Skip to content

New class vulnerable #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
antoine-vinot-sonarsource wants to merge 3 commits into
base: master
Choose a base branch
from
Open

New class vulnerable #2

antoine-vinot-sonarsource wants to merge 3 commits into from

Conversation

@antoine-vinot-sonarsource
Copy link
Owner

@antoine-vinot-sonarsource antoine-vinot-sonarsource commented Aug 29, 2022

No description provided.

github-advanced-security[bot]
github-advanced-security bot found potential problems Aug 29, 2022
View reviewed changes
src/main/java/example/Vulnerable.java
public class Vulnerable {
public Connection vulnerable() {
try {
return DriverManager.getConnection("jdbc:derby:memory:myDB;create=true", "login", "");

Check failure

Code scanning / SonarQube

A secure password should be used when connecting to a database

<!--SONAR_ISSUE_KEY:AYLqLndBuVHzZexvgjCr-->Add password protection to this database.
github-advanced-security[bot]
github-advanced-security bot found potential problems Aug 29, 2022
View reviewed changes
src/main/java/example/Start.java
}

private static void anotherVulnerableCode() {
var regex = "/^([a-zA-Z0-9])(([\\-.]|[_]+)?([a-zA-Z0-9]+))*(@){1}[a-z0-9]+[.]{1}(([a-z]{2,3})|([a-z]{2,3}[.]{1}[a-z]{2,3}))$/";

Check notice

Code scanning

Inefficient regular expression

This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '0'.
src/main/java/example/Start.java
}

private static void moreVulnerableCode() {
var regex = "/^([a-zA-Z0-9])(([\\-.]|[_]+)?([a-zA-Z0-9]+))*(@){1}[a-z0-9]+[.]{1}(([a-z]{2,3})|([a-z]{2,3}[.]{1}[a-z]{2,3}))$/";

Check notice

Code scanning

Inefficient regular expression

This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '0'.
github-advanced-security[bot]
github-advanced-security bot found potential problems Aug 29, 2022
View reviewed changes
src/main/java/example/Vulnerable.java
public class Vulnerable {
public Connection vulnerable() {
try {
return DriverManager.getConnection("jdbc:derby:memory:myDB;create=true", "login", "");

Check notice

Code scanning

A secure password should be used when connecting to a database

<!--SONAR_ISSUE_KEY:AYLqQPZ9uVHzZexvgjHl-->Add password protection to this database.
github-advanced-security[bot]
github-advanced-security bot found potential problems Aug 30, 2022
View reviewed changes
src/main/java/example/Start.java

private static void doVulnerableCode(String output) {
try {
DriverManager.getConnection("jdbc:derby:memory:myDB;create=true", "login", "");

Check failure

Code scanning / SonarQube

A secure password should be used when connecting to a database

<!--SONAR_ISSUE_KEY:AYLutGZ2c_fJ00IeVZGq-->Add password protection to this database.
@sonarqubecloud
Copy link

sonarqubecloud bot commented Feb 20, 2024

Quality Gate Failed Quality Gate failed

Failed conditions
2 Security Hotspots
E Security Rating on New Code (required ≥ A)
D Reliability Rating on New Code (required ≥ A)
D Maintainability Rating on New Code (required ≥ A)

See analysis details on SonarCloud

idea Catch issues before they fail your Quality Gate with our IDE extension SonarLint SonarLint

github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 20, 2024
View reviewed changes
src/main/java/example/Start.java

private static void doVulnerableCode(String output) {
try {
DriverManager.getConnection("jdbc:derby:memory:myDB;create=true", "login", "");

Check failure

Code scanning / SonarCloud

A secure password should be used when connecting to a database

<!--SONAR_ISSUE_KEY:AY3Fw9-2iDLXXRG5HpHT-->Add password protection to this database. <p>See more on <a href="https://sonarcloud.io/project/issues?id=antoine-vinot-sonarsource_CodeScanningSample&issues=AY3Fw9-2iDLXXRG5HpHT&open=AY3Fw9-2iDLXXRG5HpHT&pullRequest=2">SonarCloud</a></p>
src/main/java/example/Vulnerable.java
public class Vulnerable {
public Connection vulnerable() {
try {
return DriverManager.getConnection("jdbc:derby:memory:myDB;create=true", "login", "");

Check failure

Code scanning / SonarCloud

A secure password should be used when connecting to a database

<!--SONAR_ISSUE_KEY:AY3Fw9_RiDLXXRG5HpHq-->Add password protection to this database. <p>See more on <a href="https://sonarcloud.io/project/issues?id=antoine-vinot-sonarsource_CodeScanningSample&issues=AY3Fw9_RiDLXXRG5HpHq&open=AY3Fw9_RiDLXXRG5HpHq&pullRequest=2">SonarCloud</a></p>
@ghost
Copy link

ghost commented Jun 4, 2024

Quality Gate Failed Quality Gate failed

Failed conditions
2 Security Hotspots
D Maintainability Rating on New Code (required ≥ A)
E Security Rating on New Code (required ≥ A)
D Reliability Rating on New Code (required ≥ A)

See analysis details on SonarCloud

Catch issues before they fail your Quality Gate with our IDE extension SonarLint

github-advanced-security[bot]
github-advanced-security bot found potential problems Jun 4, 2024
View reviewed changes
src/main/java/example/Start.java

private static void doVulnerableCode(String output) {
try {
DriverManager.getConnection("jdbc:derby:memory:myDB;create=true", "login", "");

Check failure

Code scanning / SonarCloudsquad-3

A secure password should be used when connecting to a database

<!--SONAR_ISSUE_KEY:AY_jg_0yrPNksJJcSql0-->Add password protection to this database. <p>See more on <a href="https://squad-3-core.sc-dev.io/project/issues?id=antoine-vinot-sonarsource_CodeScanningSample&issues=AY_jg_0yrPNksJJcSql0&open=AY_jg_0yrPNksJJcSql0&pullRequest=2">SonarCloud</a></p>
src/main/java/example/Vulnerable.java
public class Vulnerable {
public Connection vulnerable() {
try {
return DriverManager.getConnection("jdbc:derby:memory:myDB;create=true", "login", "");

Check failure

Code scanning / SonarCloudsquad-3

A secure password should be used when connecting to a database

<!--SONAR_ISSUE_KEY:AY_jg_2orPNksJJcSqmI-->Add password protection to this database. <p>See more on <a href="https://squad-3-core.sc-dev.io/project/issues?id=antoine-vinot-sonarsource_CodeScanningSample&issues=AY_jg_2orPNksJJcSqmI&open=AY_jg_2orPNksJJcSqmI&pullRequest=2">SonarCloud</a></p>
github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 4, 2024
View reviewed changes
src/main/java/example/Start.java

private static void doVulnerableCode(String output) {
try {
DriverManager.getConnection("jdbc:derby:memory:myDB;create=true", "login", "");

Check failure

Code scanning / SonarCloudDev

A secure password should be used when connecting to a database

<!--SONAR_ISSUE_KEY:AZJXuaXlCPbxHiHE8iyp-->Add password protection to this database. <p>See more on <a href="https://dev.sc-dev.io/project/issues?id=antoine-vinot-sonarsource_CodeScanningSample&issues=AZJXuaXlCPbxHiHE8iyp&open=AZJXuaXlCPbxHiHE8iyp&pullRequest=2">SonarCloud</a></p>
src/main/java/example/Vulnerable.java
public class Vulnerable {
public Connection vulnerable() {
try {
return DriverManager.getConnection("jdbc:derby:memory:myDB;create=true", "login", "");

Check failure

Code scanning / SonarCloudDev

A secure password should be used when connecting to a database

<!--SONAR_ISSUE_KEY:AZJXuab6CPbxHiHE8iy9-->Add password protection to this database. <p>See more on <a href="https://dev.sc-dev.io/project/issues?id=antoine-vinot-sonarsource_CodeScanningSample&issues=AZJXuab6CPbxHiHE8iy9&open=AZJXuab6CPbxHiHE8iy9&pullRequest=2">SonarCloud</a></p>
@sonarqube-cloud-dev
Copy link

sonarqube-cloud-dev bot commented Oct 4, 2024

Quality Gate Failed Quality Gate failed

Failed conditions
2 Security Hotspots
D Reliability Rating on New Code (required ≥ A)
E Security Rating on New Code (required ≥ A)
D Maintainability Rating on New Code (required ≥ A)

See analysis details on SonarCloud

Catch issues before they fail your Quality Gate with our IDE extension SonarLint

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@antoine-vinot-sonarsource