Test Fortify AST 1.3 Update #49
Conversation
Specify latest minor version of Fortify action
Add setup option for SDLC status
Add Policy Check
Additional action configuration
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Fortify vulnerability summary (PREVIEW)
Any issues listed below are based on comparing the latest scan results against the previous scan results in FoD release fortify/IWA-Java - gha-v1_3-update. This is for informational purposes only and, depending on workflow, may not be an accurate representation of what issues will be introduced into or removed from the target branch when merging this PR.
New Issues
- No new or re-introduced issues were detected
Removed Issues
- No removed issues were detected
There was a problem hiding this comment.
Fortify vulnerability summary (PREVIEW)
Any issues listed below are based on comparing the latest scan results against the previous scan results in FoD release fortify/IWA-Java - gha-v1_3-update. This is for informational purposes only and, depending on workflow, may not be an accurate representation of what issues will be introduced into or removed from the target branch when merging this PR.
New Issues
- No new or re-introduced issues were detected
Removed Issues
- No removed issues were detected
There was a problem hiding this comment.
Fortify vulnerability summary (PREVIEW)
Any issues listed below are based on comparing the latest scan results against the previous scan results in FoD release fortify/IWA-Java - gha-v1_3-update. This is for informational purposes only and, depending on workflow, may not be an accurate representation of what issues will be introduced into or removed from the target branch when merging this PR.
New Issues
- No new or re-introduced issues were detected
Removed Issues
- No removed issues were detected
There was a problem hiding this comment.
Fortify vulnerability summary (PREVIEW)
Any issues listed below are based on comparing the latest scan results against the previous scan results in FoD release fortify/IWA-Java - gha-v1_3-update. This is for informational purposes only and, depending on workflow, may not be an accurate representation of what issues will be introduced into or removed from the target branch when merging this PR.
New Issues
- No new or re-introduced issues were detected
Removed Issues
- No removed issues were detected
There was a problem hiding this comment.
Fortify vulnerability summary (PREVIEW)
Any issues listed below are based on comparing the latest scan results against the previous scan results in FoD release fortify/IWA-Java - gha-v1_3-update. This is for informational purposes only and, depending on workflow, may not be an accurate representation of what issues will be introduced into or removed from the target branch when merging this PR.
New Issues
- No new or re-introduced issues were detected
Removed Issues
- No removed issues were detected
There was a problem hiding this comment.
Fortify vulnerability summary (PREVIEW)
Any issues listed below are based on comparing the latest scan results against the previous scan results in FoD release fortify/IWA-Java - gha-v1_3-update. This is for informational purposes only and, depending on workflow, may not be an accurate representation of what issues will be introduced into or removed from the target branch when merging this PR.
New Issues
- No new or re-introduced issues were detected
Removed Issues
- No removed issues were detected
There was a problem hiding this comment.
Fortify vulnerability summary (PREVIEW)
Any issues listed below are based on comparing the latest scan results against the previous scan results in FoD release fortify/IWA-Java - gha-v1_3-update. This is for informational purposes only and, depending on workflow, may not be an accurate representation of what issues will be introduced into or removed from the target branch when merging this PR.
New Issues
- New (Static) - Cookie Security: Cookie not Sent Over SSL:
src/main/java/com/microfocus/example/api/controllers/ApiSiteController.java:244 - New (Static) - Cross-Site Scripting: Reflected:
src/main/java/com/microfocus/example/web/controllers/UserController.java:547 - New (Static) - Cross-Site Scripting: Reflected:
src/main/java/com/microfocus/example/web/controllers/UserController.java:674 - New (Static) - Cross-Site Scripting: Reflected:
src/main/java/com/microfocus/example/web/controllers/ProductController.java:93 - New (Static) - Cross-Site Scripting: Reflected:
src/main/java/com/microfocus/example/web/controllers/UserController.java:475 - New (Static) - Dockerfile Misconfiguration: Default User Privilege:
Dockerfile:1 - New (Static) - Header Manipulation:
src/main/java/com/microfocus/example/web/controllers/UserController.java:475 - New (Static) - Header Manipulation:
src/main/java/com/microfocus/example/web/controllers/UserController.java:674 - New (Static) - Header Manipulation:
src/main/java/com/microfocus/example/web/controllers/ProductController.java:177 - New (Static) - Header Manipulation:
src/main/java/com/microfocus/example/web/controllers/UserController.java:547 - New (Static) - HTML5: Missing Content Security Policy:
src/main/java/com/microfocus/example/config/WebSecurityConfiguration.java:104 - New (Static) - HTML5: Missing Content Security Policy:
src/main/java/com/microfocus/example/config/WebSecurityConfiguration.java:144 - New (Static) - HTML5: Missing Framing Protection:
src/main/java/com/microfocus/example/config/WebSecurityConfiguration.java:148 - New (Static) - JSON Injection:
src/main/java/com/microfocus/example/utils/UserUtils.java:115 - New (Static) - Mass Assignment: Request Parameters Bound into Persisted Objects:
src/main/java/com/microfocus/example/entity/User.java:45 - New (Static) - Mass Assignment: Request Parameters Bound into Persisted Objects:
src/main/java/com/microfocus/example/entity/Authority.java:36 - New (Static) - Open Redirect:
src/main/java/com/microfocus/example/web/controllers/DefaultController.java:101 - New (Static) - Password Management: Hardcoded Password:
src/main/resources/data.sql:14 - New (Static) - Password Management: Hardcoded Password:
src/main/resources/data.sql:8 - New (Static) - Password Management: Hardcoded Password:
src/main/resources/data.sql:11 - New (Static) - Password Management: Hardcoded Password:
src/main/resources/application-dev.yml:36 - New (Static) - Password Management: Hardcoded Password:
src/main/resources/application.yml:38 - New (Static) - Password Management: Hardcoded Password:
src/main/resources/application-dev.yml:68 - New (Static) - Password Management: Hardcoded Password:
src/main/resources/application-test.yml:66 - New (Static) - Password Management: Hardcoded Password:
src/main/resources/application-test.yml:36 - New (Static) - Password Management: Hardcoded Password:
src/main/resources/application.yml:89 - New (Static) - Password Management: Hardcoded Password:
src/main/resources/data.sql:17 - New (Static) - Path Manipulation:
src/main/java/com/microfocus/example/service/FileSystemStorageService.java:143 - New (Static) - Path Manipulation:
src/main/java/com/microfocus/example/service/FileSystemStorageService.java:54 - New (Static) - Path Manipulation:
src/main/java/com/microfocus/example/service/FileSystemStorageService.java:78 - New (Static) - Path Manipulation:
src/main/java/com/microfocus/example/service/FileSystemStorageService.java:143 - New (Static) - Path Manipulation:
src/main/java/com/microfocus/example/service/FileSystemStorageService.java:143 - New (Static) - Path Manipulation:
src/main/java/com/microfocus/example/service/FileSystemStorageService.java:54 - New (Static) - Path Manipulation:
src/main/java/com/microfocus/example/service/FileSystemStorageService.java:143 - New (Static) - Path Manipulation:
src/main/java/com/microfocus/example/service/FileSystemStorageService.java:159 - New (Static) - Path Manipulation:
src/main/java/com/microfocus/example/web/controllers/ProductController.java:155 - New (Static) - Path Manipulation:
src/main/java/com/microfocus/example/service/FileSystemStorageService.java:159 - New (Static) - Path Manipulation:
src/main/java/com/microfocus/example/service/FileSystemStorageService.java:159 - New (Static) - Privacy Violation: Shoulder Surfing:
src/main/resources/templates/user/register.html:108 - New (Static) - Race Condition: Singleton Member Field:
src/main/java/com/microfocus/example/web/controllers/UserController.java:653 - New (Static) - Server-Side Request Forgery:
src/main/java/com/microfocus/example/web/controllers/UserController.java:624 - New (Static) - Spring Boot Misconfiguration: DevTools Enabled:
pom.xml:263 - New (Static) - SQL Injection:
src/main/java/com/microfocus/example/repository/ProductRepository.java:117 - New (Static) - SQL Injection:
src/main/java/com/microfocus/example/repository/ProductRepository.java:135 - New (Static) - SQL Injection:
src/main/java/com/microfocus/example/repository/ProductRepository.java:135 - New (Static) - SQL Injection:
src/main/java/com/microfocus/example/repository/ProductRepository.java:117 - New (Static) - SQL Injection:
src/main/java/com/microfocus/example/repository/ProductRepository.java:95 - New (Static) - System Information Leak: External:
src/main/java/com/microfocus/example/config/handlers/BasicAuthenticationEntryPointCustom.java:69 - New (Static) - System Information Leak: External:
src/main/java/com/microfocus/example/config/handlers/AuthenticationEntryPointJwt.java:69 - New (Static) - System Information Leak: External:
src/main/java/com/microfocus/example/config/handlers/ApiAccessDeniedHandler.java:66 - New (Static) - Unreleased Resource: Files:
src/main/java/com/microfocus/example/utils/UserUtils.java:129 - New (Static) - Unreleased Resource: Streams:
src/main/java/com/microfocus/example/api/controllers/ApiProductController.java:208 - New (Static) - Unreleased Resource: Streams:
src/main/java/com/microfocus/example/utils/UserUtils.java:81 - New (Static) - Weak Encryption:
src/main/java/com/microfocus/example/utils/EncryptedPasswordUtils.java:62 - New (Static) - Weak Encryption:
src/main/java/com/microfocus/example/utils/EncryptedPasswordUtils.java:46 - New (Static) - Weak Encryption:
src/main/java/com/microfocus/example/utils/EncryptedPasswordUtils.java:41 - New (Static) - Weak Encryption: Insecure Mode of Operation:
src/main/java/com/microfocus/example/utils/EncryptedPasswordUtils.java:62 - New (Static) - Weak Encryption: Insecure Mode of Operation:
src/main/java/com/microfocus/example/utils/EncryptedPasswordUtils.java:46 - New (Static) - XML External Entity Injection:
src/main/java/com/microfocus/example/web/controllers/UserController.java:572 - New (Static) - XML External Entity Injection:
src/main/java/com/microfocus/example/web/controllers/UserController.java:587
Removed Issues
- No removed issues were detected
Testing PR comments with the new Fortify AST v1.3 action