Skip to content

AutoFix PR #50

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 11 commits into from
Closed

AutoFix PR #50

wants to merge 11 commits into from

Conversation

@gacevedo
Copy link

@gacevedo gacevedo commented Jun 11, 2024
edited
Loading

Qwiet.AI AutoFix

This PR was created automatically by the Qwiet.AI autofix tool.
As long as it is open, subsequent scans and generated fixes to this same branch
will be added to it as new commits.

Each commit fixes one vulnerability.

Some manual intervention might be required before merging this PR.

Fixes

  • AutoPatch applied to src/main/java/io/shiftleft/controller/CustomerController.java for finding 86 (Cross-Site Scripting: Attacker-Controlled Data Used as HTML Content via lastName in CustomerController.debug) of project qwiet-autofix-pr-demo

  • AutoPatch applied to src/main/java/io/shiftleft/controller/AdminController.java for finding 88 (Deserialization: Attacker-controlled Data Used in Unsafe Deserialization Function via auth in AdminController.doPostLogin) of project qwiet-autofix-pr-demo

  • AutoPatch applied to src/main/java/io/shiftleft/controller/CustomerController.java for finding 87 (Cross-Site Scripting: Attacker-Controlled Data Used as HTML Content via socialSecurityNum in CustomerController.debug) of project qwiet-autofix-pr-demo

  • AutoPatch applied to src/main/java/io/shiftleft/controller/CustomerController.java for finding 85 (Cross-Site Scripting: Attacker-Controlled Data Used as HTML Content via tin in CustomerController.debug) of project qwiet-autofix-pr-demo

  • AutoPatch applied to src/main/java/io/shiftleft/controller/CustomerController.java for finding 83 (Cross-Site Scripting: Attacker-Controlled Data Used as HTML Content via phoneNumber in CustomerController.debug) of project qwiet-autofix-pr-demo

  • AutoPatch applied to src/main/java/io/shiftleft/controller/CustomerController.java for finding 84 (Cross-Site Scripting: Attacker-Controlled Data Used as HTML Content via ssn in CustomerController.debug) of project qwiet-autofix-pr-demo

  • AutoPatch applied to src/main/java/io/shiftleft/controller/CustomerController.java for finding 82 (Cross-Site Scripting: Attacker-Controlled Data Used as HTML Content via firstName in CustomerController.debug) of project qwiet-autofix-pr-demo

  • AutoPatch applied to src/main/java/io/shiftleft/controller/CustomerController.java for finding 81 (Cross-Site Scripting: Attacker-Controlled Data Used as HTML Content via customerId in CustomerController.debug) of project qwiet-autofix-pr-demo

  • AutoPatch applied to src/main/java/io/shiftleft/controller/SearchController.java for finding 80 (Cross-Site Scripting: Attacker-Controlled Data Used as HTML Content via foo in SearchController.doGetSearch) of project qwiet-autofix-pr-demo

  • AutoPatch applied to src/main/java/io/shiftleft/controller/CustomerController.java for finding 65 (Cross-Site Scripting: Attacker-controlled, Sensitive Data Stored in Database via socialSecurityNum in CustomerController.debug) of project qwiet-autofix-pr-demo

  • AutoPatch applied to src/main/java/io/shiftleft/controller/CustomerController.java for finding 102 (Directory Traversal: Attacker-controlled Data Used in File Path via request in CustomerController.checkCookie) of project qwiet-autofix-pr-demo

gacevedo added 11 commits June 11, 2024 13:27
@gacevedo
Fixing src/main/java/io/shiftleft/controller/CustomerController.java …
486ac0d 
…for finding 86
@gacevedo
Fixing src/main/java/io/shiftleft/controller/AdminController.java for…
8a3ec61 
… finding 88
@gacevedo
Fixing src/main/java/io/shiftleft/controller/CustomerController.java …
86eec15 
…for finding 87
@gacevedo
Fixing src/main/java/io/shiftleft/model/Customer.java for finding 85
55cd237
@gacevedo
Fixing src/main/java/io/shiftleft/controller/CustomerController.java …
76cb83b 
…for finding 83
@gacevedo
Fixing src/main/java/io/shiftleft/model/Customer.java for finding 84
47afe7c
@gacevedo
Fixing src/main/java/io/shiftleft/model/Customer.java for finding 82
a086f49
@gacevedo
Fixing src/main/java/io/shiftleft/controller/CustomerController.java …
f24e342 
…for finding 81
@gacevedo
Fixing src/main/java/io/shiftleft/controller/SearchController.java fo…
22da838 
…r finding 80
@gacevedo
Fixing src/main/java/io/shiftleft/controller/CustomerController.java …
a0fca2b 
…for finding 65
@gacevedo
Fixing src/main/java/io/shiftleft/controller/CustomerController.java …
cfa63e4 
…for finding 102
@gacevedo gacevedo closed this Jun 12, 2024
@gacevedo gacevedo deleted the qwietai/autofix/fix0001 branch June 12, 2024 21:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@gacevedo