diff --git a/.dccache b/.dccache new file mode 100644 index 00000000000..736aecf43bb --- /dev/null +++ b/.dccache @@ -0,0 +1 @@ +{"/Users/ilantorbaty/Dev/goof-new-name/app.js":[2321,1651483470131.434,"3afdc0037417e5b135ab3e440716663d710e328db2904fd35a817ec1a78398c3"],"/Users/ilantorbaty/Dev/goof-new-name/mongoose-db.js":[1390,1651156906974.9875,"2896d0953469cf650d29942e793d02b7f70cbd5ff79af6ed73d095e9a05a6bab"],"/Users/ilantorbaty/Dev/goof-new-name/typeorm-db.js":[962,1651156906981.9927,"eb663a29511955d6b38321143205f19e8b1e97c0a885067d9f825ff3a43e099c"],"/Users/ilantorbaty/Dev/goof-new-name/utils.js":[641,1651156906982.3179,"89708c1c71ee8df581db821a502df0023f96c61be34038f2471419c61b9a17c9"],"/Users/ilantorbaty/Dev/goof-new-name/entity/Users.js":[259,1651156906970.0417,"3aa06d2acbe381eab0b8f8cdb89304e54c083b24b06aff63ccb70b2b2dab9a3e"],"/Users/ilantorbaty/Dev/goof-new-name/public/about.html":[70,1651156906978.4565,"21203315cbebc6b0ee319503a16c2f12a9adc6d2e8a7a571a7acf15574c6c505"],"/Users/ilantorbaty/Dev/goof-new-name/routes/index.js":[7164,1651483487886.8862,"0fb33834f8a8720364f2c0fc219f5b75e858d793a3cad25431ff7dcee0a3d7d4"],"/Users/ilantorbaty/Dev/goof-new-name/routes/users.js":[1157,1651156906981.709,"6ad8ac7589f66b5892f6fc5a66d0b2114f7888b8654e6a3cd6d3b637d50c2ef6"],"/Users/ilantorbaty/Dev/goof-new-name/views/admin.ejs":[543,1651156906982.9817,"d88491c558787b36fe11402f052be05b8172403e53c8349225799f80bc43bf61"],"/Users/ilantorbaty/Dev/goof-new-name/views/edit.ejs":[1068,1651156906983.2869,"867ce350c8ae5d7793208c3b170d98f2733bc15382900833efbc55a59f74e4fe"],"/Users/ilantorbaty/Dev/goof-new-name/views/index.ejs":[607,1651156906983.4895,"3de0b4b893f9c6115f35a9bf6d72b3ed929cf8f4c1a4e8a15056ddd8d1f22c9b"],"/Users/ilantorbaty/Dev/goof-new-name/views/layout.ejs":[856,1651156906983.6885,"da44ae8f7de4f1fcdecd91306e702849099a98dca3421d369c036d697b8e16f9"],"/Users/ilantorbaty/Dev/goof-new-name/public/js/ga.js":[320,1651156906980.1687,"ec0bd48aaa6c1da6132f86157ff8419cc0d6a016026d17f237a636938d914164"]} \ No newline at end of file diff --git a/.snyk b/.snyk new file mode 100644 index 00000000000..8908cea65dc --- /dev/null +++ b/.snyk @@ -0,0 +1,10 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.25.0 +# ignores vulnerabilities until expiry date; change duration by modifying expiry date +ignore: + 7b9c1f5e-257d-4d17-a8ea-30d8793fc700: + - '*': + reason: some reason + expires: 2022-05-28T14:46:39.506Z + created: 2022-04-28T14:46:39.508Z +patch: {} diff --git a/app.js b/app.js index b668f198bc9..008a093f64b 100644 --- a/app.js +++ b/app.js @@ -70,6 +70,7 @@ if (app.get('env') == 'development') { app.use(errorHandler()); } +// deepcode ignore HardcodedNonCryptoSecret: var token = 'SECRET_TOKEN_f8ed84e8f41e4146403dd4a6bbcea5e418d23a9'; console.log('token: ' + token); diff --git a/package-lock.json b/new/package-lock.json similarity index 100% rename from package-lock.json rename to new/package-lock.json diff --git a/package.json b/new/package.json similarity index 95% rename from package.json rename to new/package.json index da13bc85d2f..ad639906804 100644 --- a/package.json +++ b/new/package.json @@ -1,7 +1,7 @@ { "name": "goof", "version": "1.0.1", - "description": "A vulnerable todo demo application", + "description": "A vulnerable todo demo application new desc", "homepage": "https://snyk.io/", "repository": { "type": "git", diff --git a/routes/index.js b/routes/index.js index a226e73d6a0..4a513e1f6aa 100644 --- a/routes/index.js +++ b/routes/index.js @@ -83,6 +83,7 @@ exports.create = function (req, res, next) { var url = item.match(imgRegex)[1]; console.log('found img: ' + url); + // deepcode ignore CommandInjection: exec('identify ' + url, function (err, stdout, stderr) { console.log(err); if (err !== null) { @@ -113,6 +114,7 @@ exports.create = function (req, res, next) { }; exports.destroy = function (req, res, next) { + // deepcode ignore NoSqli: Todo.findById(req.params.id, function (err, todo) { try { @@ -141,6 +143,7 @@ exports.edit = function (req, res, next) { }; exports.update = function (req, res, next) { + // deepcode ignore NoSqli: Todo.findById(req.params.id, function (err, todo) { todo.content = req.body.content;