8000 List all vulnerable code for SAST tooling · Issue #1847 · WebGoat/WebGoat · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
List all vulnerable code for SAST tooling #1847
New issue
New issue
Open
Open
List all vulnerable code for SAST tooling#1847
@nbaars

Description

@nbaars
nbaars
opened on Jul 14, 2024

From our Slack channel:

Just for giggles I ran our SAST on WebGoat and it found some vulnerabilities (yeah, shocking, I know) But it occurred to me I don't know if it found all the vulnerabilities. Does anyone know if there is a list of all the vulnerabilities in WebGoat?
(Without having to step through every one of the lessons)

See https://owasp.slack.com/archives/C0948GVLM/p1718981001168699

We create a new endpoint where we list all the possible code snippets which are vulnerable.

Idea:

  • Create an annotation for classes and method (for example @Vulnerable)
  • Add these in all our code which is vulnerable
  • Create an endpoint which finds all these annotations and return a json message with the locations etc.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      0