From e559ed084edb7cd626bdbb5b25109b181a1ea31a Mon Sep 17 00:00:00 2001
From: Eric Six <eric@qwiet.ai>
Date: Fri, 28 Mar 2025 10:48:00 -0500
Subject: [PATCH 1/4] Update SearchController.java


From 6e52a2f79b5f34bfa86905e6ab77c49e7734f6b0 Mon Sep 17 00:00:00 2001
From: Eric Six <eric@qwiet.ai>
Date: Fri, 28 Mar 2025 10:48:47 -0500
Subject: [PATCH 2/4] Update AdminController.java


From 32e85b45e53dc8266b751efb18d4c4cfa64059ab Mon Sep 17 00:00:00 2001
From: Eric Six <eric@qwiet.ai>
Date: Fri, 28 Mar 2025 10:52:18 -0500
Subject: [PATCH 3/4] Update CustomerController.java

---
 .../controller/CustomerController.java        | 35 +++++++++----------
 1 file changed, 16 insertions(+), 19 deletions(-)

diff --git a/src/main/java/io/shiftleft/controller/CustomerController.java b/src/main/java/io/shiftleft/controller/CustomerController.java
index 8c62367..75c9d08 100644
--- a/src/main/java/io/shiftleft/controller/CustomerController.java
+++ b/src/main/java/io/shiftleft/controller/CustomerController.java
@@ -1,3 +1,4 @@
+
 package io.shiftleft.controller;
 
 import io.shiftleft.model.Account;
@@ -216,21 +217,21 @@ public void loadSettings(HttpServletResponse httpResponse, WebRequest request) t
    * @param request
    * @throws Exception
    */
-@RequestMapping(value = "/saveSettings", method = RequestMethod.GET)
-public void saveSettings(HttpServletResponse httpResponse, WebRequest request) throws Exception {
+  @RequestMapping(value = "/saveSettings", method = RequestMethod.GET)
+  public void saveSettings(HttpServletResponse httpResponse, WebRequest request) throws Exception {
     // "Settings" will be stored in a cookie
     // schema: base64(filename,value1,value2...), md5sum(base64(filename,value1,value2...))
 
     if (!checkCookie(request)){
-        httpResponse.getOutputStream().println("Error");
-        throw new Exception("cookie is incorrect");
+      httpResponse.getOutputStream().println("Error");
+      throw new Exception("cookie is incorrect");
     }
 
     String settingsCookie = request.getHeader("Cookie");
     String[] cookie = settingsCookie.split(",");
-    if(cookie.length<2) {
-        httpResponse.getOutputStream().println("Malformed cookie");
-        throw new Exception("cookie is incorrect");
+	if(cookie.length<2) {
+	  httpResponse.getOutputStream().println("Malformed cookie");
+      throw new Exception("cookie is incorrect");
     }
 
     String base64txt = cookie[0].replace("settings=","");
@@ -238,33 +239,30 @@ public void saveSettings(HttpServletResponse httpResponse, WebRequest request) t
     // Check md5sum
     String cookieMD5sum = cookie[1];
     String calcMD5Sum = DigestUtils.md5Hex(base64txt);
-    if(!cookieMD5sum.equals(calcMD5Sum))
+	if(!cookieMD5sum.equals(calcMD5Sum))
     {
-        httpResponse.getOutputStream().println("Wrong md5");
-        throw new Exception("Invalid MD5");
+      httpResponse.getOutputStream().println("Wrong md5");
+      throw new Exception("Invalid MD5");
     }
 
     // Now we can store on filesystem
     String[] settings = new String(Base64.getDecoder().decode(base64txt)).split(",");
-    // storage will have ClassPathResource as basepath
+	// storage will have ClassPathResource as basepath
     ClassPathResource cpr = new ClassPathResource("./static/");
-    // Sanitize filename to prevent directory traversal
-    String filename = FilenameUtils.getName(settings[0]);
-    File file = new File(cpr.getPath() + filename);
+	  File file = new File(cpr.getPath()+settings[0]);
     if(!file.exists()) {
-        file.getParentFile().mkdirs();
+      file.getParentFile().mkdirs();
     }
 
     FileOutputStream fos = new FileOutputStream(file, true);
     // First entry is the filename -> remove it
     String[] settingsArr = Arrays.copyOfRange(settings, 1, settings.length);
-    // on setting at a line
+    // on setting at a linez
     fos.write(String.join("\n",settingsArr).getBytes());
     fos.write(("\n"+cookie[cookie.length-1]).getBytes());
     fos.close();
     httpResponse.getOutputStream().println("Settings Saved");
-}
-
+  }
 
   /**
    * Debug test for saving and reading a customer
@@ -391,4 +389,3 @@ public void removeCustomer(@PathVariable("customerId") Long customerId, HttpServ
 	}
 
 }
-

From 71894c83ad056e0df7242a76b7a3358482bebbc0 Mon Sep 17 00:00:00 2001
From: Eric Six <eric@qwiet.ai>
Date: Fri, 28 Mar 2025 12:24:50 -0500
Subject: [PATCH 4/4] Update qwiet-prezero-workflow.yml

---
 .github/workflows/qwiet-prezero-workflow.yml | 40 ++++++++++----------
 1 file changed, 20 insertions(+), 20 deletions(-)

diff --git a/.github/workflows/qwiet-prezero-workflow.yml b/.github/workflows/qwiet-prezero-workflow.yml
index ded9174..9780f8c 100644
--- a/.github/workflows/qwiet-prezero-workflow.yml
+++ b/.github/workflows/qwiet-prezero-workflow.yml
@@ -46,26 +46,26 @@ jobs:
         SHIFTLEFT_GRPC_TELEMETRY_HOST: telemetry.shiftleft.io:443
         SHIFTLEFT_GRPC_API_HOST: api.shiftleft.io:443
 
-    - name: Download export.py and requirements.txt
-      run: |
-        curl -O https://raw.githubusercontent.com/ShiftLeftSecurity/field-integrations/master/shiftleft-utils/export.py
-        curl -O https://raw.githubusercontent.com/ShiftLeftSecurity/field-integrations/master/shiftleft-utils/config.py
-        curl -O https://raw.githubusercontent.com/ShiftLeftSecurity/field-integrations/master/shiftleft-utils/common.py
-        curl -O https://raw.githubusercontent.com/ShiftLeftSecurity/field-integrations/master/shiftleft-utils/requirements.txt
+  #  - name: Download export.py and requirements.txt
+  #    run: |
+  #      curl -O https://raw.githubusercontent.com/ShiftLeftSecurity/field-integrations/master/shiftleft-utils/export.py
+  #      curl -O https://raw.githubusercontent.com/ShiftLeftSecurity/field-integrations/master/shiftleft-utils/config.py
+  #      curl -O https://raw.githubusercontent.com/ShiftLeftSecurity/field-integrations/master/shiftleft-utils/common.py
+  #      curl -O https://raw.githubusercontent.com/ShiftLeftSecurity/field-integrations/master/shiftleft-utils/requirements.txt
 
-    - name: Install Python dependencies
-      run: |
-        python3 -m pip install --upgrade pip
-        python3 -m pip install -r requirements.txt
+  #  - name: Install Python dependencies
+  #    run: |
+  #      python3 -m pip install --upgrade pip
+  #      python3 -m pip install -r requirements.txt
 
-    - name: Run export.py and generate SARIF report
-      run: |
-        APP_NAME=${{ github.event.repository.name }}
-        python3 export.py -f sarif -a $APP_NAME
-      env:
-        SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }}
+  #  - name: Run export.py and generate SARIF report
+  #    run: |
+  #      APP_NAME=${{ github.event.repository.name }}
+  #      python3 export.py -f sarif -a $APP_NAME
+  #    env:
+  #      SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }}
 
-    - name: Upload SARIF file to GitHub Security Tab
-      uses: github/codeql-action/upload-sarif@v3  
-      with:
-        sarif_file: ./ngsast-report-${{ github.event.repository.name }}-github.sarif  # Correct dynamic path for SARIF output
+  #  - name: Upload SARIF file to GitHub Security Tab
+  #    uses: github/codeql-action/upload-sarif@v3  
+  #    with:
+  #      sarif_file: ./ngsast-report-${{ github.event.repository.name }}-github.sarif  # Correct dynamic path for SARIF output