These are the issue categories that can be raised against a teaching resource.
Code | Description | Count |
---|---|---|
sql-injection | SQL statements appear to be including unfiltered user input in a way that risks running unauthorised SQL against the database. | 34 |
deprecated-library | The resource makes use of a library that is officially deprecated. | 30 |
password-clear | Passwords are being stored in plaintext, rather than using an appropriate hashing algorithm. | 10 |
sql-needs-parameterisation | Whilst the resource may not specifically be at risk of SQL injection, it could do with making use of query parameterisation. | 4 |
password-inadequate-hashing | Passwords are being stored using an inappropriate hashing algorithm, such as MD5 or SHA1. | 4 |
variable-injection | It is possible to present user input to a code example that would modify program variables in a way the author did not intend. | 1 |
email-header-injection | Copying values straight from user input to email headers can result in miscreants sending strings containing newlines together with their own headers, such as a To or Bcc field. This allows a remote attacker to turn a web server into a spam relay. | 0 |
upload-arbitrary-file | If an upload feature permits a PHP script to be uploaded to a world-accessable address on a web server, it is likely to allow arbitrary (malicious) code to be run on the server. | 0 |
uncategorised | An issue that doesn't have a specific category. | 0 |
xss | The resource may permit user input to be rendered as unauthorised JavaScript in a way that may permit session hijacking. | 0 |