Merge stash master to GitHub master#50
Merged
Merged
Veracode Workflow App / Veracode Static Code Analysis - Pipeline
succeeded
May 28, 2026 in 4m 12s
Veracode Static Code Analysis
Here's the summary of the scan result.
Annotations
Check warning on line 28 in code/aws.go
veracode-workflow-app / Veracode Static Code Analysis - Pipeline
Information Exposure Through an Error Message
Filename: code/aws.go
Line: 28
CWE: 209 (Information Exposure Through an Error Message)
The application calls the log::Println() function, which may expose information about the application logic or other details such as the names and versions of the application container and associated components. This information can be useful in executing other attacks and can also enable the attacker to target known vulnerabilities in application components. The first argument to Println() contains data from an error message (possibly containing untrusted data). The data from an error message (possibly containing untrusted data) originated from earlier calls to io.ReadAll, and net.http.Client.Do.
Ensure that error codes or other messages returned to end users are not overly verbose. Sanitize all messages of any sensitive information that is not absolutely necessary.
References: <a href="https://cwe.mitre.org/data/definitions/209.html">CWE</a>
Check warning on line 35 in code/aws.go
veracode-workflow-app / Veracode Static Code Analysis - Pipeline
Information Exposure Through an Error Message
Filename: code/aws.go
Line: 35
CWE: 209 (Information Exposure Through an Error Message)
The application calls the log::Println() function, which may expose information about the application logic or other details such as the names and versions of the application container and associated components. This information can be useful in executing other attacks and can also enable the attacker to target known vulnerabilities in application components. The first argument to Println() contains data from an error message (possibly containing untrusted data). The data from an error message (possibly containing untrusted data) originated from earlier calls to io.ReadAll, and net.http.Client.Do.
Ensure that error codes or other messages returned to end users are not overly verbose. Sanitize all messages of any sensitive information that is not absolutely necessary.
References: <a href="https://cwe.mitre.org/data/definitions/209.html">CWE</a>
Check warning on line 42 in code/aws.go
veracode-workflow-app / Veracode Static Code Analysis - Pipeline
Information Exposure Through an Error Message
Filename: code/aws.go
Line: 42
CWE: 209 (Information Exposure Through an Error Message)
The application calls the log::Println() function, which may expose information about the application logic or other details such as the names and versions of the application container and associated components. This information can be useful in executing other attacks and can also enable the attacker to target known vulnerabilities in application components. The first argument to Println() contains data from an error message (possibly containing untrusted data). The data from an error message (possibly containing untrusted data) originated from earlier calls to io.ReadAll, and net.http.Client.Do.
Ensure that error codes or other messages returned to end users are not overly verbose. Sanitize all messages of any sensitive information that is not absolutely necessary.
References: <a href="https://cwe.mitre.org/data/definitions/209.html">CWE</a>
Check warning on line 47 in code/aws.go
veracode-workflow-app / Veracode Static Code Analysis - Pipeline
Information Exposure Through an Error Message
Filename: code/aws.go
Line: 47
CWE: 209 (Information Exposure Through an Error Message)
The application calls the log::Println() function, which may expose information about the application logic or other details such as the names and versions of the application container and associated components. This information can be useful in executing other attacks and can also enable the attacker to target known vulnerabilities in application components. The first argument to Println() contains data from an error message (possibly containing untrusted data). The data from an error message (possibly containing untrusted data) originated from earlier calls to io.ReadAll, and net.http.Client.Do.
Ensure that error codes or other messages returned to end users are not overly verbose. Sanitize all messages of any sensitive information that is not absolutely necessary.
References: <a href="https://cwe.mitre.org/data/definitions/209.html">CWE</a>
Loading