This PR was created automatically by the Qwiet.AI autofix tool.
As long as it is open, subsequent scans and generated fixes to this same branch
will be added to it as new commits.
Each commit fixes one vulnerability.
Some manual intervention might be required before merging this PR.
Fixes
AutoPatch applied to src/main/java/io/shiftleft/controller/CustomerController.java for finding 86 (Cross-Site Scripting: Attacker-Controlled Data Used as HTML Content via lastName in CustomerController.debug) of project qwiet-autofix-pr-demo
AutoPatch applied to src/main/java/io/shiftleft/controller/AdminController.java for finding 88 (Deserialization: Attacker-controlled Data Used in Unsafe Deserialization Function via auth in AdminController.doPostLogin) of project qwiet-autofix-pr-demo
AutoPatch applied to src/main/java/io/shiftleft/controller/CustomerController.java for finding 87 (Cross-Site Scripting: Attacker-Controlled Data Used as HTML Content via socialSecurityNum in CustomerController.debug) of project qwiet-autofix-pr-demo
AutoPatch applied to src/main/java/io/shiftleft/controller/CustomerController.java for finding 85 (Cross-Site Scripting: Attacker-Controlled Data Used as HTML Content via tin in CustomerController.debug) of project qwiet-autofix-pr-demo
AutoPatch applied to src/main/java/io/shiftleft/controller/CustomerController.java for finding 83 (Cross-Site Scripting: Attacker-Controlled Data Used as HTML Content via phoneNumber in CustomerController.debug) of project qwiet-autofix-pr-demo
AutoPatch applied to src/main/java/io/shiftleft/controller/CustomerController.java for finding 84 (Cross-Site Scripting: Attacker-Controlled Data Used as HTML Content via ssn in CustomerController.debug) of project qwiet-autofix-pr-demo
AutoPatch applied to src/main/java/io/shiftleft/controller/CustomerController.java for finding 82 (Cross-Site Scripting: Attacker-Controlled Data Used as HTML Content via firstName in CustomerController.debug) of project qwiet-autofix-pr-demo
AutoPatch applied to src/main/java/io/shiftleft/controller/CustomerController.java for finding 81 (Cross-Site Scripting: Attacker-Controlled Data Used as HTML Content via customerId in CustomerController.debug) of project qwiet-autofix-pr-demo
AutoPatch applied to src/main/java/io/shiftleft/controller/SearchController.java for finding 80 (Cross-Site Scripting: Attacker-Controlled Data Used as HTML Content via foo in SearchController.doGetSearch) of project qwiet-autofix-pr-demo
AutoPatch applied to src/main/java/io/shiftleft/controller/CustomerController.java for finding 65 (Cross-Site Scripting: Attacker-controlled, Sensitive Data Stored in Database via socialSecurityNum in CustomerController.debug) of project qwiet-autofix-pr-demo
AutoPatch applied to src/main/java/io/shiftleft/controller/CustomerController.java for finding 102 (Directory Traversal: Attacker-controlled Data Used in File Path via request in CustomerController.checkCookie) of project qwiet-autofix-pr-demo
Qwiet.AI AutoFix
This PR was created automatically by the Qwiet.AI autofix tool. As long as it is open, subsequent scans and generated fixes to this same branch will be added to it as new commits.
Each commit fixes one vulnerability.
Some manual intervention might be required before merging this PR.
Fixes
AutoPatch applied to src/main/java/io/shiftleft/controller/CustomerController.java for finding 86 (Cross-Site Scripting: Attacker-Controlled Data Used as HTML Content via
lastNameinCustomerController.debug) of project qwiet-autofix-pr-demoAutoPatch applied to src/main/java/io/shiftleft/controller/AdminController.java for finding 88 (Deserialization: Attacker-controlled Data Used in Unsafe Deserialization Function via
authinAdminController.doPostLogin) of project qwiet-autofix-pr-demoAutoPatch applied to src/main/java/io/shiftleft/controller/CustomerController.java for finding 87 (Cross-Site Scripting: Attacker-Controlled Data Used as HTML Content via
socialSecurityNuminCustomerController.debug) of project qwiet-autofix-pr-demoAutoPatch applied to src/main/java/io/shiftleft/controller/CustomerController.java for finding 85 (Cross-Site Scripting: Attacker-Controlled Data Used as HTML Content via
tininCustomerController.debug) of project qwiet-autofix-pr-demoAutoPatch applied to src/main/java/io/shiftleft/controller/CustomerController.java for finding 83 (Cross-Site Scripting: Attacker-Controlled Data Used as HTML Content via
phoneNumberinCustomerController.debug) of project qwiet-autofix-pr-demoAutoPatch applied to src/main/java/io/shiftleft/controller/CustomerController.java for finding 84 (Cross-Site Scripting: Attacker-Controlled Data Used as HTML Content via
ssninCustomerController.debug) of project qwiet-autofix-pr-demoAutoPatch applied to src/main/java/io/shiftleft/controller/CustomerController.java for finding 82 (Cross-Site Scripting: Attacker-Controlled Data Used as HTML Content via
firstNameinCustomerController.debug) of project qwiet-autofix-pr-demoAutoPatch applied to src/main/java/io/shiftleft/controller/CustomerController.java for finding 81 (Cross-Site Scripting: Attacker-Controlled Data Used as HTML Content via
customerIdinCustomerController.debug) of project qwiet-autofix-pr-demoAutoPatch applied to src/main/java/io/shiftleft/controller/SearchController.java for finding 80 (Cross-Site Scripting: Attacker-Controlled Data Used as HTML Content via
fooinSearchController.doGetSearch) of project qwiet-autofix-pr-demoAutoPatch applied to src/main/java/io/shiftleft/controller/CustomerController.java for finding 65 (Cross-Site Scripting: Attacker-controlled, Sensitive Data Stored in Database via
socialSecurityNuminCustomerController.debug) of project qwiet-autofix-pr-demoAutoPatch applied to src/main/java/io/shiftleft/controller/CustomerController.java for finding 102 (Directory Traversal: Attacker-controlled Data Used in File Path via
requestinCustomerController.checkCookie) of project qwiet-autofix-pr-demo