Veracode Batch Fix #35
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
VERACOE-FIX CODE SUGGESTIONS
Caution
Breaking Flaws identified in code!
Fixes for test/src/main/java/com/veracode/verademo/controller/UserController.java:
Falws found for this file:
CWE 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - Severity 4 on line 310 for issue 1030
CWE 117 - Improper Output Neutralization for Logs - Severity 3 on line 760 for issue 1161
CWE 80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - Severity 3 on line 259 for issue 1014
CWE 117 - Improper Output Neutralization for Logs - Severity 3 on line 814 for issue 1160
CWE 117 - Improper Output Neutralization for Logs - Severity 3 on line 253 for issue 1158
CWE 80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - Severity 3 on line 254 for issue 1013
CWE 117 - Improper Output Neutralization for Logs - Severity 3 on line 477 for issue 1159
CWE 113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') - Severity 3 on line 680 for issue 1084
CWE 117 - Improper Output Neutralization for Logs - Severity 3 on line 375 for issue 1156
CWE 327 - Use of a Broken or Risky Cryptographic Algorithm - Severity 3 on line 908 for issue 1211
CWE 117 - Improper Output Neutralization for Logs - Severity 3 on line 675 for issue 1153
CWE 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - Severity 4 on line 490 for issue 1041
CWE 113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') - Severity 3 on line 678 for issue 1080
CWE 601 - URL Redirection to Untrusted Site ('Open Redirect') - Severity 3 on line 98 for issue 1011
CWE 117 - Improper Output Neutralization for Logs - Severity 3 on line 235 for issue 1177
CWE 601 - URL Redirection to Untrusted Site ('Open Redirect') - Severity 3 on line 86 for issue 1009
CWE 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - Severity 4 on line 479 for issue 1032
CWE 117 - Improper Output Neutralization for Logs - Severity 3 on line 627 for issue 1169
CWE 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - Severity 4 on line 374 for issue 1024
CWE 117 - Improper Output Neutralization for Logs - Severity 3 on line 488 for issue 1171
CWE 117 - Improper Output Neutralization for Logs - Severity 3 on line 541 for issue 1155
CWE 117 - Improper Output Neutralization for Logs - Severity 3 on line 661 for issue 1168
CWE 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - Severity 4 on line 165 for issue 1029
CWE 117 - Improper Output Neutralization for Logs - Severity 3 on line 115 for issue 1157
CWE 117 - Improper Output Neutralization for Logs - Severity 3 on line 247 for issue 1170
CWE 117 - Improper Output Neutralization for Logs - Severity 3 on line 228 for issue 1154
CWE 117 - Improper Output Neutralization for Logs - Severity 3 on line 657 for issue 1176
CWE 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - Severity 4 on line 249 for issue 1031
This PR is created by the Veracode-Fix bot to help fix security defects on your code
The base branch is at-test the base commit sha is 4f5cf44
Please reach out to your Veracode team if anything in question