Release v0.14.0 — XSS autofix + baseline mode · GabrielBBaldez/spring-taint

Autofix now covers XSS

In addition to SQL injection, the autofix wraps the interpolated values written to the response in HtmlUtils.htmlEscape(...) and adds the import:

  - response.getWriter().write("<p>" + out + "</p>");
  + response.getWriter().write("<p>" + HtmlUtils.htmlEscape(out) + "</p>");

Verified end-to-end: applying the SQL + XSS fixes compiles cleanly and drops the benchmark's xss findings from 12 to 4 (the rest are cross-method or non-concatenation sinks, out of scope).

Baseline mode

spring-taint scan target/classes --libs … --baseline spring-taint-baseline.txt

The first run records the current findings; later runs report — and gate CI on — only findings not in the baseline. This lets a team adopt the tool on a legacy codebase and fail the build only on new issues. Fingerprints are line-independent, so the baseline survives code moving around.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

v0.14.0 — XSS autofix + baseline mode

Choose a tag to compare

Sorry, something went wrong.

Sorry, something went wrong.

Uh oh!

No results found

Autofix now covers XSS

Baseline mode

Uh oh!