Skip to content
This repository has been archived by the owner on Jul 3, 2024. It is now read-only.

Picpay Challenge #6

Open
wants to merge 13 commits into
base: master
Choose a base branch
from
Open

Picpay Challenge #6

wants to merge 13 commits into from

Conversation

elisiomualumene
Copy link

No description provided.

@RicardoZandonaiPicPay
Copy link

Logo
Checkmarx One – Scan Summary & Detailsca5e43ea-0dc8-4e40-86cc-077488036f70

New Issues

Severity Issue Source File / Package Checkmarx Insight
HIGH CVE-2023-45288 Go-golang.org/x/net-v0.20.0 Vulnerable Package
HIGH Missing User Instruction /Dockerfile: 1 A user should be specified in the dockerfile, otherwise the image will run as root
HIGH Missing User Instruction /Dockerfile: 1 A user should be specified in the dockerfile, otherwise the image will run as root
HIGH Missing User Instruction /Dockerfile: 11 A user should be specified in the dockerfile, otherwise the image will run as root
HIGH Reflected_XSS /services/frontend/js/app.js: 77 Attack Vector
HIGH Reflected_XSS /services/frontend/js/app.js: 56 Attack Vector
HIGH Reflected_XSS /services/frontend/js/app.js: 125 Attack Vector
MEDIUM Add Instead of Copy /Dockerfile: 5 Using ADD to load external installation scripts could lead to an evil web server leveraging this and loading a malicious script.
MEDIUM Container Traffic Not Bound To Host Interface /docker-compose.yaml: 26 Incoming container traffic should be bound to a specific host interface
MEDIUM Container Traffic Not Bound To Host Interface /docker-compose.yaml: 17 Incoming container traffic should be bound to a specific host interface
MEDIUM Container Traffic Not Bound To Host Interface /docker-compose.yaml: 6 Incoming container traffic should be bound to a specific host interface
MEDIUM Container Traffic Not Bound To Host Interface /docker-compose.yaml: 35 Incoming container traffic should be bound to a specific host interface
MEDIUM Healthcheck Not Set /docker-compose.yaml: 14 Check containers periodically to see if they are running properly.
MEDIUM Healthcheck Not Set /docker-compose.yaml: 23 Check containers periodically to see if they are running properly.
MEDIUM Healthcheck Not Set /docker-compose.yaml: 32 Check containers periodically to see if they are running properly.
MEDIUM Image Version Not Explicit /Dockerfile: 11 Always tag the version of an image explicitly
MEDIUM Memory Not Limited /docker-compose.yaml: 23 Memory limits should be defined for each container. This prevents potential resource exhaustion by ensuring that containers consume not more than t...
MEDIUM Memory Not Limited /docker-compose.yaml: 32 Memory limits should be defined for each container. This prevents potential resource exhaustion by ensuring that containers consume not more than t...
MEDIUM Memory Not Limited /docker-compose.yaml: 14 Memory limits should be defined for each container. This prevents potential resource exhaustion by ensuring that containers consume not more than t...
MEDIUM Security Opt Not Set /docker-compose.yaml: 14 Attribute 'security_opt' should be defined.
MEDIUM Security Opt Not Set /docker-compose.yaml: 23 Attribute 'security_opt' should be defined.
MEDIUM Security Opt Not Set /docker-compose.yaml: 32 Attribute 'security_opt' should be defined.
LOW Container Capabilities Unrestricted /docker-compose.yaml: 23 Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnecessa...
LOW Container Capabilities Unrestricted /docker-compose.yaml: 32 Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnecessa...
LOW Container Capabilities Unrestricted /docker-compose.yaml: 14 Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnecessa...
LOW Cpus Not Limited /docker-compose.yaml: 32 CPU limits should be set because if the system has CPU time free, a container is guaranteed to be allocated as much CPU as it requests
LOW Cpus Not Limited /docker-compose.yaml: 14 CPU limits should be set because if the system has CPU time free, a container is guaranteed to be allocated as much CPU as it requests
LOW Cpus Not Limited /docker-compose.yaml: 23 CPU limits should be set because if the system has CPU time free, a container is guaranteed to be allocated as much CPU as it requests
LOW Healthcheck Instruction Missing /Dockerfile: 1 Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working
LOW Healthcheck Instruction Missing /Dockerfile: 1 Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working
LOW Healthcheck Instruction Missing /Dockerfile: 11 Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working

Fixed Issues

Severity Issue Source File / Package
HIGH Missing User Instruction /Dockerfile: 1
HIGH Missing User Instruction /Dockerfile: 1
HIGH Missing User Instruction /Dockerfile: 1
MEDIUM Add Instead of Copy /Dockerfile: 3
MEDIUM Add Instead of Copy /Dockerfile: 3
MEDIUM Add Instead of Copy /Dockerfile: 3
MEDIUM Container Traffic Not Bound To Host Interface /docker-compose.yaml: 18
MEDIUM Container Traffic Not Bound To Host Interface /docker-compose.yaml: 12
MEDIUM Container Traffic Not Bound To Host Interface /docker-compose.yaml: 5
MEDIUM Cx65603961-769c Npm-debug-2.6.9
MEDIUM Healthcheck Not Set /docker-compose.yaml: 16
MEDIUM Healthcheck Not Set /docker-compose.yaml: 10
MEDIUM Healthcheck Not Set /docker-compose.yaml: 22
MEDIUM Host Namespace is Shared /docker-compose.yaml: 3
MEDIUM Host Namespace is Shared /docker-compose.yaml: 22
MEDIUM Host Namespace is Shared /docker-compose.yaml: 10
MEDIUM Host Namespace is Shared /docker-compose.yaml: 16
MEDIUM Image Version Using 'latest' /Dockerfile: 1
MEDIUM Memory Not Limited /docker-compose.yaml: 16
MEDIUM Memory Not Limited /docker-compose.yaml: 10
MEDIUM Memory Not Limited /docker-compose.yaml: 22
MEDIUM NPM Install Command Without Pinned Version /Dockerfile: 4
MEDIUM Networks Not Set /docker-compose.yaml: 22
MEDIUM Not Using JSON In CMD And ENTRYPOINT Arguments /Dockerfile: 6
MEDIUM Security Opt Not Set /docker-compose.yaml: 22
MEDIUM Security Opt Not Set /docker-compose.yaml: 10
MEDIUM Security Opt Not Set /docker-compose.yaml: 16
LOW Container Capabilities Unrestricted /docker-compose.yaml: 22
LOW Container Capabilities Unrestricted /docker-compose.yaml: 10
LOW Container Capabilities Unrestricted /docker-compose.yaml: 16
LOW Cpus Not Limited /docker-compose.yaml: 16
LOW Cpus Not Limited /docker-compose.yaml: 22
LOW Cpus Not Limited /docker-compose.yaml: 10
LOW Healthcheck Instruction Missing /Dockerfile: 1
LOW Healthcheck Instruction Missing /Dockerfile: 1
LOW Healthcheck Instruction Missing /Dockerfile: 1

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@elisiomualumene @RicardoZandonaiPicPay