Skip to content

Add Hutool taint flows for javasecurity-advanced config demo#87

Open
sylvain-combe-sonarsource wants to merge 1 commit into
mainfrom
demo/advanced-config-taint
Open

Add Hutool taint flows for javasecurity-advanced config demo#87
sylvain-combe-sonarsource wants to merge 1 commit into
mainfrom
demo/advanced-config-taint

Add Hutool taint flows for javasecurity-advanced config demo

6a1fb3d
Select commit
Loading
Failed to load commit list.
Sonar-Nautilus / SonarQube Code Analysis failed Jun 26, 2026 in 30s

Quality Gate failed

Failed conditions
5 New issues

See analysis details on SonarQube

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE SonarQube for IDE

Annotations

Check failure on line 34 in src/main/java/demo/security/servlet/AdvancedConfigServlet.java

See this annotation in the file changed.

@sonar-nautilus sonar-nautilus / SonarQube Code Analysis

Change this code to not construct the OS command from user-controlled data.

[S2076] OS commands should not be vulnerable to command injection attacks
 See more on https://nautilus.sonarqube.org/project/issues?id=demo%3Ajava-security&pullRequest=87&issues=0ea065f3-2b1d-44ca-ba1c-b8628360eb73&open=0ea065f3-2b1d-44ca-ba1c-b8628360eb73

Check failure on line 54 in src/main/java/demo/security/servlet/AdvancedConfigServlet.java

See this annotation in the file changed.

@sonar-nautilus sonar-nautilus / SonarQube Code Analysis

Change this code to not construct the path from user-controlled data.

[S2083] I/O function calls should not be vulnerable to path injection attacks
 See more on https://nautilus.sonarqube.org/project/issues?id=demo%3Ajava-security&pullRequest=87&issues=0033c232-20c8-4052-8012-aef93db900fa&open=0033c232-20c8-4052-8012-aef93db900fa

Check warning on line 44 in src/main/java/demo/security/servlet/AdvancedConfigServlet.java

See this annotation in the file changed.

@sonar-nautilus sonar-nautilus / SonarQube Code Analysis

Change this code to not construct the path from user-controlled data.

[S6549] Accessing files should not lead to filesystem oracle attacks
 See more on https://nautilus.sonarqube.org/project/issues?id=demo%3Ajava-security&pullRequest=87&issues=c2d155dc-954f-449d-93e9-6ae8fc6cfbb6&open=c2d155dc-954f-449d-93e9-6ae8fc6cfbb6

Check failure on line 44 in src/main/java/demo/security/servlet/AdvancedConfigServlet.java

See this annotation in the file changed.

@sonar-nautilus sonar-nautilus / SonarQube Code Analysis

Change this code to not construct the path from user-controlled data.

[S2083] I/O function calls should not be vulnerable to path injection attacks
 See more on https://nautilus.sonarqube.org/project/issues?id=demo%3Ajava-security&pullRequest=87&issues=d8535cc0-2736-4c6c-bc2d-1deb31fa1c24&open=d8535cc0-2736-4c6c-bc2d-1deb31fa1c24

Check warning on line 54 in src/main/java/demo/security/servlet/AdvancedConfigServlet.java

See this annotation in the file changed.

@sonar-nautilus sonar-nautilus / SonarQube Code Analysis

Change this code to not construct the path from user-controlled data.

[S6549] Accessing files should not lead to filesystem oracle attacks
 See more on https://nautilus.sonarqube.org/project/issues?id=demo%3Ajava-security&pullRequest=87&issues=54b17efa-d723-4299-bf2a-367399b6d11e&open=54b17efa-d723-4299-bf2a-367399b6d11e