From 264c577f1d12cfca253eccfa5df67a7fdf258580 Mon Sep 17 00:00:00 2001 From: Seth Tisue Date: Tue, 13 Aug 2024 22:09:34 -0700 Subject: [PATCH 1/3] Scala 3.5.0 (was 3.4.2) --- build.sbt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.sbt b/build.sbt index 06ca73f..c393ab2 100644 --- a/build.sbt +++ b/build.sbt @@ -3,7 +3,7 @@ lazy val `play-webgoat` = (project in file(".")).enablePlugins(PlayScala) name := "play-webgoat" version := "1.0" -crossScalaVersions := Seq("2.13.14", "3.4.2") +crossScalaVersions := Seq("2.13.14", "3.5.0") scalaVersion := crossScalaVersions.value.head // tc-skip libraryDependencies ++= Seq(guice, ws) From cde01b18f439a99309e1de211838b28f0792c6fd Mon Sep 17 00:00:00 2001 From: Seth Tisue Date: Tue, 13 Aug 2024 22:17:37 -0700 Subject: [PATCH 2/3] wip --- vulnerabilities-3.x.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vulnerabilities-3.x.txt b/vulnerabilities-3.x.txt index 3c4f7be..81aa950 100644 --- a/vulnerabilities-3.x.txt +++ b/vulnerabilities-3.x.txt @@ -33,7 +33,7 @@ app/controllers/HomeController.scala(92) : ->Result.as(this) app/controllers/HomeController.scala(92) : <->Html.apply(0->return) app/controllers/HomeController.scala(91) : ->controllers.HomeControllerattackerRouteControlledQuery$$anonfun$1.apply(this) app/controllers/HomeController.scala(91) : <=> (this) - app/controllers/HomeController.scala(92) : <->controllers.HomeControllerattackerRouteControlledQuery$$anonfun$1.innerinit^(0->this) + app/controllers/HomeController.scala(91) : <->controllers.HomeControllerattackerRouteControlledQuery$$anonfun$1.innerinit^(0->this) app/controllers/HomeController.scala(91) : ->HomeController.attackerRouteControlledQuery(0) [76157C51B8F7E2674323F2BBE0459F81 : critical : Cross-Site Scripting : Reflected : dataflow ] @@ -42,7 +42,7 @@ app/controllers/HomeController.scala(99) : ->Result.as(this) app/controllers/HomeController.scala(99) : <->Html.apply(0->return) app/controllers/HomeController.scala(98) : ->controllers.HomeControllerattackerRouteControlledPath$$anonfun$1.apply(this) app/controllers/HomeController.scala(98) : <=> (this) - app/controllers/HomeController.scala(99) : <->controllers.HomeControllerattackerRouteControlledPath$$anonfun$1.innerinit^(0->this) + app/controllers/HomeController.scala(98) : <->controllers.HomeControllerattackerRouteControlledPath$$anonfun$1.innerinit^(0->this) app/controllers/HomeController.scala(98) : ->HomeController.attackerRouteControlledPath(0) [3795138EC238E0F49E5A94291F0D4EB8 : critical : Cross-Site Scripting : Reflected : dataflow ] From 6feae7202e6029574d50bef016a553b5548ee0f9 Mon Sep 17 00:00:00 2001 From: Seth Tisue Date: Tue, 13 Aug 2024 22:17:51 -0700 Subject: [PATCH 3/3] wip --- vulnerabilities-3.x.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vulnerabilities-3.x.txt b/vulnerabilities-3.x.txt index 81aa950..03556c3 100644 --- a/vulnerabilities-3.x.txt +++ b/vulnerabilities-3.x.txt @@ -130,8 +130,8 @@ app/controllers/HomeController.scala(231) : ->ProcessBuilder.!!(this) app/controllers/HomeController.scala(229) : <- RequestHeader.getQueryString(return) [19934AF014F44D85C1841457D8ED6581 : critical : Cross-Site Scripting : Reflected : dataflow ] -target/scala-3.4.2/twirl/main/views/html/xss.template.scala(28) : ->BaseScalaTemplate._display_(0) - target/scala-3.4.2/twirl/main/views/html/xss.template.scala(28) : <->Html.apply(0->return) +target/scala-3.5.0/twirl/main/views/html/xss.template.scala(28) : ->BaseScalaTemplate._display_(0) + target/scala-3.5.0/twirl/main/views/html/xss.template.scala(28) : <->Html.apply(0->return) app/controllers/HomeController.scala(202) : ->xss.apply(0) app/controllers/HomeController.scala(201) : ->controllers.HomeControllertwirlXSS$$anonfun$1$$anonfun$1.apply(0) app/controllers/HomeController.scala(201) : <- RequestHeader.getQueryString(return)