Add complete vulnerable-node application with DVWA integration #89
2265 new issues (0 max.) of at least minor severity.
Annotations
Check warning on line 14 in DVWA/dvwa/includes/DBMS/MySQL.php
codacy-production / Codacy Static Code Analysis
DVWA/dvwa/includes/DBMS/MySQL.php#L14
The use of function mysqli_connect_errno() is discouraged
Check warning on line 69 in DVWA/dvwa/includes/DBMS/MySQL.php
codacy-production / Codacy Static Code Analysis
DVWA/dvwa/includes/DBMS/MySQL.php#L69
The use of function mysqli_query() is discouraged
Check warning on line 1639 in DVWA/dvwa/includes/Parsedown.php
codacy-production / Codacy Static Code Analysis
DVWA/dvwa/includes/Parsedown.php#L1639
The use of function call_user_func() is discouraged
Check failure on line 18 in DVWA/login.php
codacy-production / Codacy Static Code Analysis
DVWA/login.php#L18
Detected usage of a possibly undefined superglobal array index: $_REQUEST['user_token']. Use isset() or empty() to check the index exists before using it
Check failure on line 89 in DVWA/vulnerabilities/api/src/LoginController.php
codacy-production / Codacy Static Code Analysis
DVWA/vulnerabilities/api/src/LoginController.php#L89
Direct use of $_POST Superglobal detected.
Check failure on line 79 in DVWA/vulnerabilities/authbypass/help/help.php
codacy-production / Codacy Static Code Analysis
DVWA/vulnerabilities/authbypass/help/help.php#L79
Use of echo language construct is discouraged.
Check failure on line 66 in DVWA/vulnerabilities/cryptography/source/oracle_attack.php
codacy-production / Codacy Static Code Analysis
DVWA/vulnerabilities/cryptography/source/oracle_attack.php#L66
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"Could not access remote server, is the URL correct?
'.
Check failure on line 26 in DVWA/vulnerabilities/cryptography/source/xor_theory.php
codacy-production / Codacy Static Code Analysis
DVWA/vulnerabilities/cryptography/source/xor_theory.php#L26
Use of print language construct is discouraged.
Check failure on line 57 in DVWA/vulnerabilities/csp/help/help.php
codacy-production / Codacy Static Code Analysis
DVWA/vulnerabilities/csp/help/help.php#L57
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found 'dvwaExternalLinkUrlGet'.
Check failure on line 14 in DVWA/vulnerabilities/csrf/source/high.php
codacy-production / Codacy Static Code Analysis
DVWA/vulnerabilities/csrf/source/high.php#L14
Direct use of $_SERVER Superglobal detected.
Check failure on line 54 in DVWA/vulnerabilities/csrf/source/high.php
codacy-production / Codacy Static Code Analysis
DVWA/vulnerabilities/csrf/source/high.php#L54
Direct use of $GLOBALS Superglobal detected.
Check warning on line 11 in DVWA/vulnerabilities/csrf/source/low.php
codacy-production / Codacy Static Code Analysis
DVWA/vulnerabilities/csrf/source/low.php#L11
The use of function mysqli_real_escape_string() is discouraged
Check failure on line 19 in DVWA/vulnerabilities/csrf/source/medium.php
codacy-production / Codacy Static Code Analysis
DVWA/vulnerabilities/csrf/source/medium.php#L19
Direct use of $GLOBALS Superglobal detected.
Check failure on line 12 in DVWA/vulnerabilities/csrf/test_credentials.php
codacy-production / Codacy Static Code Analysis
DVWA/vulnerabilities/csrf/test_credentials.php#L12
Direct use of $_POST Superglobal detected.
Check failure on line 5 in DVWA/vulnerabilities/exec/source/low.php
codacy-production / Codacy Static Code Analysis
DVWA/vulnerabilities/exec/source/low.php#L5
Direct use of $_REQUEST Superglobal detected.
Check notice on line 5 in DVWA/vulnerabilities/exec/source/low.php
codacy-production / Codacy Static Code Analysis
DVWA/vulnerabilities/exec/source/low.php#L5
Processing form data without nonce verification.
Check warning on line 36 in DVWA/vulnerabilities/fi/index.php
codacy-production / Codacy Static Code Analysis
DVWA/vulnerabilities/fi/index.php#L36
"include" statement detected. File manipulations are discouraged. Statement is not a function, no parentheses are required. Variables inside are insecure.
Check failure on line 23 in DVWA/vulnerabilities/sqli/source/high.php
codacy-production / Codacy Static Code Analysis
DVWA/vulnerabilities/sqli/source/high.php#L23
Direct use of $GLOBALS Superglobal detected.
Check warning on line 10 in DVWA/vulnerabilities/sqli_blind/source/medium.php
codacy-production / Codacy Static Code Analysis
DVWA/vulnerabilities/sqli_blind/source/medium.php#L10
The use of function mysqli_real_escape_string() is discouraged
Check warning on line 50 in DVWA/vulnerabilities/upload/source/impossible.php
codacy-production / Codacy Static Code Analysis
DVWA/vulnerabilities/upload/source/impossible.php#L50
The use of function file_exists() is discouraged
Check failure on line 5 in DVWA/vulnerabilities/xss_d/source/medium.php
codacy-production / Codacy Static Code Analysis
DVWA/vulnerabilities/xss_d/source/medium.php#L5
Direct use of $_GET Superglobal detected.
Check failure on line 46 in DVWA/vulnerabilities/xss_r/help/help.php
codacy-production / Codacy Static Code Analysis
DVWA/vulnerabilities/xss_r/help/help.php#L46
Use of echo language construct is discouraged.
Check failure on line 4 in DVWA/vulnerabilities/xss_r/source/impossible.php
codacy-production / Codacy Static Code Analysis
DVWA/vulnerabilities/xss_r/source/impossible.php#L4
Direct use of $_GET Superglobal detected.
Check failure on line 8 in DVWA/vulnerabilities/xss_s/source/impossible.php
codacy-production / Codacy Static Code Analysis
DVWA/vulnerabilities/xss_s/source/impossible.php#L8
Detected usage of a possibly undefined superglobal array index: $_POST['mtxMessage']. Use isset() or empty() to check the index exists before using it
Check failure on line 19 in DVWA/vulnerabilities/xss_s/source/medium.php
codacy-production / Codacy Static Code Analysis
DVWA/vulnerabilities/xss_s/source/medium.php#L19
Use of die language construct is discouraged.