This PR was created automatically by the Qwiet.AI autofix tool.
As long as it is open, subsequent scans and generated fixes to this same branch
will be added to it as new commits.
Each commit fixes one vulnerability.
Some manual intervention might be required before merging this PR.
Fixes
AutoPatch applied to src/main/java/io/shiftleft/controller/SearchController.java for finding 98 (Remote Code Execution: Code Injection Through Attacker-controlled Data via foo in SearchController.doGetSearch) of project Project1
AutoPatch applied to src/main/java/io/shiftleft/controller/CustomerController.java for finding 80 (Cross-Site Scripting: Attacker-Controlled Data Used as HTML Content via phoneNumber in CustomerController.debug) of project Project1
AutoPatch applied to src/main/java/io/shiftleft/controller/CustomerController.java for finding 82 (Cross-Site Scripting: Attacker-Controlled Data Used as HTML Content via tin in CustomerController.debug) of project Project1
AutoPatch applied to src/main/java/io/shiftleft/controller/CustomerController.java for finding 84 (Cross-Site Scripting: Attacker-Controlled Data Used as HTML Content via socialSecurityNum in CustomerController.debug) of project Project1
AutoPatch applied to src/main/java/io/shiftleft/controller/AdminController.java for finding 85 (Deserialization: Attacker-controlled Data Used in Unsafe Deserialization Function via auth in AdminController.doPostLogin) of project Project1
AutoPatch applied to src/main/java/io/shiftleft/controller/CustomerController.java for finding 81 (Cross-Site Scripting: Attacker-Controlled Data Used as HTML Content via ssn in CustomerController.debug) of project Project1
AutoPatch applied to src/main/java/io/shiftleft/controller/CustomerController.java for finding 83 (Cross-Site Scripting: Attacker-Controlled Data Used as HTML Content via lastName in CustomerController.debug) of project Project1
AutoPatch applied to src/main/java/io/shiftleft/controller/CustomerController.java for finding 99 (Directory Traversal: Attacker-controlled Data Used in File Path via request in CustomerController.checkCookie) of project Project1
AutoPatch applied to src/main/java/io/shiftleft/controller/AdminController.java for finding 85 (Deserialization: Attacker-controlled Data Used in Unsafe Deserialization Function via auth in AdminController.doPostLogin) of project DLP.Mgmt.OnPrem-Multi
AutoPatch applied to src/main/java/io/shiftleft/controller/CustomerController.java for finding 83 (Cross-Site Scripting: Attacker-Controlled Data Used as HTML Content via lastName in CustomerController.debug) of project DLP.Mgmt.OnPrem-Multi
AutoPatch applied to src/main/java/io/shiftleft/controller/CustomerController.java for finding 99 (Directory Traversal: Attacker-controlled Data Used in File Path via request in CustomerController.checkCookie) of project DLP.Mgmt.OnPrem-Multi
Qwiet.AI AutoFix
This PR was created automatically by the Qwiet.AI autofix tool. As long as it is open, subsequent scans and generated fixes to this same branch will be added to it as new commits.
Each commit fixes one vulnerability.
Some manual intervention might be required before merging this PR.
Fixes
AutoPatch applied to src/main/java/io/shiftleft/controller/SearchController.java for finding 98 (Remote Code Execution: Code Injection Through Attacker-controlled Data via
fooinSearchController.doGetSearch) of project Project1AutoPatch applied to src/main/java/io/shiftleft/controller/CustomerController.java for finding 80 (Cross-Site Scripting: Attacker-Controlled Data Used as HTML Content via
phoneNumberinCustomerController.debug) of project Project1AutoPatch applied to src/main/java/io/shiftleft/controller/CustomerController.java for finding 82 (Cross-Site Scripting: Attacker-Controlled Data Used as HTML Content via
tininCustomerController.debug) of project Project1AutoPatch applied to src/main/java/io/shiftleft/controller/CustomerController.java for finding 84 (Cross-Site Scripting: Attacker-Controlled Data Used as HTML Content via
socialSecurityNuminCustomerController.debug) of project Project1AutoPatch applied to src/main/java/io/shiftleft/controller/AdminController.java for finding 85 (Deserialization: Attacker-controlled Data Used in Unsafe Deserialization Function via
authinAdminController.doPostLogin) of project Project1AutoPatch applied to src/main/java/io/shiftleft/controller/CustomerController.java for finding 81 (Cross-Site Scripting: Attacker-Controlled Data Used as HTML Content via
ssninCustomerController.debug) of project Project1AutoPatch applied to src/main/java/io/shiftleft/controller/CustomerController.java for finding 83 (Cross-Site Scripting: Attacker-Controlled Data Used as HTML Content via
lastNameinCustomerController.debug) of project Project1AutoPatch applied to src/main/java/io/shiftleft/controller/CustomerController.java for finding 99 (Directory Traversal: Attacker-controlled Data Used in File Path via
requestinCustomerController.checkCookie) of project Project1AutoPatch applied to src/main/java/io/shiftleft/controller/AdminController.java for finding 85 (Deserialization: Attacker-controlled Data Used in Unsafe Deserialization Function via
authinAdminController.doPostLogin) of project DLP.Mgmt.OnPrem-MultiAutoPatch applied to src/main/java/io/shiftleft/controller/CustomerController.java for finding 83 (Cross-Site Scripting: Attacker-Controlled Data Used as HTML Content via
lastNameinCustomerController.debug) of project DLP.Mgmt.OnPrem-MultiAutoPatch applied to src/main/java/io/shiftleft/controller/CustomerController.java for finding 99 (Directory Traversal: Attacker-controlled Data Used in File Path via
requestinCustomerController.checkCookie) of project DLP.Mgmt.OnPrem-Multi