You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The value in req at /src/main/java/org/t246osslab/easybuggy4sb/vulnerabilities/UnrestrictedExtensionUploadController.java in line 38 is used in an arithmetic operation in AssignExpr at /src/main/java/org/t246osslab/easybuggy4sb/vulnerabilities/UnrestrictedExtensionUploadController.java in line 100 without validation, which may result in an arithmetic overflow (commonly known as an "Integer Overflow").
Result #1: Severity: LOW State: TO_VERIFY Status: RECURRENT Attack Vector:
Checkmarx (SAST): Integer_Underflow
Security Issue: Read More about Integer_Underflow
Checkmarx Project: AaronZhouYu/TotallySecureApp
Repository URL: https://github.com/AaronZhouYu/TotallySecureApp
Branch: main
Scan ID: 9f309b69-ceac-446c-bc88-26f9199ee002
The value in req at /src/main/java/org/t246osslab/easybuggy4sb/vulnerabilities/UnrestrictedExtensionUploadController.java in line 38 is used in an arithmetic operation in AssignExpr at /src/main/java/org/t246osslab/easybuggy4sb/vulnerabilities/UnrestrictedExtensionUploadController.java in line 100 without validation, which may result in an arithmetic overflow (commonly known as an "Integer Overflow").
Result #1:
Severity: LOW
State: TO_VERIFY
Status: RECURRENT
Attack Vector:
1. req: /src/main/java/org/t246osslab/easybuggy4sb/vulnerabilities/UnrestrictedExtensionUploadController.java[38,111]
2. req: /src/main/java/org/t246osslab/easybuggy4sb/vulnerabilities/UnrestrictedExtensionUploadController.java[40,13]
3. req: /src/main/java/org/t246osslab/easybuggy4sb/vulnerabilities/UnrestrictedExtensionUploadController.java[47,26]
4. getServletContext: /src/main/java/org/t246osslab/easybuggy4sb/vulnerabilities/UnrestrictedExtensionUploadController.java[47,47]
5. getRealPath: /src/main/java/org/t246osslab/easybuggy4sb/vulnerabilities/UnrestrictedExtensionUploadController.java[47,61]
6. appPath: /src/main/java/org/t246osslab/easybuggy4sb/vulnerabilities/UnrestrictedExtensionUploadController.java[47,16]
7. appPath: /src/main/java/org/t246osslab/easybuggy4sb/vulnerabilities/UnrestrictedExtensionUploadController.java[50,79]
8. savePath: /src/main/java/org/t246osslab/easybuggy4sb/vulnerabilities/UnrestrictedExtensionUploadController.java[50,16]
9. savePath: /src/main/java/org/t246osslab/easybuggy4sb/vulnerabilities/UnrestrictedExtensionUploadController.java[63,54]
10. File: /src/main/java/org/t246osslab/easybuggy4sb/vulnerabilities/UnrestrictedExtensionUploadController.java[63,45]
11. getAbsolutePath: /src/main/java/org/t246osslab/easybuggy4sb/vulnerabilities/UnrestrictedExtensionUploadController.java[63,107]
12. fileName: /src/main/java/org/t246osslab/easybuggy4sb/vulnerabilities/UnrestrictedExtensionUploadController.java[77,46]
13. fileName: /src/main/java/org/t246osslab/easybuggy4sb/vulnerabilities/UnrestrictedExtensionUploadController.java[81,57]
14. File: /src/main/java/org/t246osslab/easybuggy4sb/vulnerabilities/UnrestrictedExtensionUploadController.java[81,48]
15. read: /src/main/java/org/t246osslab/easybuggy4sb/vulnerabilities/UnrestrictedExtensionUploadController.java[81,47]
16. image: /src/main/java/org/t246osslab/easybuggy4sb/vulnerabilities/UnrestrictedExtensionUploadController.java[81,27]
17. image: /src/main/java/org/t246osslab/easybuggy4sb/vulnerabilities/UnrestrictedExtensionUploadController.java[88,33]
18. image: /src/main/java/org/t246osslab/easybuggy4sb/vulnerabilities/UnrestrictedExtensionUploadController.java[89,37]
19. image: /src/main/java/org/t246osslab/easybuggy4sb/vulnerabilities/UnrestrictedExtensionUploadController.java[90,29]
20. getRGB: /src/main/java/org/t246osslab/easybuggy4sb/vulnerabilities/UnrestrictedExtensionUploadController.java[90,41]
21. p: /src/main/java/org/t246osslab/easybuggy4sb/vulnerabilities/UnrestrictedExtensionUploadController.java[90,25]
22. p: /src/main/java/org/t246osslab/easybuggy4sb/vulnerabilities/UnrestrictedExtensionUploadController.java[94,29]
23. b: /src/main/java/org/t246osslab/easybuggy4sb/vulnerabilities/UnrestrictedExtensionUploadController.java[94,25]
24. b: /src/main/java/org/t246osslab/easybuggy4sb/vulnerabilities/UnrestrictedExtensionUploadController.java[97,40]
25. avg: /src/main/java/org/t246osslab/easybuggy4sb/vulnerabilities/UnrestrictedExtensionUploadController.java[97,25]
26. avg: /src/main/java/org/t246osslab/easybuggy4sb/vulnerabilities/UnrestrictedExtensionUploadController.java[100,64]
27. AssignExpr: /src/main/java/org/t246osslab/easybuggy4sb/vulnerabilities/UnrestrictedExtensionUploadController.java[100,23]
Review result in Checkmarx One: Integer_Underflow
The text was updated successfully, but these errors were encountered: