From d7627dff19296dafae013559828a14c596285460 Mon Sep 17 00:00:00 2001 From: Antoine Vinot Date: Mon, 22 Aug 2022 22:32:52 +0200 Subject: [PATCH 1/3] Other branch test --- src/main/java/example/Start.java | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/main/java/example/Start.java b/src/main/java/example/Start.java index ca08ee5..b430e98 100644 --- a/src/main/java/example/Start.java +++ b/src/main/java/example/Start.java @@ -18,4 +18,11 @@ private static void doVulnerableCode() throws SQLException { Connection conn = DriverManager.getConnection("jdbc:derby:memory:myDB;create=true", "login", ""); } + private static void anotherVulnerableCode() { + var regex = "/^([a-zA-Z0-9])(([\\-.]|[_]+)?([a-zA-Z0-9]+))*(@){1}[a-z0-9]+[.]{1}(([a-z]{2,3})|([a-z]{2,3}[.]{1}[a-z]{2,3}))$/"; + if (!"some phrase".matches(regex)){ + throw new Error("Invalid mail format"); + } + } + } From ff0ee70fd6d1e74b71ad9ea9fc056ce089debb60 Mon Sep 17 00:00:00 2001 From: Antoine Vinot Date: Mon, 29 Aug 2022 17:14:20 +0200 Subject: [PATCH 2/3] pr vulnerability --- build.gradle | 3 ++- src/main/java/example/Start.java | 11 ++++++++--- src/main/java/example/Vulnerable.java | 15 +++++++++++++++ 3 files changed, 25 insertions(+), 4 deletions(-) create mode 100644 src/main/java/example/Vulnerable.java diff --git a/build.gradle b/build.gradle index 3cae2d7..1cc8ad8 100644 --- a/build.gradle +++ b/build.gradle @@ -1,5 +1,6 @@ plugins { id 'java' + id "org.sonarqube" version "3.4.0.2513" } group 'org.example' @@ -16,4 +17,4 @@ dependencies { test { useJUnitPlatform() -} \ No newline at end of file +} diff --git a/src/main/java/example/Start.java b/src/main/java/example/Start.java index b430e98..97650c2 100644 --- a/src/main/java/example/Start.java +++ b/src/main/java/example/Start.java @@ -1,7 +1,5 @@ package example; -import java.sql.Connection; -import java.sql.DriverManager; import java.sql.SQLException; public class Start { @@ -15,7 +13,7 @@ public static void main(String[] args) { } private static void doVulnerableCode() throws SQLException { - Connection conn = DriverManager.getConnection("jdbc:derby:memory:myDB;create=true", "login", ""); + new Vulnerable().vulnerable(); } private static void anotherVulnerableCode() { @@ -25,4 +23,11 @@ private static void anotherVulnerableCode() { } } + private static void moreVulnerableCode() { + var regex = "/^([a-zA-Z0-9])(([\\-.]|[_]+)?([a-zA-Z0-9]+))*(@){1}[a-z0-9]+[.]{1}(([a-z]{2,3})|([a-z]{2,3}[.]{1}[a-z]{2,3}))$/"; + if (!"some phrase test".matches(regex)){ + throw new Error("Invalid e-mail format"); + } + } + } diff --git a/src/main/java/example/Vulnerable.java b/src/main/java/example/Vulnerable.java new file mode 100644 index 0000000..5aad3d1 --- /dev/null +++ b/src/main/java/example/Vulnerable.java @@ -0,0 +1,15 @@ +package example; + +import java.sql.Connection; +import java.sql.DriverManager; +import java.sql.SQLException; + +public class Vulnerable { + public Connection vulnerable() { + try { + return DriverManager.getConnection("jdbc:derby:memory:myDB;create=true", "login", ""); + } catch (SQLException e) { + throw new RuntimeException(e); + } + } +} From 07b40d4fab99b09f9e86d936baf2b7ca3d3e3132 Mon Sep 17 00:00:00 2001 From: Antoine Vinot Date: Tue, 30 Aug 2022 14:21:33 +0200 Subject: [PATCH 3/3] Test --- src/main/java/example/Start.java | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/main/java/example/Start.java b/src/main/java/example/Start.java index 97650c2..63df820 100644 --- a/src/main/java/example/Start.java +++ b/src/main/java/example/Start.java @@ -1,5 +1,6 @@ package example; +import java.sql.DriverManager; import java.sql.SQLException; public class Start { @@ -16,6 +17,14 @@ private static void doVulnerableCode() throws SQLException { new Vulnerable().vulnerable(); } + private static void doVulnerableCode(String output) { + try { + DriverManager.getConnection("jdbc:derby:memory:myDB;create=true", "login", ""); + } catch (SQLException e) { + throw new RuntimeException(output + " " + e); + } + } + private static void anotherVulnerableCode() { var regex = "/^([a-zA-Z0-9])(([\\-.]|[_]+)?([a-zA-Z0-9]+))*(@){1}[a-z0-9]+[.]{1}(([a-z]{2,3})|([a-z]{2,3}[.]{1}[a-z]{2,3}))$/"; if (!"some phrase".matches(regex)){