Open
Conversation
added 16 commits
June 20, 2025 19:35
…troller/ToolsController.java with patch
…troller/BlabController.java with patch
…troller/UserController.java with patch
…mands/RemoveAccountCommand.java with patch
…mands/IgnoreCommand.java with patch
…finish.jsp with patch
…troller/ResetController.java with patch
…mands/ListenCommand.java with patch
…ls/Utils.java with patch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
VERACODE FIX CODE SUGGESTIONS
Caution
Breaking Flaws identified in code!
Fixes for app/src/main/java/com/veracode/verademo/controller/ToolsController.java:
Falws found for this file:
CWE 404 - Improper Resource Shutdown or Release - Severity 0 on line 58 for issue 1063
CWE 117 - Improper Output Neutralization for Logs - Severity 3 on line 49 for issue 1167
CWE 404 - Improper Resource Shutdown or Release - Severity 0 on line 88 for issue 1062
Fixes for app/src/main/webapp/WEB-INF/views/tools.jsp:
Falws found for this file:
CWE 80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - Severity 3 on line 64 for issue 1228
CWE 80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - Severity 3 on line 67 for issue 1268
CWE 80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - Severity 3 on line 77 for issue 1269
Fixes for app/src/main/webapp/WEB-INF/views/register.jsp:
Falws found for this file:
CWE 209 - Information Exposure Through an Error Message - Severity 2 on line 59 for issue 1238
CWE 80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - Severity 3 on line 86 for issue 1227
CWE 80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - Severity 3 on line 59 for issue 1237
Fixes for app/src/main/java/com/veracode/verademo/controller/BlabController.java:
Falws found for this file:
CWE 117 - Improper Output Neutralization for Logs - Severity 3 on line 463 for issue 1150
CWE 117 - Improper Output Neutralization for Logs - Severity 3 on line 530 for issue 1147
CWE 117 - Improper Output Neutralization for Logs - Severity 3 on line 531 for issue 1164
CWE 80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - Severity 3 on line 196 for issue 1001
CWE 117 - Improper Output Neutralization for Logs - Severity 3 on line 278 for issue 1149
CWE 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - Severity 4 on line 467 for issue 1040
CWE 117 - Improper Output Neutralization for Logs - Severity 3 on line 213 for issue 1148
CWE 117 - Improper Output Neutralization for Logs - Severity 3 on line 60 for issue 1151
CWE 117 - Improper Output Neutralization for Logs - Severity 3 on line 523 for issue 1175
CWE 404 - Improper Resource Shutdown or Release - Severity 0 on line 175 for issue 1043
CWE 117 - Improper Output Neutralization for Logs - Severity 3 on line 444 for issue 1165
CWE 117 - Improper Output Neutralization for Logs - Severity 3 on line 373 for issue 1146
Fixes for app/src/main/java/com/veracode/verademo/controller/UserController.java:
Falws found for this file:
CWE 404 - Improper Resource Shutdown or Release - Severity 0 on line 165 for issue 1036
CWE 113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') - Severity 3 on line 680 for issue 1084
CWE 404 - Improper Resource Shutdown or Release - Severity 0 on line 249 for issue 1038
CWE 404 - Improper Resource Shutdown or Release - Severity 0 on line 309 for issue 1070
CWE 404 - Improper Resource Shutdown or Release - Severity 0 on line 478 for issue 1072
CWE 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - Severity 4 on line 490 for issue 1041
CWE 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - Severity 4 on line 374 for issue 1024
CWE 209 - Information Exposure Through an Error Message - Severity 2 on line 898 for issue 1220
CWE 117 - Improper Output Neutralization for Logs - Severity 3 on line 228 for issue 1154
CWE 117 - Improper Output Neutralization for Logs - Severity 3 on line 657 for issue 1176
CWE 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - Severity 4 on line 310 for issue 1030
CWE 117 - Improper Output Neutralization for Logs - Severity 3 on line 760 for issue 1161
CWE 117 - Improper Output Neutralization for Logs - Severity 3 on line 253 for issue 1158
CWE 117 - Improper Output Neutralization for Logs - Severity 3 on line 477 for issue 1159
CWE 117 - Improper Output Neutralization for Logs - Severity 3 on line 235 for issue 1177
CWE 117 - Improper Output Neutralization for Logs - Severity 3 on line 488 for issue 1171
CWE 404 - Improper Resource Shutdown or Release - Severity 0 on line 306 for issue 1055
CWE 117 - Improper Output Neutralization for Logs - Severity 3 on line 661 for issue 1168
CWE 117 - Improper Output Neutralization for Logs - Severity 3 on line 675 for issue 1153
CWE 117 - Improper Output Neutralization for Logs - Severity 3 on line 627 for issue 1169
CWE 117 - Improper Output Neutralization for Logs - Severity 3 on line 115 for issue 1157
CWE 117 - Improper Output Neutralization for Logs - Severity 3 on line 247 for issue 1170
CWE 404 - Improper Resource Shutdown or Release - Severity 0 on line 310 for issue 1037
CWE 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - Severity 4 on line 249 for issue 1031
CWE 80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - Severity 3 on line 259 for issue 1014
CWE 117 - Improper Output Neutralization for Logs - Severity 3 on line 814 for issue 1160
CWE 404 - Improper Resource Shutdown or Release - Severity 0 on line 244 for issue 1058
CWE 80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - Severity 3 on line 254 for issue 1013
CWE 117 - Improper Output Neutralization for Logs - Severity 3 on line 375 for issue 1156
CWE 113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') - Severity 3 on line 678 for issue 1080
CWE 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - Severity 4 on line 479 for issue 1032
CWE 404 - Improper Resource Shutdown or Release - Severity 0 on line 479 for issue 1039
CWE 404 - Improper Resource Shutdown or Release - Severity 0 on line 248 for issue 1071
CWE 117 - Improper Output Neutralization for Logs - Severity 3 on line 541 for issue 1155
CWE 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - Severity 4 on line 165 for issue 1029
Fixes for app/src/main/java/com/veracode/verademo/commands/RemoveAccountCommand.java:
Falws found for this file:
CWE 404 - Improper Resource Shutdown or Release - Severity 0 on line 40 for issue 1069
CWE 404 - Improper Resource Shutdown or Release - Severity 0 on line 42 for issue 1035
CWE 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - Severity 4 on line 53 for issue 1025
CWE 117 - Improper Output Neutralization for Logs - Severity 3 on line 41 for issue 1179
CWE 117 - Improper Output Neutralization for Logs - Severity 3 on line 48 for issue 1174
CWE 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - Severity 4 on line 42 for issue 1028
CWE 117 - Improper Output Neutralization for Logs - Severity 3 on line 52 for issue 1145
CWE 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - Severity 4 on line 49 for issue 1023
Fixes for app/src/main/webapp/WEB-INF/views/profile.jsp:
Falws found for this file:
CWE 80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - Severity 3 on line 163 for issue 1265
CWE 80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - Severity 3 on line 110 for issue 1257
CWE 80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - Severity 3 on line 247 for issue 1000
CWE 80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - Severity 3 on line 101 for issue 1247
CWE 209 - Information Exposure Through an Error Message - Severity 2 on line 62 for issue 1235
CWE 80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - Severity 3 on line 90 for issue 1254
CWE 80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - Severity 3 on line 252 for issue 1002
CWE 80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - Severity 3 on line 160 for issue 1242
CWE 80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - Severity 3 on line 119 for issue 1224
CWE 80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - Severity 3 on line 200 for issue 1263
CWE 80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - Severity 3 on line 62 for issue 1234
Fixes for app/src/main/java/com/veracode/verademo/commands/IgnoreCommand.java:
Falws found for this file:
CWE 404 - Improper Resource Shutdown or Release - Severity 0 on line 38 for issue 1067
CWE 117 - Improper Output Neutralization for Logs - Severity 3 on line 39 for issue 1172
CWE 117 - Improper Output Neutralization for Logs - Severity 3 on line 46 for issue 1162
CWE 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - Severity 4 on line 40 for issue 1026
CWE 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - Severity 4 on line 47 for issue 1021
CWE 404 - Improper Resource Shutdown or Release - Severity 0 on line 40 for issue 1033
Fixes for app/src/main/webapp/WEB-INF/views/register-finish.jsp:
Falws found for this file:
CWE 80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - Severity 3 on line 82 for issue 1236
CWE 209 - Information Exposure Through an Error Message - Severity 2 on line 59 for issue 1226
CWE 80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - Severity 3 on line 59 for issue 1225
Fixes for app/src/main/java/com/veracode/verademo/controller/ResetController.java:
Falws found for this file:
CWE 117 - Improper Output Neutralization for Logs - Severity 3 on line 108 for issue 1166
CWE 117 - Improper Output Neutralization for Logs - Severity 3 on line 131 for issue 1152
CWE 331 - Insufficient Entropy - Severity 3 on line 190 for issue 1079
CWE 331 - Insufficient Entropy - Severity 3 on line 152 for issue 1075
CWE 331 - Insufficient Entropy - Severity 3 on line 178 for issue 1074
CWE 331 - Insufficient Entropy - Severity 3 on line 127 for issue 1073
CWE 117 - Improper Output Neutralization for Logs - Severity 3 on line 192 for issue 1181
CWE 331 - Insufficient Entropy - Severity 3 on line 182 for issue 1078
CWE 117 - Improper Output Neutralization for Logs - Severity 3 on line 158 for issue 1180
CWE 331 - Insufficient Entropy - Severity 3 on line 155 for issue 1076
CWE 331 - Insufficient Entropy - Severity 3 on line 186 for issue 1077
Fixes for app/src/main/webapp/WEB-INF/views/blabbers.jsp:
Falws found for this file:
CWE 80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - Severity 3 on line 100 for issue 1222
CWE 80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - Severity 3 on line 65 for issue 1230
CWE 209 - Information Exposure Through an Error Message - Severity 2 on line 65 for issue 1231
CWE 80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - Severity 3 on line 103 for issue 1252
Fixes for app/src/main/webapp/WEB-INF/views/blab.jsp:
Falws found for this file:
CWE 80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - Severity 3 on line 60 for issue 1251
CWE 80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - Severity 3 on line 110 for issue 1255
CWE 80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - Severity 3 on line 56 for issue 1229
CWE 80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - Severity 3 on line 108 for issue 1221
CWE 80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - Severity 3 on line 68 for issue 1258
CWE 80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - Severity 3 on line 104 for issue 1243
CWE 209 - Information Exposure Through an Error Message - Severity 2 on line 68 for issue 1259
Fixes for app/src/main/webapp/WEB-INF/views/login.jsp:
Falws found for this file:
CWE 80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - Severity 3 on line 85 for issue 1246
CWE 209 - Information Exposure Through an Error Message - Severity 2 on line 59 for issue 1241
CWE 80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - Severity 3 on line 59 for issue 1240
CWE 80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - Severity 3 on line 78 for issue 1233
Fixes for app/src/main/java/com/veracode/verademo/commands/ListenCommand.java:
Falws found for this file:
CWE 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - Severity 4 on line 47 for issue 1022
CWE 117 - Improper Output Neutralization for Logs - Severity 3 on line 39 for issue 1173
CWE 404 - Improper Resource Shutdown or Release - Severity 0 on line 40 for issue 1034
CWE 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - Severity 4 on line 40 for issue 1027
CWE 404 - Improper Resource Shutdown or Release - Severity 0 on line 38 for issue 1068
CWE 117 - Improper Output Neutralization for Logs - Severity 3 on line 46 for issue 1163
Fixes for app/src/main/java/com/veracode/verademo/utils/Utils.java:
Falws found for this file:
CWE 113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') - Severity 3 on line 55 for issue 1083
Fixes for app/src/main/webapp/WEB-INF/views/feed.jsp:
Falws found for this file:
CWE 80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - Severity 3 on line 96 for issue 1267
CWE 80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - Severity 3 on line 58 for issue 1232
CWE 80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - Severity 3 on line 69 for issue 1261
CWE 80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - Severity 3 on line 141 for issue 1256
CWE 80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - Severity 3 on line 98 for issue 1264
CWE 80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - Severity 3 on line 93 for issue 1245
CWE 209 - Information Exposure Through an Error Message - Severity 2 on line 69 for issue 1262
This PR is created by the Veracode-Fix bot to help fix security defects on your code
The base branch is main the base commit sha is 6bcf68d
Please reach out to your Veracode team if anything in question