Skip to content

New class vulnerable #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
antoine-vinot-sonarsource wants to merge 3 commits into
base: master
Choose a base branch
from
Open

New class vulnerable #2

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
d7627df
Other branch test
antoine-vinot-sonarsource Aug 22, 2022
ff0ee70
pr vulnerability
antoine-vinot-sonarsource Aug 29, 2022
07b40d4
Test
antoine-vinot-sonarsource Aug 30, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion build.gradle
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
plugins {
id 'java'
id "org.sonarqube" version "3.4.0.2513"
}

group 'org.example'
Expand All @@ -16,4 +17,4 @@ dependencies {

test {
useJUnitPlatform()
}
}
25 changes: 23 additions & 2 deletions src/main/java/example/Start.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
package example;

import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.SQLException;

Expand All @@ -15,7 +14,29 @@ public static void main(String[] args) {
}

private static void doVulnerableCode() throws SQLException {
Connection conn = DriverManager.getConnection("jdbc:derby:memory:myDB;create=true", "login", "");
new Vulnerable().vulnerable();
}

private static void doVulnerableCode(String output) {
try {
DriverManager.getConnection("jdbc:derby:memory:myDB;create=true", "login", "");

Check failure

Code scanning / SonarQube

A secure password should be used when connecting to a database

<!--SONAR_ISSUE_KEY:AYLutGZ2c_fJ00IeVZGq-->Add password protection to this database.

Check failure

Code scanning / SonarCloud

A secure password should be used when connecting to a database

<!--SONAR_ISSUE_KEY:AY3Fw9-2iDLXXRG5HpHT-->Add password protection to this database. <p>See more on <a href="https://sonarcloud.io/project/issues?id=antoine-vinot-sonarsource_CodeScanningSample&issues=AY3Fw9-2iDLXXRG5HpHT&open=AY3Fw9-2iDLXXRG5HpHT&pullRequest=2">SonarCloud</a></p>

Check failure

Code scanning / SonarCloudsquad-3

A secure password should be used when connecting to a database

<!--SONAR_ISSUE_KEY:AY_jg_0yrPNksJJcSql0-->Add password protection to this database. <p>See more on <a href="https://squad-3-core.sc-dev.io/project/issues?id=antoine-vinot-sonarsource_CodeScanningSample&issues=AY_jg_0yrPNksJJcSql0&open=AY_jg_0yrPNksJJcSql0&pullRequest=2">SonarCloud</a></p>

Check failure

Code scanning / SonarCloudDev

A secure password should be used when connecting to a database

<!--SONAR_ISSUE_KEY:AZJXuaXlCPbxHiHE8iyp-->Add password protection to this database. <p>See more on <a href="https://dev.sc-dev.io/project/issues?id=antoine-vinot-sonarsource_CodeScanningSample&issues=AZJXuaXlCPbxHiHE8iyp&open=AZJXuaXlCPbxHiHE8iyp&pullRequest=2">SonarCloud</a></p>
} catch (SQLException e) {
throw new RuntimeException(output + " " + e);
}
}

private static void anotherVulnerableCode() {
var regex = "/^([a-zA-Z0-9])(([\\-.]|[_]+)?([a-zA-Z0-9]+))*(@){1}[a-z0-9]+[.]{1}(([a-z]{2,3})|([a-z]{2,3}[.]{1}[a-z]{2,3}))$/";

Check notice

Code scanning

Inefficient regular expression

This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '0'.
if (!"some phrase".matches(regex)){
throw new Error("Invalid mail format");
}
}

private static void moreVulnerableCode() {
var regex = "/^([a-zA-Z0-9])(([\\-.]|[_]+)?([a-zA-Z0-9]+))*(@){1}[a-z0-9]+[.]{1}(([a-z]{2,3})|([a-z]{2,3}[.]{1}[a-z]{2,3}))$/";

Check notice

Code scanning

Inefficient regular expression

This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '0'.
if (!"some phrase test".matches(regex)){
throw new Error("Invalid e-mail format");
}
}

}
15 changes: 15 additions & 0 deletions src/main/java/example/Vulnerable.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
package example;

import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.SQLException;

public class Vulnerable {
public Connection vulnerable() {
try {
return DriverManager.getConnection("jdbc:derby:memory:myDB;create=true", "login", "");

Check failure

Code scanning / SonarQube

A secure password should be used when connecting to a database

<!--SONAR_ISSUE_KEY:AYLqLndBuVHzZexvgjCr-->Add password protection to this database.

Check notice

Code scanning

A secure password should be used when connecting to a database

<!--SONAR_ISSUE_KEY:AYLqQPZ9uVHzZexvgjHl-->Add password protection to this database.

Check failure

Code scanning / SonarCloud

A secure password should be used when connecting to a database

<!--SONAR_ISSUE_KEY:AY3Fw9_RiDLXXRG5HpHq-->Add password protection to this database. <p>See more on <a href="https://sonarcloud.io/project/issues?id=antoine-vinot-sonarsource_CodeScanningSample&issues=AY3Fw9_RiDLXXRG5HpHq&open=AY3Fw9_RiDLXXRG5HpHq&pullRequest=2">SonarCloud</a></p>

Check failure

Code scanning / SonarCloudsquad-3

A secure password should be used when connecting to a database

<!--SONAR_ISSUE_KEY:AY_jg_2orPNksJJcSqmI-->Add password protection to this database. <p>See more on <a href="https://squad-3-core.sc-dev.io/project/issues?id=antoine-vinot-sonarsource_CodeScanningSample&issues=AY_jg_2orPNksJJcSqmI&open=AY_jg_2orPNksJJcSqmI&pullRequest=2">SonarCloud</a></p>

Check failure

Code scanning / SonarCloudDev

A secure password should be used when connecting to a database

<!--SONAR_ISSUE_KEY:AZJXuab6CPbxHiHE8iy9-->Add password protection to this database. <p>See more on <a href="https://dev.sc-dev.io/project/issues?id=antoine-vinot-sonarsource_CodeScanningSample&issues=AZJXuab6CPbxHiHE8iy9&open=AZJXuab6CPbxHiHE8iy9&pullRequest=2">SonarCloud</a></p>
} catch (SQLException e) {
throw new RuntimeException(e);
}
}
}