diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 00000000..a8fcfddd
--- /dev/null
+++ b/.github/workflows/release.yml
@@ -0,0 +1,41 @@
+# ******** Mend Unified CLI Template for Github Actions ********
+#
+# You may wish to alter this file to override the build tool and Mend scanning technologies.
+#
+# For more configuration options, please check the technical documentation portal:
+# 📚 https://docs.mend.io/bundle/integrations/page/scan_with_the_mend_cli.html
+#
+# ******** Description ********
+# mend dep will automatically use package managers and file system scanning to detect open source components.
+# mend code will automatically detect languages and frameworks used in your projects to scan for code weaknesses.
+
+# If you are NOT using a service user, and have multiple organizations, don't forget to call the scope -s parameter to set the organization
+
+name: Mend CLI SAST Scan per push to Release Branch
+
+on:
+ push:
+ branches:
+ - release*
+
+jobs:
+ build:
+ runs-on: ubuntu-latest
+
+ steps:
+ - uses: actions/checkout@v3
+ - name: Mend CLI Scan
+ env:
+ MEND_EMAIL: ${{secrets.MEND_EMAIL}}
+ MEND_USER_KEY: ${{secrets.MEND_USER_KEY}}
+ MEND_URL: https://saas.mend.io
+ #MEND_SAST_THRESHOLD_ONLY_NEW: true
+ # Set diff thresholds from the base scan
+ # MEND_SAST_THRESHOLD_HIGH: 1
+ # MEND_SAST_THRESHOLD_MEDIUM: 1
+ # MEND_SAST_THRESHOLD_LOW: 1
+ run: |
+ echo Downloading Mend CLI
+ curl https://downloads.mend.io/cli/linux_amd64/mend -o /usr/local/bin/mend && chmod +x /usr/local/bin/mend
+ echo Run Mend code scan
+ mend code -s "*//*//${{github.event.repository.name}}_${{github.ref_name}}"
diff --git a/.whitesource b/.whitesource
new file mode 100644
index 00000000..193b844d
--- /dev/null
+++ b/.whitesource
@@ -0,0 +1,34 @@
+{
+ "scanSettings": {
+ "configMode": "AUTO",
+ "configExternalURL": "",
+ "projectToken": "",
+ "enableIaC": true,
+ "enableLicenseViolations": true,
+ "enableReachability": true,
+ "baseBranches": []
+ },
+ "scanSettingsSAST": {
+ "enableScan": true,
+ "scanPullRequests": true,
+ "incrementalScan": true,
+ "baseBranches": ["JoshNewBranch"],
+ "snippetSize": 10
+ },
+ "checkRunSettings": {
+ "vulnerableCheckRunConclusionLevel": "failure",
+ "displayMode": "diff",
+ "strictMode": "warning",
+ "useMendCheckNames": true
+ },
+ "issueSettings": {
+ "minSeverityLevel": "MEDIUM",
+ "issueType": "DEPENDENCY"
+ },
+ "remediateSettings": {
+ "enableRenovate": true,
+ "extends": [
+ "config:recommended"
+ ]
+ }
+ }
diff --git a/pom.xml b/pom.xml
index 48d4a6bc..c0773e1c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -7,6 +7,8 @@
easybuggy
1-SNAPSHOT
war
+
+
UTF-8
@@ -19,7 +21,7 @@
-XX:+PrintGCDateStamps
-XX:+UseGCLogFileRotation
-XX:NumberOfGCLogFiles=5
- -XX:GCLogFileSize=10M
+ -XX:GCLogFileSize=10M
@@ -56,13 +58,13 @@
javax.servlet
javax.servlet-api
- 3.0.1
+ 4.0.1
provided
javax.servlet.jsp
jsp-api
- 2.2
+ 2.1
provided
@@ -73,8 +75,13 @@
org.apache.derby
derby
- 10.8.3.0
+ 10.16.1.2
+
+ org.apache.kafka
+ kafka-clients
+ 3.2.0
+
javassist
javassist
@@ -222,7 +229,7 @@
startup-uber-start
- install
+ deploy
exec
diff --git a/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java b/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java
index 195f4491..d734493b 100644
--- a/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java
+++ b/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java
@@ -24,6 +24,7 @@ public abstract class AbstractServlet extends HttpServlet {
* Send an HTTP response to the client.
*
* @param req HTTP servlet request.
+ * TestJosh
* @param res HTTP servlet response.
* @param htmlTitle Title of HTML page.
* @param htmlBody Body of HTML page.
diff --git a/src/main/java/org/t246osslab/easybuggy/errors/AssertionErrorServlet.java b/src/main/java/org/t246osslab/easybuggy/errors/AssertionErrorServlet.java
index a13ab18c..05826ec4 100644
--- a/src/main/java/org/t246osslab/easybuggy/errors/AssertionErrorServlet.java
+++ b/src/main/java/org/t246osslab/easybuggy/errors/AssertionErrorServlet.java
@@ -1,3 +1,4 @@
+//testJosh
package org.t246osslab.easybuggy.errors;
import java.io.IOException;
diff --git a/src/main/java/org/t246osslab/easybuggy/exceptions/ArithmeticExceptionServlet.java b/src/main/java/org/t246osslab/easybuggy/exceptions/ArithmeticExceptionServlet.java
index c64107a5..9a8ed629 100644
--- a/src/main/java/org/t246osslab/easybuggy/exceptions/ArithmeticExceptionServlet.java
+++ b/src/main/java/org/t246osslab/easybuggy/exceptions/ArithmeticExceptionServlet.java
@@ -6,6 +6,7 @@
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpServletResponse;
import org.t246osslab.easybuggy.core.servlets.AbstractServlet;
diff --git a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java
index 1a0f987a..affe466b 100644
--- a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java
+++ b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java
@@ -60,12 +60,16 @@ protected void service(HttpServletRequest req, HttpServletResponse res) throws S
private String selectUsers(String name, String password, HttpServletRequest req) {
Connection conn = null;
- Statement stmt = null;
+ PreparedStatement stmt = null;
ResultSet rs = null;
String result = getErrMsg("msg.error.user.not.exist", req.getLocale());
try {
conn = DBClient.getConnection();
- stmt = conn.createStatement();
+ /** stmt = conn.prepareStatement("SELECT name, secret FROM users WHERE ispublic = 'true' AND name='" + name
+ "SELECT name, secret FROM users WHERE ispublic = 'true' AND name=" + "?" + " AND password=" + "?");
+ */
+ stmt.setString(1, name);
+ stmt.setString(2, password);
rs = stmt.executeQuery("SELECT name, secret FROM users WHERE ispublic = 'true' AND name='" + name
+ "' AND password='" + password + "'");
StringBuilder sb = new StringBuilder();