Add Hutool taint flows for javasecurity-advanced config demo#87
Add Hutool taint flows for javasecurity-advanced config demo#87sylvain-combe-sonarsource wants to merge 1 commit into
Quality Gate failed
Failed conditions
5 New issues
See analysis details on SonarQube
Catch issues before they fail your Quality Gate with our IDE extension
SonarQube for IDE
Annotations
Check failure on line 34 in src/main/java/demo/security/servlet/AdvancedConfigServlet.java
sonar-nautilus / SonarQube Code Analysis
Change this code to not construct the OS command from user-controlled data.
[S2076] OS commands should not be vulnerable to command injection attacks
See more on https://nautilus.sonarqube.org/project/issues?id=demo%3Ajava-security&pullRequest=87&issues=0ea065f3-2b1d-44ca-ba1c-b8628360eb73&open=0ea065f3-2b1d-44ca-ba1c-b8628360eb73
Check failure on line 54 in src/main/java/demo/security/servlet/AdvancedConfigServlet.java
sonar-nautilus / SonarQube Code Analysis
Change this code to not construct the path from user-controlled data.
[S2083] I/O function calls should not be vulnerable to path injection attacks
See more on https://nautilus.sonarqube.org/project/issues?id=demo%3Ajava-security&pullRequest=87&issues=0033c232-20c8-4052-8012-aef93db900fa&open=0033c232-20c8-4052-8012-aef93db900fa
Check warning on line 44 in src/main/java/demo/security/servlet/AdvancedConfigServlet.java
sonar-nautilus / SonarQube Code Analysis
Change this code to not construct the path from user-controlled data.
[S6549] Accessing files should not lead to filesystem oracle attacks
See more on https://nautilus.sonarqube.org/project/issues?id=demo%3Ajava-security&pullRequest=87&issues=c2d155dc-954f-449d-93e9-6ae8fc6cfbb6&open=c2d155dc-954f-449d-93e9-6ae8fc6cfbb6
Check failure on line 44 in src/main/java/demo/security/servlet/AdvancedConfigServlet.java
sonar-nautilus / SonarQube Code Analysis
Change this code to not construct the path from user-controlled data.
[S2083] I/O function calls should not be vulnerable to path injection attacks
See more on https://nautilus.sonarqube.org/project/issues?id=demo%3Ajava-security&pullRequest=87&issues=d8535cc0-2736-4c6c-bc2d-1deb31fa1c24&open=d8535cc0-2736-4c6c-bc2d-1deb31fa1c24
Check warning on line 54 in src/main/java/demo/security/servlet/AdvancedConfigServlet.java
sonar-nautilus / SonarQube Code Analysis
Change this code to not construct the path from user-controlled data.
[S6549] Accessing files should not lead to filesystem oracle attacks
See more on https://nautilus.sonarqube.org/project/issues?id=demo%3Ajava-security&pullRequest=87&issues=54b17efa-d723-4299-bf2a-367399b6d11e&open=54b17efa-d723-4299-bf2a-367399b6d11e