Questions tagged [checkmarx]
Source code analyzer software which provides identifying, tracking and repairing technical and logical flaws.
checkmarx
348
questions
0
votes
0
answers
15
views
How to solve the Checkmarx finding 'to determine the amount of iterations that this loop performs ...'
I'm working in Typescript in an Electron project. I am receiving data in a socket, here's a code snippet:
socket.on('data', (data:any) => {
// Do some stuff
}
Now, in "Do some stuff", ...
- 179
-4
votes
1
answer
45
views
I want to prevent my React app from Security Vulnerability [closed]
I am getting 7 security vulnerabilities (4 High and 3 Moderate). I didn't find any solution to fix those.
I am getting those vulnerabilities with Checkmarx Application Security Testing Tool. Below are ...
1
vote
1
answer
311
views
How do you set 'no-new-privileges' in 'security options' in a Docker Compose file?
I'm running a Checkmarx scan, which raised an error that the Security Opt flag isn't set in the 'docker-compose.yaml' file. I've searched but there seems to be very little on actually setting these ...
- 5,048
1
vote
1
answer
88
views
Avoid SQL injection in incoming query coming in in-parameter
I have a procedure which will receive query in in parameter. I'm running the incoming query inside a procedure, and the Checkmarx tool detecting SQL injection in my_cursor.
How do I solve this?
I ...
- 23
0
votes
0
answers
65
views
Angular 15 - Checkmarx scan failing for dynamic html tag
I am trying to add a dynamically generated html tag to the DOM. For ex. dynamic tag is like - .
After debugging i found out that the checkmarx scan is failing because of "<" and ">...
- 25
0
votes
0
answers
162
views
Unchecked Input for Loop Condition CheckMarx for simple code
I created some little app that get args and use them to create report file.
but i got medium checkmarx.
this is my code (after i tried to fix the checkmarx with Math.min):
import reporter from '...
- 300
0
votes
0
answers
17
views
Throw an thisNullReferenceException when I perform a static code scan of java code
This is my first time to use the software. When I selected the java project to perform the scan, the program did not respond. Here is the log information.
enter image description here
json
06/05/2024 ...
- 1
0
votes
0
answers
71
views
Exclude typescript file in checkmarx
I have intergrated checkmarx step in jenkins, below is stage for checkmarx.
now I want to exclude scanning of typescript file with .tsx extension, I tried adding .tsx in filter pattern but still ...
- 21
-2
votes
1
answer
61
views
Mitigate dependency vulnerabilities in codebase
When using IntelliJ to package a Java app, a Checkmarx-powered feature or plugin checks for vulnerabilities. However, we mitigate the vulnerabilities in our codebase instead of updating dependencies.
...
- 34.7k
0
votes
1
answer
186
views
fix Prototype_Pollution error from checkmarx
the word 'substring(1)' in line window.location.search.substring(1) get error Prototype_Pollution,
Assigning external properties without validation may allow object properties pollution and affect ...
- 49
0
votes
1
answer
514
views
Unsafe Object binding Checkmarx Java
I am getting alert in Checkmarx scan saying Unsafe object binding in the saveAll() call. The exact words in checkmarx are
The orderReqDto at src/main/java/com/coppel/omnicanal/coppelpay/controller/...
0
votes
0
answers
189
views
Checkmarx DOM XSS Vulnerability flagging JS/jQuery code
From what I've been able to find online, I think Checkmarx is flagging because the code is appending HTML content directly to the DOM using .append() which may include user-controlled input. To fix ...
0
votes
0
answers
161
views
Checkmarx Scans Won't Recognize Any Sanitization Methods in Node/Express
I have a Node.js Express app and I'm running a Checkmarx scanning tool on it. It is flagging things like request.path and request.url and saying that "The element's value flow through the code ...
- 2,828
2
votes
1
answer
102
views
Security scan flagged local variable for heap inspection in C Function
I'm working on a C function getCredentials and encountered a Checkmarx flag regarding the variable lpass. However, in my understanding, both lid and lpass are locally stored on the stack within the ...
- 35
1
vote
2
answers
308
views
How to fix checkmarx reflected XSS attack in JSP page?
In the below JSP page Checkmax shows a Reflected XSS attack as I am using ${pageContext.reqest.contextPath} variable in JavaScript source. I have tried using
<script type="text/javascript&...
- 136