Fix Scan Pull Request failing tests#1240
Conversation
eranturgeman
commented
Mar 3, 2026
eranturgeman
commented
- All tests passed. If this feature is not already covered by the tests, I added new tests.
- This pull request is on the dev branch.
- I used gofmt for formatting the code before submitting the pull request.
- Update documentation about new features / new supported technologies
eranturgeman
added
the
safe to test
github-actions
bot
removed
the
safe to test
eranturgeman
added
the
safe to test
github-actions
bot
removed
the
safe to test
|
📗 Scan Summary
|
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
| repoFile, err := os.ReadFile(filepath.Join("..", params.RepoName, "targetBranch.gz")) | ||
| repoFile, err := os.ReadFile(filepath.Join(testDir, params.RepoName, "targetBranch.gz")) | ||
| assert.NoError(t, err) | ||
| _, err = w.Write(repoFile) |
There was a problem hiding this comment.
🎯 Static Application Security Testing (SAST) Vulnerability
| Severity | Finding |
|---|---|
 Medium |
Untrusted stored value is included in web page content |
Full description
Vulnerability Details
| Rule ID: | go-stored-xss |
Overview
Stored Cross-Site Scripting (XSS) is a type of vulnerability where malicious
scripts are injected into a web application and stored in a persistent state,
such as a database. When other users access the affected page, the stored
scripts are executed in their browsers, leading to various attacks.
Vulnerable example
func serveMessage(w http.ResponseWriter, r *http.Request) {
db, _ := sql.Open("sqlite3", "test.db")
message := db.QueryRow("SELECT message FROM messages WHERE id = 1")
fmt.Fprintf(w, "<h1>%s</h1>", message)
}In this example, the serveMessage function retrieves a message from the
database and directly embeds it into an HTML response without proper escaping.
If the message contains malicious scripts, it can lead to Stored XSS attacks
when other users view the page.
Remediation
To mitigate Stored XSS vulnerabilities, always sanitize and encode user
input before storing it in a persistent state and before displaying it
to other users:
func serveMessage(w http.ResponseWriter, r *http.Request) {
db, _ := sql.Open("sqlite3", "test.db")
message := db.QueryRow("SELECT message FROM messages WHERE id = 1")
- fmt.Fprintf(w, "<h1>%s</h1>", message)
+ fmt.Fprintf(w, "<h1>%s</h1>", html.EscapeString(message))
}In the remediation, we've used the html.EscapeString function to escape
the message before embedding it into the HTML response. This helps prevent
the execution of malicious scripts and mitigates the Stored XSS vulnerability.
Code Flows
Vulnerable data flow analysis result
os.ReadFile(filepath.Join(testDir, params.RepoName, "targetBranch.gz")) (at scanpullrequest/scanpullrequest_test.go line 1398)
repoFile (at scanpullrequest/scanpullrequest_test.go line 1398)
repoFile (at scanpullrequest/scanpullrequest_test.go line 1400)
| comments, err := os.ReadFile(filepath.Join("..", "commits.json")) | ||
| comments, err := os.ReadFile(filepath.Join(testDir, "commits.json")) | ||
| assert.NoError(t, err) | ||
| _, err = w.Write(comments) |
There was a problem hiding this comment.
🎯 Static Application Security Testing (SAST) Vulnerability
| Severity | Finding |
|---|---|
Medium |
Untrusted stored value is included in web page content |
Full description
Vulnerability Details
| Rule ID: | go-stored-xss |
Overview
Stored Cross-Site Scripting (XSS) is a type of vulnerability where malicious
scripts are injected into a web application and stored in a persistent state,
such as a database. When other users access the affected page, the stored
scripts are executed in their browsers, leading to various attacks.
Vulnerable example
func serveMessage(w http.ResponseWriter, r *http.Request) {
db, _ := sql.Open("sqlite3", "test.db")
message := db.QueryRow("SELECT message FROM messages WHERE id = 1")
fmt.Fprintf(w, "<h1>%s</h1>", message)
}In this example, the serveMessage function retrieves a message from the
database and directly embeds it into an HTML response without proper escaping.
If the message contains malicious scripts, it can lead to Stored XSS attacks
when other users view the page.
Remediation
To mitigate Stored XSS vulnerabilities, always sanitize and encode user
input before storing it in a persistent state and before displaying it
to other users:
func serveMessage(w http.ResponseWriter, r *http.Request) {
db, _ := sql.Open("sqlite3", "test.db")
message := db.QueryRow("SELECT message FROM messages WHERE id = 1")
- fmt.Fprintf(w, "<h1>%s</h1>", message)
+ fmt.Fprintf(w, "<h1>%s</h1>", html.EscapeString(message))
}In the remediation, we've used the html.EscapeString function to escape
the message before embedding it into the HTML response. This helps prevent
the execution of malicious scripts and mitigates the Stored XSS vulnerability.
Code Flows
Vulnerable data flow analysis result
os.ReadFile(filepath.Join(testDir, "commits.json")) (at scanpullrequest/scanpullrequest_test.go line 1405)
comments (at scanpullrequest/scanpullrequest_test.go line 1405)
comments (at scanpullrequest/scanpullrequest_test.go line 1407)
| discussions, err := os.ReadFile(filepath.Join("..", "list_merge_request_discussion_items.json")) | ||
| discussions, err := os.ReadFile(filepath.Join(testDir, "list_merge_request_discussion_items.json")) | ||
| assert.NoError(t, err) | ||
| _, err = w.Write(discussions) |
There was a problem hiding this comment.
🎯 Static Application Security Testing (SAST) Vulnerability
| Severity | Finding |
|---|---|
Medium |
Untrusted stored value is included in web page content |
Full description
Vulnerability Details
| Rule ID: | go-stored-xss |
Overview
Stored Cross-Site Scripting (XSS) is a type of vulnerability where malicious
scripts are injected into a web application and stored in a persistent state,
such as a database. When other users access the affected page, the stored
scripts are executed in their browsers, leading to various attacks.
Vulnerable example
func serveMessage(w http.ResponseWriter, r *http.Request) {
db, _ := sql.Open("sqlite3", "test.db")
message := db.QueryRow("SELECT message FROM messages WHERE id = 1")
fmt.Fprintf(w, "<h1>%s</h1>", message)
}In this example, the serveMessage function retrieves a message from the
database and directly embeds it into an HTML response without proper escaping.
If the message contains malicious scripts, it can lead to Stored XSS attacks
when other users view the page.
Remediation
To mitigate Stored XSS vulnerabilities, always sanitize and encode user
input before storing it in a persistent state and before displaying it
to other users:
func serveMessage(w http.ResponseWriter, r *http.Request) {
db, _ := sql.Open("sqlite3", "test.db")
message := db.QueryRow("SELECT message FROM messages WHERE id = 1")
- fmt.Fprintf(w, "<h1>%s</h1>", message)
+ fmt.Fprintf(w, "<h1>%s</h1>", html.EscapeString(message))
}In the remediation, we've used the html.EscapeString function to escape
the message before embedding it into the HTML response. This helps prevent
the execution of malicious scripts and mitigates the Stored XSS vulnerability.
Code Flows
Vulnerable data flow analysis result
os.ReadFile(filepath.Join(testDir, "list_merge_request_discussion_items.json")) (at scanpullrequest/scanpullrequest_test.go line 1439)
discussions (at scanpullrequest/scanpullrequest_test.go line 1439)
discussions (at scanpullrequest/scanpullrequest_test.go line 1441)
| repoFile, err := os.ReadFile(filepath.Join("..", params.RepoName, "sourceBranch.gz")) | ||
| repoFile, err := os.ReadFile(filepath.Join(testDir, params.RepoName, "sourceBranch.gz")) | ||
| assert.NoError(t, err) | ||
| _, err = w.Write(repoFile) |
There was a problem hiding this comment.
🎯 Static Application Security Testing (SAST) Vulnerability
| Severity | Finding |
|---|---|
Medium |
Untrusted stored value is included in web page content |
Full description
Vulnerability Details
| Rule ID: | go-stored-xss |
Overview
Stored Cross-Site Scripting (XSS) is a type of vulnerability where malicious
scripts are injected into a web application and stored in a persistent state,
such as a database. When other users access the affected page, the stored
scripts are executed in their browsers, leading to various attacks.
Vulnerable example
func serveMessage(w http.ResponseWriter, r *http.Request) {
db, _ := sql.Open("sqlite3", "test.db")
message := db.QueryRow("SELECT message FROM messages WHERE id = 1")
fmt.Fprintf(w, "<h1>%s</h1>", message)
}In this example, the serveMessage function retrieves a message from the
database and directly embeds it into an HTML response without proper escaping.
If the message contains malicious scripts, it can lead to Stored XSS attacks
when other users view the page.
Remediation
To mitigate Stored XSS vulnerabilities, always sanitize and encode user
input before storing it in a persistent state and before displaying it
to other users:
func serveMessage(w http.ResponseWriter, r *http.Request) {
db, _ := sql.Open("sqlite3", "test.db")
message := db.QueryRow("SELECT message FROM messages WHERE id = 1")
- fmt.Fprintf(w, "<h1>%s</h1>", message)
+ fmt.Fprintf(w, "<h1>%s</h1>", html.EscapeString(message))
}In the remediation, we've used the html.EscapeString function to escape
the message before embedding it into the HTML response. This helps prevent
the execution of malicious scripts and mitigates the Stored XSS vulnerability.
Code Flows
Vulnerable data flow analysis result
os.ReadFile(filepath.Join(testDir, params.RepoName, "sourceBranch.gz")) (at scanpullrequest/scanpullrequest_test.go line 1391)
repoFile (at scanpullrequest/scanpullrequest_test.go line 1391)
repoFile (at scanpullrequest/scanpullrequest_test.go line 1393)
2 participants
