: true })

1 Node - Line 46 - getInput

checkmarx-github-action/src/cxtoken.js

Lines 45 to 47 in 7873b79

	let cxUsername = core.getInput('cxUsername', { required: true })
	let cxPassword = core.getInput('cxPassword', { required: true })

2 Node - Line 46 - cxPassword

checkmarx-github-action/src/cxtoken.js

Lines 45 to 47 in 7873b79

	let cxUsername = core.getInput('cxUsername', { required: true })
	let cxPassword = core.getInput('cxPassword', { required: true })

3 Node - Line 63 - cxPassword

checkmarx-github-action/src/cxtoken.js

Lines 62 to 64 in 7873b79

	if (utils.isValidString(cxPassword)) {
	password = cxPassword

Comments
Miguel Freitas checkmarx-github-action-master, [Monday, June 8, 2020 9:51:43 PM]: Changed status to Not Exploitable

---

Project Details
Checkmarx Version: 9.0.0.40085 HF1
Project ID: 6
Project Name: checkmarx-github-action-master
Preset: Checkmarx Default
Owner: miguel
Team: CxServer\SP\EMEA

---

Scan Details
Initiator Name: Miguel Freitas
Scan ID: 1000039
LOC: 4642
Files Scanned: 10
Scan Type: Full
Scan URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ViewerMain.aspx?scanid=1000039&projectid=6
Scan Comment: git master@7873b79400662eb591cf013e49150cc3df417edb
Scan Type: 00h:01m:16s
Scan Start Date: Tue Jun 09 2020 23:58:09 GMT+0100 (British Summer Time)
Scan Time: 00h:01m:16s
Source Origin: LocalPath
Visibility: Public

---

Result Details
Query ID: 3933
Query Path: JavaScript\Cx\JavaScript Server Side Vulnerabilities\Use Of Hardcoded Password Version:1
Query Group: JavaScript_Server_Side_Vulnerabilities
Query Name: Use_Of_Hardcoded_Password
Query Language: JavaScript
Query Language Hash: 0935562945055365
Query Language Change Date: Tue May 19 2020 00:00:00 GMT+0100 (British Summer Time)
Query Version Code: 97095146
Query Severity: Low
Query Severity Index: 1
Similarity ID: 99642897
Path ID: 5
Result ID: 1000039
Result State: 1
Result Severity: Low
Result Status: Recurrent
Result Assignee:

---

Mitigation Details
Checkmarx Recommendations URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ScanQueryDescription.aspx?queryID=3933&queryVersionCode=97095146&queryTitle=Use_Of_Hardcoded_Password
CWE ID: 259
CWE URL: https://cwe.mitre.org/data/definitions/259.html

High - Use_Of_Hardcoded_Password

0 Node - Line 46 - "cxPassword"

checkmarx-github-action/src/cxtoken.js

Lines 45 to 47 in 7873b79

	let cxUsername = core.getInput('cxUsername', { required: true })
	let cxPassword = core.getInput('cxPassword', { required: true })

1 Node - Line 46 - getInput

checkmarx-github-action/src/cxtoken.js

Lines 45 to 47 in 7873b79

	let cxUsername = core.getInput('cxUsername', { required: true })
	let cxPassword = core.getInput('cxPassword', { required: true })

2 Node - Line 46 - cxPassword

checkmarx-github-action/src/cxtoken.js

Lines 45 to 47 in 7873b79

	let cxUsername = core.getInput('cxUsername', { required: true })
	let cxPassword = core.getInput('cxPassword', { required: true })

3 Node - Line 64 - cxPassword

checkmarx-github-action/src/cxtoken.js

Lines 63 to 65 in 7873b79

	if (utils.isValidString(cxPassword)) {
	password = cxPassword
	} else {

4 Node - Line 64 - password

checkmarx-github-action/src/cxtoken.js

Lines 63 to 65 in 7873b79

	if (utils.isValidString(cxPassword)) {
	password = cxPassword
	} else {

5 Node - Line 82 - password

checkmarx-github-action/src/cxtoken.js

Lines 81 to 83 in 7873b79

	" -CxUser " + user +
	" -CxPassword " + password

Comments
Miguel Freitas checkmarx-github-action-master, [Monday, June 8, 2020 9:52:09 PM]: Changed severity to High

---

Project Details
Checkmarx Version: 9.0.0.40085 HF1
Project ID: 6
Project Name: checkmarx-github-action-master
Preset: Checkmarx Default
Owner: miguel
Team: CxServer\SP\EMEA

---

Scan Details
Initiator Name: Miguel Freitas
Scan ID: 1000039
LOC: 4642
Files Scanned: 10
Scan Type: Full
Scan URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ViewerMain.aspx?scanid=1000039&projectid=6
Scan Comment: git master@7873b79400662eb591cf013e49150cc3df417edb
Scan Type: 00h:01m:16s
Scan Start Date: Tue Jun 09 2020 23:58:09 GMT+0100 (British Summer Time)
Scan Time: 00h:01m:16s
Source Origin: LocalPath
Visibility: Public

---

Result Details
Query ID: 3933
Query Path: JavaScript\Cx\JavaScript Server Side Vulnerabilities\Use Of Hardcoded Password Version:1
Query Group: JavaScript_Server_Side_Vulnerabilities
Query Name: Use_Of_Hardcoded_Password
Query Language: JavaScript
Query Language Hash: 0935562945055365
Query Language Change Date: Tue May 19 2020 00:00:00 GMT+0100 (British Summer Time)
Query Version Code: 97095146
Query Severity: Low
Query Severity Index: 1
Similarity ID: 99642897
Path ID: 6
Result ID: 1000039
Result State: 0
Result Severity: High
Result Status: Recurrent
Result Assignee:

---

Mitigation Details
Checkmarx Recommendations URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ScanQueryDescription.aspx?queryID=3933&queryVersionCode=97095146&queryTitle=Use_Of_Hardcoded_Password
CWE ID: 259
CWE URL: https://cwe.mitre.org/data/definitions/259.html

Medium - Use_Of_Hardcoded_Password

0 Node - Line 36 - "cxPassword"

checkmarx-github-action/src/cxsast.js

Lines 35 to 37 in 7873b79

	let cxPassword = core.getInput('cxPassword', { required: false })
	let cxToken = core.getInput('cxToken', { required: false })
	let cxProject = core.getInput('cxProject', { required: false })

1 Node - Line 36 - getInput

checkmarx-github-action/src/cxsast.js

Lines 35 to 37 in 7873b79

	let cxPassword = core.getInput('cxPassword', { required: false })
	let cxToken = core.getInput('cxToken', { required: false })
	let cxProject = core.getInput('cxProject', { required: false })

2 Node - Line 36 - cxPassword

checkmarx-github-action/src/cxsast.js

Lines 35 to 37 in 7873b79

	let cxPassword = core.getInput('cxPassword', { required: false })
	let cxToken = core.getInput('cxToken', { required: false })
	let cxProject = core.getInput('cxProject', { required: false })

3 Node - Line 78 - cxPassword

checkmarx-github-action/src/cxsast.js

Lines 77 to 79 in 7873b79

	password = cxPassword.trim()
	} else {
	let message = "Please provide 'cxPassword' input (string)"

4 Node - Line 78 - trim

checkmarx-github-action/src/cxsast.js

Lines 77 to 79 in 7873b79

	password = cxPassword.trim()
	} else {
	let message = "Please provide 'cxPassword' input (string)"

5 Node - Line 78 - password

checkmarx-github-action/src/cxsast.js

Lines 77 to 79 in 7873b79

	password = cxPassword.trim()
	} else {
	let message = "Please provide 'cxPassword' input (string)"

6 Node - Line 260 - password

checkmarx-github-action/src/cxsast.js

Lines 259 to 261 in 7873b79

	credentials = " -CxUser " + user + " -CxPassword " + password
	}

Comments
Miguel Freitas checkmarx-github-action-master, [Monday, June 8, 2020 9:52:12 PM]: Changed severity to Medium
Miguel Freitas checkmarx-github-action-master, [Monday, June 8, 2020 9:52:01 PM]: Changed status to Proposed Not Exploitable
Miguel Freitas checkmarx-github-action-master, [Monday, June 8, 2020 9:51:59 PM]: Changed status to Urgent

---

Project Details
Checkmarx Version: 9.0.0.40085 HF1
Project ID: 6
Project Name: checkmarx-github-action-master
Preset: Checkmarx Default
Owner: miguel
Team: CxServer\SP\EMEA

---

Scan Details
Initiator Name: Miguel Freitas
Scan ID: 1000039
LOC: 4642
Files Scanned: 10
Scan Type: Full
Scan URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ViewerMain.aspx?scanid=1000039&projectid=6
Scan Comment: git master@7873b79400662eb591cf013e49150cc3df417edb
Scan Type: 00h:01m:16s
Scan Start Date: Tue Jun 09 2020 23:58:09 GMT+0100 (British Summer Time)
Scan Time: 00h:01m:16s
Source Origin: LocalPath
Visibility: Public

---

Result Details
Query ID: 3933
Query Path: JavaScript\Cx\JavaScript Server Side Vulnerabilities\Use Of Hardcoded Password Version:1
Query Group: JavaScript_Server_Side_Vulnerabilities
Query Name: Use_Of_Hardcoded_Password
Query Language: JavaScript
Query Language Hash: 0935562945055365
Query Language Change Date: Tue May 19 2020 00:00:00 GMT+0100 (British Summer Time)
Query Version Code: 97095146
Query Severity: Low
Query Severity Index: 1
Similarity ID: 99642897
Path ID: 4
Result ID: 1000039
Result State: 4
Result Severity: Medium
Result Status: Recurrent
Result Assignee:

---

Mitigation Details
Checkmarx Recommendations URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ScanQueryDescription.aspx?queryID=3933&queryVersionCode=97095146&queryTitle=Use_Of_Hardcoded_Password
CWE ID: 259
CWE URL: https://cwe.mitre.org/data/definitions/259.html

Low - Use_Of_Hardcoded_Password

0 Node - Line 30 - "cxPassword"

checkmarx-github-action/src/cxosa.js

Lines 29 to 31 in 7873b79

	let cxUsername = core.getInput('cxUsername', { required: false })
	let cxPassword = core.getInput('cxPassword', { required: false })
	let cxProject = core.getInput('cxProject', { required: false })

1 Node - Line 30 - getInput

checkmarx-github-action/src/cxosa.js

Lines 29 to 31 in 7873b79

	let cxUsername = core.getInput('cxUsername', { required: false })
	let cxPassword = core.getInput('cxPassword', { required: false })
	let cxProject = core.getInput('cxProject', { required: false })

2 Node - Line 30 - cxPassword

checkmarx-github-action/src/cxosa.js

Lines 29 to 31 in 7873b79

	let cxUsername = core.getInput('cxUsername', { required: false })
	let cxPassword = core.getInput('cxPassword', { required: false })
	let cxProject = core.getInput('cxProject', { required: false })

3 Node - Line 67 - cxPassword

checkmarx-github-action/src/cxosa.js

Lines 66 to 68 in 7873b79

	if (utils.isValidString(cxPassword)) {
	password = cxPassword.trim()

Comments
Miguel Freitas checkmarx-github-action-master, [Monday, June 8, 2020 9:51:47 PM]: Changed status to Confirmed

---

Project Details
Checkmarx Version: 9.0.0.40085 HF1
Project ID: 6
Project Name: checkmarx-github-action-master
Preset: Checkmarx Default
Owner: miguel
Team: CxServer\SP\EMEA

---

Scan Details
Initiator Name: Miguel Freitas
Scan ID: 1000039
LOC: 4642
Files Scanned: 10
Scan Type: Full
Scan URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ViewerMain.aspx?scanid=1000039&projectid=6
Scan Comment: git master@7873b79400662eb591cf013e49150cc3df417edb
Scan Type: 00h:01m:16s
Scan Start Date: Tue Jun 09 2020 23:58:09 GMT+0100 (British Summer Time)
Scan Time: 00h:01m:16s
Source Origin: LocalPath
Visibility: Public

---

Result Details
Query ID: 3933
Query Path: JavaScript\Cx\JavaScript Server Side Vulnerabilities\Use Of Hardcoded Password Version:1
Query Group: JavaScript_Server_Side_Vulnerabilities
Query Name: Use_Of_Hardcoded_Password
Query Language: JavaScript
Query Language Hash: 0935562945055365
Query Language Change Date: Tue May 19 2020 00:00:00 GMT+0100 (British Summer Time)
Query Version Code: 97095146
Query Severity: Low
Query Severity Index: 1
Similarity ID: 99642897
Path ID: 1
Result ID: 1000039
Result State: 2
Result Severity: Low
Result Status: Recurrent
Result Assignee:

---

Mitigation Details
Checkmarx Recommendations URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ScanQueryDescription.aspx?queryID=3933&queryVersionCode=97095146&queryTitle=Use_Of_Hardcoded_Password
CWE ID: 259
CWE URL: https://cwe.mitre.org/data/definitions/259.html

High - Use_Of_Hardcoded_Password

0 Node - Line 46 - "cxPassword"

checkmarx-github-action/src/cxtoken.js

Lines 45 to 47 in 7873b79

	let cxUsername = core.getInput('cxUsername', { required: true })
	let cxPassword = core.getInput('cxPassword', { required: true })

1 Node - Line 46 - getInput

checkmarx-github-action/src/cxtoken.js

Lines 45 to 47 in 7873b79

	let cxUsername = core.getInput('cxUsername', { required: true })
	let cxPassword = core.getInput('cxPassword', { required: true })

2 Node - Line 46 - cxPassword

checkmarx-github-action/src/cxtoken.js

Lines 45 to 47 in 7873b79

	let cxUsername = core.getInput('cxUsername', { required: true })
	let cxPassword = core.getInput('cxPassword', { required: true })

3 Node - Line 64 - cxPassword

checkmarx-github-action/src/cxtoken.js

Lines 63 to 65 in 7873b79

	if (utils.isValidString(cxPassword)) {
	password = cxPassword
	} else {

4 Node - Line 64 - password

checkmarx-github-action/src/cxtoken.js

Lines 63 to 65 in 7873b79

	if (utils.isValidString(cxPassword)) {
	password = cxPassword
	} else {

5 Node - Line 82 - password

checkmarx-github-action/src/cxtoken.js

Lines 81 to 83 in 7873b79

	" -CxUser " + user +
	" -CxPassword " + password

Comments
Miguel Freitas checkmarx-github-action-master, [Monday, June 8, 2020 9:52:09 PM]: Changed severity to High

---

Project Details
Checkmarx Version: 9.0.0.40085 HF1
Project ID: 6
Project Name: checkmarx-github-action-master
Preset: Checkmarx Default
Owner: miguel
Team: CxServer\SP\EMEA

---

Scan Details
Initiator Name: Miguel Freitas
Scan ID: 1000039
LOC: 4642
Files Scanned: 10
Scan Type: Full
Scan URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ViewerMain.aspx?scanid=1000039&projectid=6
Scan Comment: git master@7873b79400662eb591cf013e49150cc3df417edb
Scan Type: 00h:01m:16s
Scan Start Date: Tue Jun 09 2020 23:58:09 GMT+0100 (British Summer Time)
Scan Time: 00h:01m:16s
Source Origin: LocalPath
Visibility: Public

---

Result Details
Query ID: 3933
Query Path: JavaScript\Cx\JavaScript Server Side Vulnerabilities\Use Of Hardcoded Password Version:1
Query Group: JavaScript_Server_Side_Vulnerabilities
Query Name: Use_Of_Hardcoded_Password
Query Language: JavaScript
Query Language Hash: 0935562945055365
Query Language Change Date: Tue May 19 2020 00:00:00 GMT+0100 (British Summer Time)
Query Version Code: 97095146
Query Severity: Low
Query Severity Index: 1
Similarity ID: 99642897
Path ID: 6
Result ID: 1000039
Result State: 0
Result Severity: High
Result Status: Recurrent
Result Assignee:

---

Mitigation Details
Checkmarx Recommendations URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ScanQueryDescription.aspx?queryID=3933&queryVersionCode=97095146&queryTitle=Use_Of_Hardcoded_Password
CWE ID: 259
CWE URL: https://cwe.mitre.org/data/definitions/259.html

Medium - Use_Of_Hardcoded_Password

0 Node - Line 36 - "cxPassword"

checkmarx-github-action/src/cxsast.js

Lines 35 to 37 in 7873b79

	let cxPassword = core.getInput('cxPassword', { required: false })
	let cxToken = core.getInput('cxToken', { required: false })
	let cxProject = core.getInput('cxProject', { required: false })

1 Node - Line 36 - getInput

checkmarx-github-action/src/cxsast.js

Lines 35 to 37 in 7873b79

	let cxPassword = core.getInput('cxPassword', { required: false })
	let cxToken = core.getInput('cxToken', { required: false })
	let cxProject = core.getInput('cxProject', { required: false })

2 Node - Line 36 - cxPassword

checkmarx-github-action/src/cxsast.js

Lines 35 to 37 in 7873b79

	let cxPassword = core.getInput('cxPassword', { required: false })
	let cxToken = core.getInput('cxToken', { required: false })
	let cxProject = core.getInput('cxProject', { required: false })

3 Node - Line 78 - cxPassword

checkmarx-github-action/src/cxsast.js

Lines 77 to 79 in 7873b79

	password = cxPassword.trim()
	} else {
	let message = "Please provide 'cxPassword' input (string)"

4 Node - Line 78 - trim

checkmarx-github-action/src/cxsast.js

Lines 77 to 79 in 7873b79

	password = cxPassword.trim()
	} else {
	let message = "Please provide 'cxPassword' input (string)"

5 Node - Line 78 - password

checkmarx-github-action/src/cxsast.js

Lines 77 to 79 in 7873b79

	password = cxPassword.trim()
	} else {
	let message = "Please provide 'cxPassword' input (string)"

6 Node - Line 260 - password

checkmarx-github-action/src/cxsast.js

Lines 259 to 261 in 7873b79

	credentials = " -CxUser " + user + " -CxPassword " + password
	}

Comments
Miguel Freitas checkmarx-github-action-master, [Monday, June 8, 2020 9:52:12 PM]: Changed severity to Medium
Miguel Freitas checkmarx-github-action-master, [Monday, June 8, 2020 9:52:01 PM]: Changed status to Proposed Not Exploitable
Miguel Freitas checkmarx-github-action-master, [Monday, June 8, 2020 9:51:59 PM]: Changed status to Urgent

---

Project Details
Checkmarx Version: 9.0.0.40085 HF1
Project ID: 6
Project Name: checkmarx-github-action-master
Preset: Checkmarx Default
Owner: miguel
Team: CxServer\SP\EMEA

---

Scan Details
Initiator Name: Miguel Freitas
Scan ID: 1000039
LOC: 4642
Files Scanned: 10
Scan Type: Full
Scan URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ViewerMain.aspx?scanid=1000039&projectid=6
Scan Comment: git master@7873b79400662eb591cf013e49150cc3df417edb
Scan Type: 00h:01m:16s
Scan Start Date: Tue Jun 09 2020 23:58:09 GMT+0100 (British Summer Time)
Scan Time: 00h:01m:16s
Source Origin: LocalPath
Visibility: Public

---

Result Details
Query ID: 3933
Query Path: JavaScript\Cx\JavaScript Server Side Vulnerabilities\Use Of Hardcoded Password Version:1
Query Group: JavaScript_Server_Side_Vulnerabilities
Query Name: Use_Of_Hardcoded_Password
Query Language: JavaScript
Query Language Hash: 0935562945055365
Query Language Change Date: Tue May 19 2020 00:00:00 GMT+0100 (British Summer Time)
Query Version Code: 97095146
Query Severity: Low
Query Severity Index: 1
Similarity ID: 99642897
Path ID: 4
Result ID: 1000039
Result State: 4
Result Severity: Medium
Result Status: Recurrent
Result Assignee:

---

Mitigation Details
Checkmarx Recommendations URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ScanQueryDescription.aspx?queryID=3933&queryVersionCode=97095146&queryTitle=Use_Of_Hardcoded_Password
CWE ID: 259
CWE URL: https://cwe.mitre.org/data/definitions/259.html

High - Use_Of_Hardcoded_Password

0 Node - Line 46 - "cxPassword"

checkmarx-github-action/src/cxtoken.js

Lines 45 to 47 in 7873b79

	let cxUsername = core.getInput('cxUsername', { required: true })
	let cxPassword = core.getInput('cxPassword', { required: true })

1 Node - Line 46 - getInput

checkmarx-github-action/src/cxtoken.js

Lines 45 to 47 in 7873b79

	let cxUsername = core.getInput('cxUsername', { required: true })
	let cxPassword = core.getInput('cxPassword', { required: true })

2 Node - Line 46 - cxPassword

checkmarx-github-action/src/cxtoken.js

Lines 45 to 47 in 7873b79

	let cxUsername = core.getInput('cxUsername', { required: true })
	let cxPassword = core.getInput('cxPassword', { required: true })

3 Node - Line 64 - cxPassword

checkmarx-github-action/src/cxtoken.js

Lines 63 to 65 in 7873b79

	if (utils.isValidString(cxPassword)) {
	password = cxPassword
	} else {

4 Node - Line 64 - password

checkmarx-github-action/src/cxtoken.js

Lines 63 to 65 in 7873b79

	if (utils.isValidString(cxPassword)) {
	password = cxPassword
	} else {

5 Node - Line 82 - password

checkmarx-github-action/src/cxtoken.js

Lines 81 to 83 in 7873b79

	" -CxUser " + user +
	" -CxPassword " + password

Comments
Miguel Freitas checkmarx-github-action-master, [Monday, June 8, 2020 9:52:09 PM]: Changed severity to High

---

Project Details
Checkmarx Version: 9.0.0.40085 HF1
Project ID: 6
Project Name: checkmarx-github-action-master
Preset: Checkmarx Default
Owner: miguel
Team: CxServer\SP\EMEA

---

Scan Details
Initiator Name: Miguel Freitas
Scan ID: 1000039
LOC: 4642
Files Scanned: 10
Scan Type: Full
Scan URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ViewerMain.aspx?scanid=1000039&projectid=6
Scan Comment: git master@7873b79400662eb591cf013e49150cc3df417edb
Scan Type: 00h:01m:16s
Scan Start Date: Tue Jun 09 2020 23:58:09 GMT+0100 (British Summer Time)
Scan Time: 00h:01m:16s
Source Origin: LocalPath
Visibility: Public

---

Result Details
Query ID: 3933
Query Path: JavaScript\Cx\JavaScript Server Side Vulnerabilities\Use Of Hardcoded Password Version:1
Query Group: JavaScript_Server_Side_Vulnerabilities
Query Name: Use_Of_Hardcoded_Password
Query Language: JavaScript
Query Language Hash: 0935562945055365
Query Language Change Date: Tue May 19 2020 00:00:00 GMT+0100 (British Summer Time)
Query Version Code: 97095146
Query Severity: Low
Query Severity Index: 1
Similarity ID: 99642897
Path ID: 6
Result ID: 1000039
Result State: 0
Result Severity: High
Result Status: Recurrent
Result Assignee:

---

Mitigation Details
Checkmarx Recommendations URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ScanQueryDescription.aspx?queryID=3933&queryVersionCode=97095146&queryTitle=Use_Of_Hardcoded_Password
CWE ID: 259
CWE URL: https://cwe.mitre.org/data/definitions/259.html

Medium - Use_Of_Hardcoded_Password

0 Node - Line 36 - "cxPassword"

checkmarx-github-action/src/cxsast.js

Lines 35 to 37 in 7873b79

	let cxPassword = core.getInput('cxPassword', { required: false })
	let cxToken = core.getInput('cxToken', { required: false })
	let cxProject = core.getInput('cxProject', { required: false })

1 Node - Line 36 - getInput

checkmarx-github-action/src/cxsast.js

Lines 35 to 37 in 7873b79

	let cxPassword = core.getInput('cxPassword', { required: false })
	let cxToken = core.getInput('cxToken', { required: false })
	let cxProject = core.getInput('cxProject', { required: false })

2 Node - Line 36 - cxPassword

checkmarx-github-action/src/cxsast.js

Lines 35 to 37 in 7873b79

	let cxPassword = core.getInput('cxPassword', { required: false })
	let cxToken = core.getInput('cxToken', { required: false })
	let cxProject = core.getInput('cxProject', { required: false })

3 Node - Line 78 - cxPassword

checkmarx-github-action/src/cxsast.js

Lines 77 to 79 in 7873b79

	password = cxPassword.trim()
	} else {
	let message = "Please provide 'cxPassword' input (string)"

4 Node - Line 78 - trim

checkmarx-github-action/src/cxsast.js

Lines 77 to 79 in 7873b79

	password = cxPassword.trim()
	} else {
	let message = "Please provide 'cxPassword' input (string)"

5 Node - Line 78 - password

checkmarx-github-action/src/cxsast.js

Lines 77 to 79 in 7873b79

	password = cxPassword.trim()
	} else {
	let message = "Please provide 'cxPassword' input (string)"

6 Node - Line 260 - password

checkmarx-github-action/src/cxsast.js

Lines 259 to 261 in 7873b79

	credentials = " -CxUser " + user + " -CxPassword " + password
	}

Comments
Miguel Freitas checkmarx-github-action-master, [Monday, June 8, 2020 9:52:12 PM]: Changed severity to Medium
Miguel Freitas checkmarx-github-action-master, [Monday, June 8, 2020 9:52:01 PM]: Changed status to Proposed Not Exploitable
Miguel Freitas checkmarx-github-action-master, [Monday, June 8, 2020 9:51:59 PM]: Changed status to Urgent

---

Project Details
Checkmarx Version: 9.0.0.40085 HF1
Project ID: 6
Project Name: checkmarx-github-action-master
Preset: Checkmarx Default
Owner: miguel
Team: CxServer\SP\EMEA

---

Scan Details
Initiator Name: Miguel Freitas
Scan ID: 1000039
LOC: 4642
Files Scanned: 10
Scan Type: Full
Scan URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ViewerMain.aspx?scanid=1000039&projectid=6
Scan Comment: git master@7873b79400662eb591cf013e49150cc3df417edb
Scan Type: 00h:01m:16s
Scan Start Date: Tue Jun 09 2020 23:58:09 GMT+0100 (British Summer Time)
Scan Time: 00h:01m:16s
Source Origin: LocalPath
Visibility: Public

---

Result Details
Query ID: 3933
Query Path: JavaScript\Cx\JavaScript Server Side Vulnerabilities\Use Of Hardcoded Password Version:1
Query Group: JavaScript_Server_Side_Vulnerabilities
Query Name: Use_Of_Hardcoded_Password
Query Language: JavaScript
Query Language Hash: 0935562945055365
Query Language Change Date: Tue May 19 2020 00:00:00 GMT+0100 (British Summer Time)
Query Version Code: 97095146
Query Severity: Low
Query Severity Index: 1
Similarity ID: 99642897
Path ID: 4
Result ID: 1000039
Result State: 4
Result Severity: Medium
Result Status: Recurrent
Result Assignee:

---

Mitigation Details
Checkmarx Recommendations URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ScanQueryDescription.aspx?queryID=3933&queryVersionCode=97095146&queryTitle=Use_Of_Hardcoded_Password
CWE ID: 259
CWE URL: https://cwe.mitre.org/data/definitions/259.html

Low - Use_Of_Hardcoded_Password

0 Node - Line 30 - "cxPassword"

checkmarx-github-action/src/cxosa.js

Lines 29 to 31 in 7873b79

	let cxUsername = core.getInput('cxUsername', { required: false })
	let cxPassword = core.getInput('cxPassword', { required: false })
	let cxProject = core.getInput('cxProject', { required: false })

1 Node - Line 30 - getInput

checkmarx-github-action/src/cxosa.js

Lines 29 to 31 in 7873b79

	let cxUsername = core.getInput('cxUsername', { required: false })
	let cxPassword = core.getInput('cxPassword', { required: false })
	let cxProject = core.getInput('cxProject', { required: false })

2 Node - Line 30 - cxPassword

checkmarx-github-action/src/cxosa.js

Lines 29 to 31 in 7873b79

	let cxUsername = core.getInput('cxUsername', { required: false })
	let cxPassword = core.getInput('cxPassword', { required: false })
	let cxProject = core.getInput('cxProject', { required: false })

3 Node - Line 67 - cxPassword

checkmarx-github-action/src/cxosa.js

Lines 66 to 68 in 7873b79

	if (utils.isValidString(cxPassword)) {
	password = cxPassword.trim()

Comments
Miguel Freitas checkmarx-github-action-master, [Monday, June 8, 2020 9:51:47 PM]: Changed status to Confirmed

---

Project Details
Checkmarx Version: 9.0.0.40085 HF1
Project ID: 6
Project Name: checkmarx-github-action-master
Preset: Checkmarx Default
Owner: miguel
Team: CxServer\SP\EMEA

---

Scan Details
Initiator Name: Miguel Freitas
Scan ID: 1000039
LOC: 4642
Files Scanned: 10
Scan Type: Full
Scan URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ViewerMain.aspx?scanid=1000039&projectid=6
Scan Comment: git master@7873b79400662eb591cf013e49150cc3df417edb
Scan Type: 00h:01m:16s
Scan Start Date: Tue Jun 09 2020 23:58:09 GMT+0100 (British Summer Time)
Scan Time: 00h:01m:16s
Source Origin: LocalPath
Visibility: Public

---

Result Details
Query ID: 3933
Query Path: JavaScript\Cx\JavaScript Server Side Vulnerabilities\Use Of Hardcoded Password Version:1
Query Group: JavaScript_Server_Side_Vulnerabilities
Query Name: Use_Of_Hardcoded_Password
Query Language: JavaScript
Query Language Hash: 0935562945055365
Query Language Change Date: Tue May 19 2020 00:00:00 GMT+0100 (British Summer Time)
Query Version Code: 97095146
Query Severity: Low
Query Severity Index: 1
Similarity ID: 99642897
Path ID: 1
Result ID: 1000039
Result State: 2
Result Severity: Low
Result Status: Recurrent
Result Assignee:

---

Mitigation Details
Checkmarx Recommendations URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ScanQueryDescription.aspx?queryID=3933&queryVersionCode=97095146&queryTitle=Use_Of_Hardcoded_Password
CWE ID: 259
CWE URL: https://cwe.mitre.org/data/definitions/259.html

High - Use_Of_Hardcoded_Password

0 Node - Line 46 - "cxPassword"

checkmarx-github-action/src/cxtoken.js

Lines 45 to 47 in 7873b79

	let cxUsername = core.getInput('cxUsername', { required: true })
	let cxPassword = core.getInput('cxPassword', { required: true })

1 Node - Line 46 - getInput

checkmarx-github-action/src/cxtoken.js

Lines 45 to 47 in 7873b79

	let cxUsername = core.getInput('cxUsername', { required: true })
	let cxPassword = core.getInput('cxPassword', { required: true })

2 Node - Line 46 - cxPassword

checkmarx-github-action/src/cxtoken.js

Lines 45 to 47 in 7873b79

	let cxUsername = core.getInput('cxUsername', { required: true })
	let cxPassword = core.getInput('cxPassword', { required: true })

3 Node - Line 64 - cxPassword

checkmarx-github-action/src/cxtoken.js

Lines 63 to 65 in 7873b79

	if (utils.isValidString(cxPassword)) {
	password = cxPassword
	} else {

4 Node - Line 64 - password

checkmarx-github-action/src/cxtoken.js

Lines 63 to 65 in 7873b79

	if (utils.isValidString(cxPassword)) {
	password = cxPassword
	} else {

5 Node - Line 82 - password

checkmarx-github-action/src/cxtoken.js

Lines 81 to 83 in 7873b79

	" -CxUser " + user +
	" -CxPassword " + password

Comments
Miguel Freitas checkmarx-github-action-master, [Monday, June 8, 2020 9:52:09 PM]: Changed severity to High

---

Project Details
Checkmarx Version: 9.0.0.40085 HF1
Project ID: 6
Project Name: checkmarx-github-action-master
Preset: Checkmarx Default
Owner: miguel
Team: CxServer\SP\EMEA

---

Scan Details
Initiator Name: Miguel Freitas
Scan ID: 1000039
LOC: 4642
Files Scanned: 10
Scan Type: Full
Scan URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ViewerMain.aspx?scanid=1000039&projectid=6
Scan Comment: git master@7873b79400662eb591cf013e49150cc3df417edb
Scan Type: 00h:01m:16s
Scan Start Date: Tue Jun 09 2020 23:58:09 GMT+0100 (British Summer Time)
Scan Time: 00h:01m:16s
Source Origin: LocalPath
Visibility: Public

---

Result Details
Query ID: 3933
Query Path: JavaScript\Cx\JavaScript Server Side Vulnerabilities\Use Of Hardcoded Password Version:1
Query Group: JavaScript_Server_Side_Vulnerabilities
Query Name: Use_Of_Hardcoded_Password
Query Language: JavaScript
Query Language Hash: 0935562945055365
Query Language Change Date: Tue May 19 2020 00:00:00 GMT+0100 (British Summer Time)
Query Version Code: 97095146
Query Severity: Low
Query Severity Index: 1
Similarity ID: 99642897
Path ID: 6
Result ID: 1000039
Result State: 0
Result Severity: High
Result Status: Recurrent
Result Assignee:

---

Mitigation Details
Checkmarx Recommendations URL: https://cxprivatecloud.checkmarx.net/CxWebClient/ScanQueryDescription.aspx?queryID=3933&queryVersionCode=97095146&queryTitle=Use_Of_Hardcoded_Password
CWE ID: 259
CWE URL: https://cwe.mitre.org/data/definitions/259.html