PatchWork AutoFix

[CTY-git]

This pull request from patched fixes 18 issues.

---

• File changed: src/com/ibm/security/appscan/altoromutual/util/DBUtil.java
  Fix SQL injection vulnerability by using PreparedStatement

  Replaced the Statement with a PreparedStatement to prevent SQL injection vulnerability by using parameterized queries.
  Fix SQL injection vulnerability by using PreparedStatement

  Replaced Statement with PreparedStatement to prevent SQL injection vulnerability
  Fix SQL injection vulnerability by using PreparedStatement

  Replaced Statement with PreparedStatement to prevent SQL injection by using input parameters properly.
  Fix SQL injection vulnerability by using PreparedStatement

  Replaced the Statement with PreparedStatement to prevent SQL injection by using parameter placeholders.
  Fix SQL injection vulnerability by using PreparedStatement

  Replaced Statement with PreparedStatement to prevent SQL injection vulnerability
  Fix SQL injection vulnerability by using PreparedStatement

  Replaced Statement with PreparedStatement to address SQL injection vulnerability.
  Remove debug code from getBankUsernames method

  Removed the line that prints the stack trace when catching an SQLException in the getBankUsernames method.
  Fix SQL injection vulnerability by switching to prepared statement

  Replaced the SQL query construction with a prepared statement to prevent SQL injection vulnerability.
  Fix SQL injection vulnerability by using prepared statements

  Replaced Statement with PreparedStatement to prevent SQL injection vulnerability by using prepared statements instead of formatted strings.
  Fix SQL injection vulnerability by using PreparedStatement

  Replaced Statement with PreparedStatement to prevent SQL injection by using parameterized query
  Fix SQL injection vulnerability by using PreparedStatement

  Replaced Statement with PreparedStatement to prevent SQL injection vulnerability by using PreparedStatement to execute the SQL query securely.
  Fix SQL injection vulnerability by using PreparedStatement

  Replaced Statement with PreparedStatement to fix SQL injection vulnerability by using parameterized query.
  Remove debug print statement

  Removed the debug print statement (e.printStackTrace()) and replaced it with logging the error message using Log4j.

• File changed: src/com/ibm/security/appscan/altoromutual/util/ServletUtil.java
  Remove debug code from isLoggedin method

  Removed the debug line "e.printStackTrace();" from the catch block in the isLoggedin method.
  Fix session middleware settings and remove debug code

  - Added accountCookie.setSecure(true); to ensure the cookie is sent only over HTTPS.

  • Removed e.printStackTrace(); to get rid of the debug code.

• File changed: src/com/ibm/security/appscan/altoromutual/util/OperationsUtil.java
  Fix vulnerability with insecure random number generation

  Replaced the usage of java.util.Random with java.security.SecureRandom to ensure secure random number generation.

• File changed: WebContent/static/inside_community.htm
  Fix insecure link to HTTPS

  Changed the insecure HTTP link to an HTTPS link for better security.

• File changed: src/com/ibm/security/appscan/altoromutual/servlet/LoginServlet.java
  Fix session cookie vulnerabilities

  Added setting 'HttpOnly' and 'secure' flags to session cookie to improve security.