This PR was created automatically by the Qwiet.AI autofix tool.
As long as it is open, subsequent scans and generated fixes to this same branch
will be added to it as new commits.
Each commit fixes one vulnerability.
Some manual intervention might be required before merging this PR.
Fixes
AutoPatch applied to src/main/java/io/shiftleft/controller/SearchController.java for finding 98 (Remote Code Execution: Code Injection Through Attacker-controlled Data via foo in SearchController.doGetSearch) of project qwiet-autofix-prdemo2
AutoPatch applied to src/main/java/io/shiftleft/controller/CustomerController.java for finding 100 (Directory Traversal: Attacker-controlled Data Used in File Path via request in CustomerController.saveSettings) of project qwiet-autofix-prdemo2
AutoPatch applied to src/main/java/io/shiftleft/controller/AdminController.java for finding 85 (Deserialization: Attacker-controlled Data Used in Unsafe Deserialization Function via auth in AdminController.doPostLogin) of project qwiet-autofix-prdemo2
AutoPatch applied to src/main/java/io/shiftleft/controller/CustomerController.java for finding 99 (Directory Traversal: Attacker-controlled Data Used in File Path via request in CustomerController.checkCookie) of project qwiet-autofix-prdemo2
AutoPatch applied to src/main/java/io/shiftleft/controller/CustomerController.java for finding 82 (Cross-Site Scripting: Attacker-Controlled Data Used as HTML Content via tin in CustomerController.debug) of project qwiet-autofix-prdemo2
AutoPatch applied to src/main/java/io/shiftleft/controller/CustomerController.java for finding 81 (Cross-Site Scripting: Attacker-Controlled Data Used as HTML Content via ssn in CustomerController.debug) of project qwiet-autofix-prdemo2
AutoPatch applied to src/main/java/io/shiftleft/controller/CustomerController.java for finding 80 (Cross-Site Scripting: Attacker-Controlled Data Used as HTML Content via phoneNumber in CustomerController.debug) of project qwiet-autofix-prdemo2
Qwiet.AI AutoFix
This PR was created automatically by the Qwiet.AI autofix tool. As long as it is open, subsequent scans and generated fixes to this same branch will be added to it as new commits.
Each commit fixes one vulnerability.
Some manual intervention might be required before merging this PR.
Fixes
AutoPatch applied to src/main/java/io/shiftleft/controller/SearchController.java for finding 98 (Remote Code Execution: Code Injection Through Attacker-controlled Data via
fooinSearchController.doGetSearch) of project qwiet-autofix-prdemo2AutoPatch applied to src/main/java/io/shiftleft/controller/CustomerController.java for finding 100 (Directory Traversal: Attacker-controlled Data Used in File Path via
requestinCustomerController.saveSettings) of project qwiet-autofix-prdemo2AutoPatch applied to src/main/java/io/shiftleft/controller/AdminController.java for finding 85 (Deserialization: Attacker-controlled Data Used in Unsafe Deserialization Function via
authinAdminController.doPostLogin) of project qwiet-autofix-prdemo2AutoPatch applied to src/main/java/io/shiftleft/controller/CustomerController.java for finding 99 (Directory Traversal: Attacker-controlled Data Used in File Path via
requestinCustomerController.checkCookie) of project qwiet-autofix-prdemo2AutoPatch applied to src/main/java/io/shiftleft/controller/CustomerController.java for finding 82 (Cross-Site Scripting: Attacker-Controlled Data Used as HTML Content via
tininCustomerController.debug) of project qwiet-autofix-prdemo2AutoPatch applied to src/main/java/io/shiftleft/controller/CustomerController.java for finding 81 (Cross-Site Scripting: Attacker-Controlled Data Used as HTML Content via
ssninCustomerController.debug) of project qwiet-autofix-prdemo2AutoPatch applied to src/main/java/io/shiftleft/controller/CustomerController.java for finding 80 (Cross-Site Scripting: Attacker-Controlled Data Used as HTML Content via
phoneNumberinCustomerController.debug) of project qwiet-autofix-prdemo2