Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merge changes from spring-update branch #22

Open
wants to merge 34 commits into
base: main
Choose a base branch
from
Open

Merge changes from spring-update branch #22

wants to merge 34 commits into from

Conversation

kadraman
Copy link
Contributor

No description provided.

@kadraman
Updating Spring Boot to 2.7.17.
73f74a0
@kadraman
User Registration Serialization.
1505c6b
@kadraman
GitHub Actions and Scripts
65aa85d
@kadraman
Merge branch 'dev' into spring-update
3b877dd 
# Conflicts:
#	.github/actions/gradle-fod-sast-scan/action.yml
#	.github/workflows/fod.yml
@kadraman
GitHub Actions and Scripts
3a7556d
@kadraman
GitHub Actions
cd0fb98
@kadraman
GitHub Actions
ca0db3a
@kadraman
GitHub Actions
bee3ae7
@kadraman
GitHub Actions
c86a4b2
@kadraman
GitHub Actions
592916a
@kadraman
GitHub Actions
6ea8382
@kadraman
GitHub Actions
94194f2
@kadraman
GitHub Actions
4dd843a
@kadraman
GitHub Actions
f018f4c
@kadraman
GitHub Actions
54a2779
@kadraman
GitHub Actions
8cb91dd
@kadraman
GitHub Actions
ac22859
@kadraman
GitHub Actions
dc50ae9
@kadraman
GitHub Actions
204b707
@kadraman
GitHub Actions
c2e373f
@kadraman
GitHub Actions
bf3ffc0
@kadraman
GitHub Actions
7462a66
@kadraman
GitHub Actions
85d0e66
@kadraman
GitHub Actions
6547bdb
@kadraman
GitHub Actions
21e5038
@kadraman
Merge branch 'develop' into spring-update
8d71e94 
# Conflicts:
#	.github/actions/fortify-app-and-release-name/action.yml
@kadraman
GitHub Actions
31a19f0
@kadraman
Merge branch 'main' into spring-update
d99d98e
@kadraman
Environment update
2620156
@kadraman
Updating Actions
4eef547
github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 21, 2024
View reviewed changes
src/main/java/com/microfocus/example/utils/UserUtils.java Outdated
}

public static UserObj deserializeUser() throws IOException, ClassNotFoundException {
File dataFile = new File(getFilePath(USER_INFO_FILE));

Check failure

Code scanning / Fortify on Demand

Path Manipulation High

Attackers can control the file system path argument to File() at UserUtils.java line 158, which allows them to access or modify otherwise protected files.Allowing user input to control paths used in file system operations could enable an attacker to access or modify otherwise protected system resources.
src/main/java/com/microfocus/example/utils/UserUtils.java Outdated
while (e.hasMoreElements()) {
log.info(e.nextElement().toString());
}
zf.close();
}

public static void serializeUser(String username, String password) throws IOException {

File dataFile = new File(getFilePath(USER_INFO_FILE));

Check failure

Code scanning / Fortify on Demand

Path Manipulation High

Attackers can control the file system path argument to File() at UserUtils.java line 146, which allows them to access or modify otherwise protected files.Allowing user input to control paths used in file system operations could enable an attacker to access or modify otherwise protected system resources.
src/main/java/com/microfocus/example/utils/UserUtils.java Outdated
File dataFile = new File(getFilePath(USER_INFO_FILE));

FileInputStream fis = new FileInputStream(dataFile);
ObjectInputStream is = new ObjectInputStream(fis);

Check failure

Code scanning / Fortify on Demand

Unreleased Resource: Streams High

The function deserializeUser() in UserUtils.java sometimes fails to release a system resource allocated by FileInputStream() on line 160.The program can potentially fail to release a system resource.
src/main/java/com/microfocus/example/utils/UserUtils.java Outdated
UserObj userObj = new UserObj(username, password);

FileOutputStream fos = new FileOutputStream(dataFile);
ObjectOutputStream os = new ObjectOutputStream(fos);

Check failure

Code scanning / Fortify on Demand

Unreleased Resource: Streams High

The function serializeUser() in UserUtils.java sometimes fails to release a system resource allocated by FileOutputStream() on line 152.The program can potentially fail to release a system resource.
@kadraman kadraman self-assigned this Mar 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@kadraman kadraman

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@kadraman