Play with code review #10
Conversation
There was a problem hiding this comment.
⚠️ Snyk found 5 issues: 1 in the modified code and 4 outside it
1 issue in the modified code
Use of Hardcoded Credentials
- Path:
app.js#17
- Path:
4 issues outside the modified code
-
- Path:
app.js#100
- Path:
-
- Path:
app.js#17
- Path:
-
- Path:
main.js#18
- Path:
-
There was a problem hiding this comment.
[OUTSIDE THE DIFF]
[OPTION 1]
Snyk has found 3 issues outside the changed files:
- Path: app.js#17
- Path: main.js#18
[OPTION 2]
Snyk has found 5 issues outside the changed files:
app.js
There was a problem hiding this comment.
⚠️ Snyk found 5 issues: 1 in the modified code and 2 outside it
1 issue in the modified code
| Severity | Issue | Resolved |
|---|---|---|
 |
NoSQL Injection |
- Path: app.js#17
✅ Resolved- Path: app.js#17
✅ Resolved- ~~Path: app.js#17
2 issues outside the modified code
| Severity | Issue | Resolved |
|---|---|---|
|
NoSQL Injection | |
|
Use of Hardcoded Credentials | ✅ |
| @@ -56,7 +56,7 @@ app.post('/login', routes.loginHandler); | |||
| app.get('/admin', routes.isLoggedIn, routes.admin); | |||
| app.get('/account_details', routes.isLoggedIn, routes.get_account_details); | |||
| app.post('/account_details', routes.isLoggedIn, routes.save_account_details); | |||
| app.get('/logout', routes.logout); | |||
| app.get('/logout/now', routes.logout); | |||
| app.post('/create', routes.create); | |||
| app.get('/destroy/:id', routes.destroy); | |||
| app.get('/edit/:id', routes.edit); | |||
There was a problem hiding this comment.
NoSQL Injection
Unsanitized input from the HTTP request body flows into find, where it is used in an NoSQL query. This may result in an NoSQL Injection vulnerability.
Line 81 | Priority score 555 | CWE-319
|
| Severity | Issue |
|---|---|
|
NoSQL Injection - Path: utils.js#L10 |
|
Use of Hardcoded Credentials - Path: public/css/screen.css#L23 |
----------------------------------------------- OPTION 2 -----------------------------------------------
| Severity | Issue |
|---|---|
|
NoSQL Injection Line 10 in 433c1a3 |
|
Use of Hardcoded Credentials tiago_pr_playground/public/css/screen.css Line 23 in 433c1a3 |
----------------------------------------------- OPTION 3 -----------------------------------------------
NoSQL Injection
Unsanitized input from the HTTP request body flows into find, where it is used in an NoSQL query. This may result in an NoSQL Injection vulnerability.
Path: utils.js#L10
Use of Hardcoded Credentials
http.createServer uses HTTP which is an insecure protocol and should not be used in code due to cleartext transmission of information. Data in cleartext in a communication channel can be sniffed by unauthorized actors. Consider using the https module instead.
Path: public/css/screen.css#L23
----------------------------------------------- OPTION 4 -----------------------------------------------
NoSQL Injection
Unsanitized input from the HTTP request body flows into find, where it is used in an NoSQL query. This may result in an NoSQL Injection vulnerability.
Path:
Line 10 in 433c1a3
Use of Hardcoded Credentials
http.createServer uses HTTP which is an insecure protocol and should not be used in code due to cleartext transmission of information. Data in cleartext in a communication channel can be sniffed by unauthorized actors. Consider using the https module instead.
Path:
tiago_pr_playground/public/css/screen.css
Line 23 in 433c1a3
----------------------------------------------- OPTION 5 -----------------------------------------------
Line 10 in 433c1a3
NoSQL Injection
Unsanitized input from the HTTP request body flows into find, where it is used in an NoSQL query. This may result in an NoSQL Injection vulnerability.
----------------------------------------------- OPTION 6 -----------------------------------------------
Use of Hardcoded Credentials
http.createServer uses HTTP which is an insecure protocol and should not be used in code due to cleartext transmission of information. Data in cleartext in a communication channel can be sniffed by unauthorized actors. Consider using the https module instead.
|
----------------------------------------------- OPTION 1 -----------------------------------------------
|
|
| Severity | Issue |
|---|---|
|
NoSQL Injection - Path: utils.js#L10 |
|
Use of Hardcoded Credentials - Path: public/css/screen.css#L23 |
Here are the 2 issues within the modified code:
There was a problem hiding this comment.
⚠️ Snyk found 5 issues: 2 in the modified code and 2 outside of it
| Severity | Issue |
|---|---|
|
NoSQL Injection - Path: utils.js#L10 |
|
Use of Hardcoded Credentials - Path: public/css/screen.css#L23 |
Here are the 2 issues within the modified code:
| @@ -56,7 +56,7 @@ app.post('/login', routes.loginHandler); | |||
| app.get('/admin', routes.isLoggedIn, routes.admin); | |||
| app.get('/account_details', routes.isLoggedIn, routes.get_account_details); | |||
| app.post('/account_details', routes.isLoggedIn, routes.save_account_details); | |||
There was a problem hiding this comment.
NoSQL Injection
Unsanitized input from the HTTP request body flows into find, where it is used in an NoSQL query. This may result in an NoSQL Injection vulnerability.
Line 81 | Priority score 555 | CWE-319
No description provided.