Skip to content

pullrequests Search Results · language:Dune language:JavaScript language:Java language:HTML language:Python language:JavaScript

Filter by

210M results  (2 s)

210M results

SHREYANSH1814/WebGoat
Semgrep Finding: java.lang.security.audit.object-deserialization.object-deserialization

Harness Pipeline 1. Avoid deserializing entire objects from untrusted input. Instead, transmit only primitive data or simple DTOs and reconstruct objects manually. 2. If deserialization is necessary, ...
  • SHREYANSH1814
  • Opened 
    37 seconds ago
  • #621

SHREYANSH1814/WebGoat
Semgrep Finding: html.security.audit.missing-integrity.missing-integrity

Harness Pipeline 1. Calculate the cryptographic hash (SHA-256, SHA-384, or SHA-512) of the external CSS file you are loading. 2. Add the integrity attribute to the link tag with the base64-encoded hash ...
  • SHREYANSH1814
  • Opened 
    37 seconds ago
  • #623

SHREYANSH1814/WebGoat
Semgrep Finding: java.spring.security.injection.tainted-sql-string.tainted-sql-string

Harness Pipeline 1. Replace all manual SQL string concatenations involving user input with parameterized queries using PreparedStatement. 2. Refactor the user existence check query to use a PreparedStatement ...
  • SHREYANSH1814
  • Opened 
    37 seconds ago
  • #619

SHREYANSH1814/WebGoat
Trust Boundary Violation

Harness Pipeline 1. Separate trusted and untrusted data: Do not store combined authentication tokens directly in the session without validation. 2. Validate or regenerate credentials server-side: ...
  • SHREYANSH1814
  • Opened 
    37 seconds ago
  • #622

SHREYANSH1814/WebGoat
Improper Input Validation

Harness Pipeline 1. Strictly validate the id parameter to allow only expected values (e.g., numeric IDs corresponding to existing cat pictures). 2. Reject or sanitize any input containing path traversal ...
  • SHREYANSH1814
  • Opened 
    37 seconds ago
  • #624

SHREYANSH1814/WebGoat
Semgrep Finding: yaml.github-actions.security.run-shell-injection.run-shell-injection

Harness Pipeline 1. Avoid direct interpolation of github context variables in run: steps. 2. Assign untrusted inputs to environment variables using the env: key. 3. Reference these environment variables ...
  • SHREYANSH1814
  • Opened 
    38 seconds ago
  • #613

SHREYANSH1814/WebGoat
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Harness Pipeline 1. Canonicalize and validate the file path: Resolve the user-supplied filename to an absolute path and verify it is a child of the intended directory. 2. Reject or sanitize inputs ...
  • SHREYANSH1814
  • Opened 
    38 seconds ago
  • #614

SHREYANSH1814/WebGoat
Semgrep Finding: gitlab.find_sec_bugs.SQL_INJECTION_SPRING_JDBC-1.SQL_INJECTION_JPA-1.SQL_INJECTION_JDO-1.SQL_INJECTION_JDBC-1.…

Harness Pipeline 1. Replace the use of Statement with PreparedStatement to safely parameterize user inputs. 2. Avoid executing raw user-provided SQL queries. Instead, define specific query templates ...
  • SHREYANSH1814
  • Opened 
    38 seconds ago
  • #612

SHREYANSH1814/WebGoat
Semgrep Finding: generic.secrets.security.detected-jwt-token.detected-jwt-token

Harness Pipeline 1. Reject tokens with alg: none explicitly: Configure the JWT library to disallow the none algorithm. 2. Use strong, secure signing algorithms such as HS256, RS256, or ES256. 3. Do ...
  • SHREYANSH1814
  • Opened 
    38 seconds ago
  • #615

SHREYANSH1814/WebGoat
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Harness Pipeline 1. Eliminate direct execution of user-supplied SQL strings. Do not pass raw user input as SQL commands. 2. Use parameterized queries (PreparedStatements) for all SQL commands. This ...
  • SHREYANSH1814
  • Opened 
    38 seconds ago
  • #616