PatchWork AutoFix #21
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 7 commits
June 25, 2024 10:16
…jmwp9w1/src/com/ibm/security/appscan/altoromutual/util/OperationsUtil.java
…jmwp9w1/src/com/ibm/security/appscan/altoromutual/util/ServletUtil.java
…jmwp9w1/src/com/ibm/security/appscan/altoromutual/servlet/AdminServlet.java
…jmwp9w1/src/com/ibm/security/appscan/altoromutual/servlet/LoginServlet.java
…jmwp9w1/WebContent/static/inside_about.htm
…jmwp9w1/src/com/ibm/security/appscan/altoromutual/util/DBUtil.java
…jmwp9w1/WebContent/static/inside_community.htm
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request from patched fixes 20 issues.
Fix SQL injection vulnerability by using PreparedStatement
Replaced Statement with PreparedStatement to prevent SQL injection vulnerability by using parameterized queries.Fix SQL injection vulnerability by using PreparedStatement
Used PreparedStatement to fix SQL injection vulnerability by replacing Statement with PreparedStatement in the SQL update query.Fix SQL injection vulnerability by using PreparedStatement
Replaced Statement with PreparedStatement to prevent SQL injection vulnerabilityFix SQL injection vulnerability by using PreparedStatement
Replaced Statement with PreparedStatement to prevent SQL injection vulnerability by using parameterized queries.Fix SQL injection vulnerability by using PreparedStatement
Replaced Statement with PreparedStatement to prevent SQL injection vulnerability by using parameterized queries.Fix SQL injection vulnerability by using PreparedStatement
Replaced Statement with PreparedStatement to prevent SQL injection vulnerability by using parameterized query.Remove debug code from getBankUsernames method
Removed e.printStackTrace() which prints the stack trace to the standard error stream, used for debugging.Fix SQL injection vulnerability by using prepared statement
Replaced the concatenated SQL query with a PreparedStatement to prevent SQL injection vulnerability.Fix SQL injection vulnerability using prepared statements
Replaced the SQL statements with prepared statements to prevent SQL injection vulnerabilities.Fix SQL injection vulnerability by using PreparedStatement
Replaced Statement with PreparedStatement to prevent SQL injection vulnerability by using parameterized query with placeholders.Fix SQL injection vulnerability by using PreparedStatement
Replaced Statement with PreparedStatement to prevent SQL injection vulnerability by using parameterized query to safely pass the username.Fix SQL injection vulnerability by using prepared statement
Replaced Statement with PreparedStatement to prevent SQL injection vulnerability by using prepared statement.Remove debug code from data source lookup
Removed the debug print statement and logging of the exception message during data source lookup.Remove debug print statement in isLoggedin method
Removed the debug print statement (e.printStackTrace()) in the catch block of the isLoggedin method.Fix session middleware settings vulnerability
Set thesecureflag of the session cookie to true to ensure it is only sent over HTTPS.Fix vulnerability by replacing java.util.Random() with java.security.SecureRandom
Replaced the usage of java.util.Random() with java.security.SecureRandom in the makeRandomString() method to fix the vulnerability.Fix insecure link in the code
Changed the HTTP link "http://www.newspapersyndications.tv" to HTTPS link "https://www.newspapersyndications.tv"Fix insecure link to Adobe Reader download page
Replaced the insecure link "http://www.adobe.com/products/acrobat/readstep2.html" with a secure link "https://www.adobe.com/products/acrobat/readstep2.html" to Adobe Reader download page.Fixed input validation vulnerability in AdminServlet
Sanitized user input before processing to prevent injection attacks in AdminServlet.Fix cookie vulnerabilities by setting 'HttpOnly' and 'secure' flags
Added setting 'HttpOnly' flag for cookies by calling setHttpOnly(true) method and setting 'secure' flag for cookies by calling setSecure(true) method.