Skip to content

Feat/new endpoints#2

Open
Gr-i-niy wants to merge 14 commits into
feat/add_vulnsfrom
feat/new_endpoints
Open

Feat/new endpoints#2
Gr-i-niy wants to merge 14 commits into
feat/add_vulnsfrom
feat/new_endpoints

Conversation

@Gr-i-niy
Copy link
Copy Markdown
Owner

@Gr-i-niy Gr-i-niy commented Feb 25, 2026

No description provided.

@Gr-i-niy Gr-i-niy force-pushed the feat/new_endpoints branch 2 times, most recently from 8dde616 to d6b514b Compare February 25, 2026 08:55
github-advanced-security[bot]
github-advanced-security AI found potential problems Feb 25, 2026
View reviewed changes
Comment thread src/main/java/org/example/controller/RedirectController.java
}

response.setContentType("application/json");
response.getWriter().write("{\"status\":\"success\",\"cacheControl\":\"" + directive + "\"}");

Check failure

Code scanning / Seqra

Potential cross-site scripting (XSS)

Potential XSS: writing user input directly to a web page.
Comment thread src/main/java/org/example/controller/RedirectController.java
String dispositionHeader = disposition + "; filename=" + filename;
response.setHeader("Content-Disposition", dispositionHeader);
response.setContentType("application/octet-stream");
response.getWriter().write("File content for: " + filename);

Check failure

Code scanning / Seqra

Potential cross-site scripting (XSS)

Potential XSS: writing user input directly to a web page.
Comment thread src/main/java/org/example/controller/RedirectController.java
response.setHeader("X-Campaign", campaign);
}

response.sendRedirect(destination);

Check warning

Code scanning / Seqra

Application redirects to user-manipulated URL which can be malicious

Application redirects to a destination URL specified by a user-supplied parameter that is not validated. This could direct users to malicious locations. Consider using an allowlist to validate URLs.
Comment thread src/main/java/org/example/controller/RedirectController.java
@Parameter(description = "Additional headers") @RequestParam(required = false) String additionalHeaders,
HttpServletResponse response) throws IOException {

response.setHeader("Cache-Control", directive);

Check warning

Code scanning / Seqra

HTTP response splitting

Older Java application servers are vulnerable to HTTP response splitting, which may occur if an HTTP request can be injected with CRLF characters.
Comment thread src/main/java/org/example/controller/RedirectController.java
for (String header : headers) {
String[] parts = header.split(":", 2);
if (parts.length == 2) {
response.setHeader(parts[0].trim(), parts[1].trim());

Check warning

Code scanning / Seqra

HTTP response splitting

Older Java application servers are vulnerable to HTTP response splitting, which may occur if an HTTP request can be injected with CRLF characters.
github-advanced-security[bot]
github-advanced-security AI found potential problems Mar 24, 2026
View reviewed changes
Comment thread src/main/java/org/example/controller/RedirectController.java
}

response.setContentType("application/json");
response.getWriter().write("{\"status\":\"success\",\"cacheControl\":\"" + directive + "\"}");

Check failure

Code scanning / OpenTaint + ZAP

Potential cross-site scripting (XSS) Error

Potential XSS: writing user input directly to a web page.
Comment thread src/main/java/org/example/controller/RedirectController.java
String dispositionHeader = disposition + "; filename=" + filename;
response.setHeader("Content-Disposition", dispositionHeader);
response.setContentType("application/octet-stream");
response.getWriter().write("File content for: " + filename);

Check failure

Code scanning / OpenTaint + ZAP

Potential cross-site scripting (XSS) Error

Potential XSS: writing user input directly to a web page.
Comment thread src/main/java/org/example/controller/RedirectController.java
response.setHeader("X-Campaign", campaign);
}

response.sendRedirect(destination);

Check warning

Code scanning / OpenTaint + ZAP

Application redirects to user-manipulated URL which can be malicious Warning

Application redirects to a destination URL specified by a user-supplied parameter that is not validated. This could direct users to malicious locations. Consider using an allowlist to validate URLs.
Comment thread src/main/java/org/example/controller/RedirectController.java
@Parameter(description = "Additional headers") @RequestParam(required = false) String additionalHeaders,
HttpServletResponse response) throws IOException {

response.setHeader("Cache-Control", directive);

Check warning

Code scanning / OpenTaint + ZAP

HTTP response splitting Warning

Older Java application servers are vulnerable to HTTP response splitting, which may occur if an HTTP request can be injected with CRLF characters.
Comment thread src/main/java/org/example/controller/RedirectController.java
for (String header : headers) {
String[] parts = header.split(":", 2);
if (parts.length == 2) {
response.setHeader(parts[0].trim(), parts[1].trim());

Check warning

Code scanning / OpenTaint + ZAP

HTTP response splitting Warning

Older Java application servers are vulnerable to HTTP response splitting, which may occur if an HTTP request can be injected with CRLF characters.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Gr-i-niy @github-advanced-security