Cpd

.github/workflows/shiftleft.yml

@@ -0,0 +1,65 @@
+
+---
+name: Qwiet
+
+on:
+  pull_request:
+  workflow_dispatch:
+
+jobs:
+  NextGen-Static-Analysis:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+
+    - name: Setup Java JDK
+      uses: actions/setup-java@v3
+      with:
+        java-version: 11.0.x
+        distribution: zulu
+
+    - name: Download ShiftLeft CLI
+      run: |
+        curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl
+
+    - name: Setup Java JDK
+      uses: actions/setup-java@v3
+      with:
+        distribution: zulu
+        java-version: 8
+
+    - name: Extract branch name
+      shell: bash
+      run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
+      id: extract_branch
+
+    - name: NextGen Static Analysis
+      run: ${GITHUB_WORKSPACE}/sl analyze --strict --wait --app shiftleft-java-demo --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --javasrc  .
+      env:
+        SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }}
+        SHIFTLEFT_API_HOST: www.shiftleft.io
+        SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443
+        SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443
+
+
+  Build-Rules: 
+    runs-on: ubuntu-latest
+    needs: NextGen-Static-Analysis
+    steps:
+    - uses: actions/checkout@v3
+    - name: Download ShiftLeft CLI
+      run: |
+        curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl
+    - name: Validate Build Rules
+      run: |
+        ${GITHUB_WORKSPACE}/sl check-analysis --v2 --app shiftleft-java-demo \
+            --github-pr-number=${{github.event.number}} \
+            --github-pr-user=${{ github.repository_owner }} \
+            --github-pr-repo=${{ github.event.repository.name }} \
+            --github-token=${{ secrets.GITHUB_TOKEN }}
+      env:
+        SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }}
+        SHIFTLEFT_API_HOST: www.shiftleft.io
+        SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443
+        SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443 
+

config.properties

@@ -0,0 +1,3 @@
+db.user=mkyong
+db.password=password
+db.url=localhost

pom.xml

@@ -82,15 +82,23 @@
     </properties>
     <build>
         <plugins>
-           <plugin>
-        		<groupId>org.apache.maven.plugins</groupId>
-        		<artifactId>maven-compiler-plugin</artifactId>
-        		<version>3.6.1</version>
-        		<configuration>
-          			<source>1.8</source>
-          			<target>1.8</target>
-                </configuration>
-           </plugin>
+             <plugin>
+            <groupId>org.apache.maven.plugins</groupId>
+            <artifactId>maven-compiler-plugin</artifactId>
+            <version>3.7.0</version>
+            <configuration>
+                <source>1.9</source>
+                <target>1.9</target>
+                <jdkToolchain>
+                    <version>9</version>
+                </jdkToolchain>
+            </configuration>
+        </plugin>
+        <plugin>
+            <groupId>org.apache.maven.plugins</groupId>
+            <artifactId>maven-jar-plugin</artifactId>
+            <version>3.0.2</version>
+        </plugin>
             <plugin>
                 <groupId>org.springframework.boot</groupId>
                 <artifactId>spring-boot-maven-plugin</artifactId>

secrets.yml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: sio-secret
+type: kubernetes.io/scaleio
+data:
+  username: YWRtaW4=
+  password: c0NhbGVpbzEyMw==

shiftleft.yml

@@ -0,0 +1,8 @@
+build_rules:
+  - id: "No critical or high SAST findings"
+    finding_types:
+      - vuln
+    cvss_31_severity_ratings:
+      - critical
+      - high
+    threshold: 0

src/main/java/io/shiftleft/controller/SearchController.java

@@ -21,6 +21,8 @@ public class SearchController {
   public String doGetSearch(@RequestParam String foo, HttpServletResponse response, HttpServletRequest request) {
     java.lang.Object message = new Object();
     try {
+      String ACCESS_KEY_ID = "AKIA2E0A8F3B244C9986";
+      String SECRET_KEY = "7CE556A3BC234CC1FF9E8A5C324C0BB70AA21B6D";      
       ExpressionParser parser = new SpelExpressionParser();
       Expression exp = parser.parseExpression(foo);
       message = (Object) exp.getValue();

src/main/java/io/shiftleft/data/DataLoader.java

@@ -55,9 +55,18 @@ private String getSecurePassword(String masterPassword) throws IOException {
     return props.getProperty("db.password");
   }
 
+  public final class Constants {
+
+    private Constants() {
+      // restrict instantiation
+    }
+
+    public static final double PI = 3.14159;
+    public static final double PLANCK_CONSTANT = 6.62606896e-34;
+  }
+
   private boolean connectToAws() {
 
-    log.info("Start Loading AWS Properties");
     log.info("AWS AccessKey is {} and SecretKey is {}", env.getProperty("aws.accesskey"),
         env.getProperty("aws.secretkey"));
     log.info("AWS Bucket is {}", env.getProperty("aws.bucket"));