Code Security Report: 1 high severity findings, 12 total findings

[mend-for-github-com]

Code Security Report

Scan Metadata

Latest Scan: 2023-09-04 02:11pm
Total Findings: 12 | New Findings: 0 | Resolved Findings: 0
Tested Project Files: 193
Detected Programming Languages: 1 (Java)

• Check this box to manually trigger a scan

Most Relevant Findings

The below list presents the 10 most relevant findings that need your attention. To view information on the remaining findings, navigate to the Mend Application.

Severity	Vulnerability Type	CWE	File	Data Flows	Date
High	Cross-Site Scripting	CWE-79	OpenApiResource.java:32	1	2023-09-04 02:11pm
Vulnerable Code swagger-core/modules/swagger-jaxrs2/src/main/java/io/swagger/v3/jaxrs2/integration/resources/OpenApiResource.java Lines 27 to 32 in bca87b8 @Operation(hidden = true) public Response getOpenApi(@Context HttpHeaders headers, @Context UriInfo uriInfo, @PathParam("type") String type) throws Exception { return super.getOpenApi(headers, config, app, uriInfo, type); 1 Data Flow/s detected View Data Flow 1 swagger-core/modules/swagger-jaxrs2/src/main/java/io/swagger/v3/jaxrs2/integration/resources/OpenApiResource.java Line 32 in bca87b8 return super.getOpenApi(headers, config, app, uriInfo, type);
Medium	Error Messages Information Exposure	CWE-209	ServletOpenApiConfigurationLoader.java:78	1	2023-09-04 02:11pm
Vulnerable Code swagger-core/modules/swagger-jaxrs2/src/main/java/io/swagger/v3/jaxrs2/integration/ServletOpenApiConfigurationLoader.java Lines 73 to 78 in bca87b8 Class cls = getClass().getClassLoader().loadClass(builderClassName); // TODO instantiate with configuration OpenAPIConfigBuilder builder = (OpenAPIConfigBuilder) cls.newInstance(); return builder.build(); } catch (Exception e) { LOGGER.error("error loading builder: " + e.getMessage(), e); 1 Data Flow/s detected View Data Flow 1 swagger-core/modules/swagger-jaxrs2/src/main/java/io/swagger/v3/jaxrs2/integration/ServletOpenApiConfigurationLoader.java Line 78 in bca87b8 LOGGER.error("error loading builder: " + e.getMessage(), e);
Medium	Error Messages Information Exposure	CWE-209	Yaml.java:25	1	2023-09-04 02:11pm
Vulnerable Code swagger-core/modules/swagger-core/src/main/java/io/swagger/v3/core/util/Yaml.java Lines 20 to 25 in bca87b8 public static String pretty(Object o) { try { return pretty().writeValueAsString(o); } catch (Exception e) { e.printStackTrace(); 1 Data Flow/s detected View Data Flow 1 swagger-core/modules/swagger-core/src/main/java/io/swagger/v3/core/util/Yaml.java Line 25 in bca87b8 e.printStackTrace();
Medium	Error Messages Information Exposure	CWE-209	Json.java:35	1	2023-09-04 02:11pm
Vulnerable Code swagger-core/modules/swagger-core/src/main/java/io/swagger/v3/core/util/Json.java Lines 30 to 35 in bca87b8 public static void prettyPrint(Object o) { try { System.out.println(pretty().writeValueAsString(o).replace("\r", "")); } catch (Exception e) { e.printStackTrace(); 1 Data Flow/s detected View Data Flow 1 swagger-core/modules/swagger-core/src/main/java/io/swagger/v3/core/util/Json.java Line 35 in bca87b8 e.printStackTrace();
Medium	Error Messages Information Exposure	CWE-209	OpenApiServlet.java:38	1	2023-09-04 02:11pm
Vulnerable Code swagger-core/modules/swagger-jaxrs2/src/main/java/io/swagger/v3/jaxrs2/integration/OpenApiServlet.java Lines 33 to 38 in bca87b8 new ServletOpenApiContextBuilder() .servletConfig(config) .ctxId(ctxId) .buildContext(true); } catch (OpenApiConfigurationException e) { e.printStackTrace(); 1 Data Flow/s detected View Data Flow 1 swagger-core/modules/swagger-jaxrs2/src/main/java/io/swagger/v3/jaxrs2/integration/OpenApiServlet.java Line 38 in bca87b8 e.printStackTrace();
Medium	Error Messages Information Exposure	CWE-209	StringOpenApiConfigurationLoader.java:24	1	2023-09-04 02:11pm
Vulnerable Code swagger-core/modules/swagger-integration/src/main/java/io/swagger/v3/oas/integration/StringOpenApiConfigurationLoader.java Lines 19 to 24 in bca87b8 } else { // assume yaml return Yaml.mapper().readValue(configAsString, SwaggerConfiguration.class); } } catch (Exception e) { LOGGER.error("exception reading config: " + e.getMessage(), e); 1 Data Flow/s detected View Data Flow 1 swagger-core/modules/swagger-integration/src/main/java/io/swagger/v3/oas/integration/StringOpenApiConfigurationLoader.java Line 24 in bca87b8 LOGGER.error("exception reading config: " + e.getMessage(), e);
Medium	Error Messages Information Exposure	CWE-209	GenericOpenApiContext.java:282	1	2023-09-04 02:11pm
Vulnerable Code swagger-core/modules/swagger-integration/src/main/java/io/swagger/v3/oas/integration/GenericOpenApiContext.java Lines 277 to 282 in bca87b8 if (openApiScanner == null) { openApiScanner = buildScanner(ContextUtils.deepCopy(openApiConfiguration)); } } catch (Exception e) { LOGGER.error("error initializing context: " + e.getMessage(), e); throw new OpenApiConfigurationException("error initializing context: " + e.getMessage(), e); 1 Data Flow/s detected View Data Flow 1 swagger-core/modules/swagger-integration/src/main/java/io/swagger/v3/oas/integration/GenericOpenApiContext.java Line 282 in bca87b8 throw new OpenApiConfigurationException("error initializing context: " + e.getMessage(), e);
Medium	Error Messages Information Exposure	CWE-209	GenericOpenApiContext.java:255	1	2023-09-04 02:11pm
Vulnerable Code swagger-core/modules/swagger-integration/src/main/java/io/swagger/v3/oas/integration/GenericOpenApiContext.java Lines 250 to 255 in bca87b8 } } } return null; } catch (Exception e) { throw new OpenApiConfigurationException(e.getMessage(), e); 1 Data Flow/s detected View Data Flow 1 swagger-core/modules/swagger-integration/src/main/java/io/swagger/v3/oas/integration/GenericOpenApiContext.java Line 255 in bca87b8 throw new OpenApiConfigurationException(e.getMessage(), e);
Medium	Error Messages Information Exposure	CWE-209	ContextUtils.java:20	1	2023-09-04 02:11pm
Vulnerable Code swagger-core/modules/swagger-integration/src/main/java/io/swagger/v3/oas/integration/ContextUtils.java Lines 15 to 20 in bca87b8 return null; } try { return Json.mapper().readValue(Json.pretty(config), SwaggerConfiguration.class); } catch (Exception e) { LOGGER.error("Exception cloning config: " + e.getMessage(), e); 1 Data Flow/s detected View Data Flow 1 swagger-core/modules/swagger-integration/src/main/java/io/swagger/v3/oas/integration/ContextUtils.java Line 20 in bca87b8 LOGGER.error("Exception cloning config: " + e.getMessage(), e);
Medium	Error Messages Information Exposure	CWE-209	Yaml.java:34	1	2023-09-04 02:11pm
Vulnerable Code swagger-core/modules/swagger-core/src/main/java/io/swagger/v3/core/util/Yaml.java Lines 29 to 34 in bca87b8 public static void prettyPrint(Object o) { try { System.out.println(pretty().writeValueAsString(o)); } catch (Exception e) { e.printStackTrace(); 1 Data Flow/s detected View Data Flow 1 swagger-core/modules/swagger-core/src/main/java/io/swagger/v3/core/util/Yaml.java Line 34 in bca87b8 e.printStackTrace();

Findings Overview

Severity	Vulnerability Type	CWE	Language	Count
High	Cross-Site Scripting	CWE-79	Java	1
Medium	Error Messages Information Exposure	CWE-209	Java	11