Skip to content

feat: Add IWA-Java #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
rsenden wants to merge 1 commit into
base: main
Choose a base branch
from

feat: Add IWA-Java

7342163
Select commit
Loading
Failed to load commit list.
Open

feat: Add IWA-Java #2

feat: Add IWA-Java
7342163
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / Fortify SCA failed Feb 26, 2026 in 7s

136 new alerts including 43 critical severity security vulnerabilities

New alerts in code changed by this pull request

Security Alerts:

  • 43 critical
  • 18 high
  • 16 medium
  • 59 low

Alerts not introduced by this pull request might have been detected because the code changes were too large.

See annotations below for details.

View all branch alerts.

Annotations

Check failure on line 572 in src/main/java/com/microfocus/example/web/controllers/UserController.java

See this annotation in the file changed.

Code scanning / Fortify SCA

XML External Entity Injection Critical

XML parser configured in UserController.java:572 does not prevent nor limit external entities resolution. This can expose the parser to an XML External Entities attack. More information

Check failure on line 271 in src/main/java/com/microfocus/example/service/ProductService.java

See this annotation in the file changed.

Code scanning / Fortify SCA

Access Control: Database High

Without proper access control, the method saveReviewFromApi() in ProductService.java can execute a SQL statement on line 271 that contains an attacker-controlled primary key, thereby allowing the attacker to access unauthorized records. More information

Check failure on line 271 in src/main/java/com/microfocus/example/service/ProductService.java

See this annotation in the file changed.

Code scanning / Fortify SCA

Access Control: Database High

Without proper access control, the method saveReviewFromApi() in ProductService.java can execute a SQL statement on line 271 that contains an attacker-controlled primary key, thereby allowing the attacker to access unauthorized records. More information

Check failure on line 159 in src/main/java/com/microfocus/example/service/FileSystemStorageService.java

See this annotation in the file changed.

Code scanning / Fortify SCA

Path Manipulation Critical

Attackers can control the file system path argument to get() at FileSystemStorageService.java line 159, which allows them to access or modify otherwise protected files. More information

Check failure on line 159 in src/main/java/com/microfocus/example/service/FileSystemStorageService.java

See this annotation in the file changed.

Code scanning / Fortify SCA

Path Manipulation Critical

Attackers can control the file system path argument to get() at FileSystemStorageService.java line 159, which allows them to access or modify otherwise protected files. More information

Check failure on line 159 in src/main/java/com/microfocus/example/service/FileSystemStorageService.java

See this annotation in the file changed.

Code scanning / Fortify SCA

Path Manipulation Critical

Attackers can control the file system path argument to get() at FileSystemStorageService.java line 159, which allows them to access or modify otherwise protected files. More information

Check failure on line 143 in src/main/java/com/microfocus/example/service/FileSystemStorageService.java

See this annotation in the file changed.

Code scanning / Fortify SCA

Path Manipulation Critical

Attackers can control the file system path argument to resolve() at FileSystemStorageService.java line 143, which allows them to access or modify otherwise protected files. More information

Check failure on line 143 in src/main/java/com/microfocus/example/service/FileSystemStorageService.java

See this annotation in the file changed.

Code scanning / Fortify SCA

Path Manipulation Critical

Attackers can control the file system path argument to resolve() at FileSystemStorageService.java line 143, which allows them to access or modify otherwise protected files. More information

Check failure on line 143 in src/main/java/com/microfocus/example/service/FileSystemStorageService.java

See this annotation in the file changed.

Code scanning / Fortify SCA

Path Manipulation Critical

Attackers can control the file system path argument to resolve() at FileSystemStorageService.java line 143, which allows them to access or modify otherwise protected files. More information

Check failure on line 143 in src/main/java/com/microfocus/example/service/FileSystemStorageService.java

See this annotation in the file changed.

Code scanning / Fortify SCA

Path Manipulation Critical

Attackers can control the file system path argument to resolve() at FileSystemStorageService.java line 143, which allows them to access or modify otherwise protected files. More information

Check failure on line 78 in src/main/java/com/microfocus/example/service/FileSystemStorageService.java

See this annotation in the file changed.

Code scanning / Fortify SCA

Path Manipulation Critical

Attackers can control the file system path argument to get() at FileSystemStorageService.java line 78, which allows them to access or modify otherwise protected files. More information

Check failure on line 54 in src/main/java/com/microfocus/example/service/FileSystemStorageService.java

See this annotation in the file changed.

Code scanning / Fortify SCA

Path Manipulation Critical

Attackers can control the file system path argument to get() at FileSystemStorageService.java line 54, which allows them to access or modify otherwise protected files. More information

Check failure on line 54 in src/main/java/com/microfocus/example/service/FileSystemStorageService.java

See this annotation in the file changed.

Code scanning / Fortify SCA

Path Manipulation Critical

Attackers can control the file system path argument to get() at FileSystemStorageService.java line 54, which allows them to access or modify otherwise protected files. More information

Check failure on line 135 in src/main/java/com/microfocus/example/repository/ProductRepository.java

See this annotation in the file changed.

Code scanning / Fortify SCA

SQL Injection Critical

On line 135 of ProductRepository.java, the method findAvailableByKeywordsFromProductName() invokes a SQL query built with input that comes from an untrusted source. This call could allow an attacker to modify the statement's meaning or to execute arbitrary SQL commands. More information

Check failure on line 135 in src/main/java/com/microfocus/example/repository/ProductRepository.java

See this annotation in the file changed.

Code scanning / Fortify SCA

SQL Injection Critical

On line 135 of ProductRepository.java, the method findAvailableByKeywordsFromProductName() invokes a SQL query built with input that comes from an untrusted source. This call could allow an attacker to modify the statement's meaning or to execute arbitrary SQL commands. More information

Check failure on line 117 in src/main/java/com/microfocus/example/repository/ProductRepository.java

See this annotation in the file changed.

Code scanning / Fortify SCA

SQL Injection Critical

On line 117 of ProductRepository.java, the method findByKeywordsFromProductName() invokes a SQL query built with input that comes from an untrusted source. This call could allow an attacker to modify the statement's meaning or to execute arbitrary SQL commands. More information

Check failure on line 117 in src/main/java/com/microfocus/example/repository/ProductRepository.java

See this annotation in the file changed.

Code scanning / Fortify SCA

SQL Injection Critical

On line 117 of ProductRepository.java, the method findByKeywordsFromProductName() invokes a SQL query built with input that comes from an untrusted source. This call could allow an attacker to modify the statement's meaning or to execute arbitrary SQL commands. More information

Check failure on line 146 in src/main/java/com/microfocus/example/config/handlers/CustomAuthenticationSuccessHandler.java

See this annotation in the file changed.

Code scanning / Fortify SCA

Open Redirect Critical

The file CustomAuthenticationSuccessHandler.java passes unvalidated data to an HTTP redirect function on line 146. Allowing unvalidated input to control the URL used in a redirect can aid phishing attacks. More information

Check failure on line 567 in src/main/java/com/microfocus/example/web/controllers/UserController.java

See this annotation in the file changed.

Code scanning / Fortify SCA

XML External Entity Injection High

XML parser configured in UserController.java:567 does not prevent nor limit external entities resolution. This can expose the parser to an XML External Entities attack. More information

Check failure on line 547 in src/main/java/com/microfocus/example/web/controllers/UserController.java

See this annotation in the file changed.

Code scanning / Fortify SCA

Cross-Site Scripting: Reflected Critical

The method serveXMLFile() in UserController.java sends unvalidated data to a web browser on line 547, which can result in the browser executing malicious code. More information

Check failure on line 475 in src/main/java/com/microfocus/example/web/controllers/UserController.java

See this annotation in the file changed.

Code scanning / Fortify SCA

Cross-Site Scripting: Reflected Critical

The method serveFile() in UserController.java sends unvalidated data to a web browser on line 475, which can result in the browser executing malicious code. More information

Check failure on line 155 in src/main/java/com/microfocus/example/web/controllers/ProductController.java

See this annotation in the file changed.

Code scanning / Fortify SCA

Path Manipulation Critical

Attackers can control the file system path argument to get() at ProductController.java line 155, which allows them to access or modify otherwise protected files. More information

Check failure on line 93 in src/main/java/com/microfocus/example/web/controllers/ProductController.java

See this annotation in the file changed.

Code scanning / Fortify SCA

Cross-Site Scripting: Reflected Critical

The method getKeywordsContent() in ProductController.java sends unvalidated data to a web browser on line 93, which can result in the browser executing malicious code. More information

Check failure on line 101 in src/main/java/com/microfocus/example/web/controllers/DefaultController.java

See this annotation in the file changed.

Code scanning / Fortify SCA

Open Redirect Critical

The file DefaultController.java passes unvalidated data to an HTTP redirect function on line 101. Allowing unvalidated input to control the URL used in a redirect can aid phishing attacks. More information

Check failure on line 115 in src/main/java/com/microfocus/example/utils/UserUtils.java

See this annotation in the file changed.

Code scanning / Fortify SCA

JSON Injection Critical

On line 115 of UserUtils.java, the method registerUser() writes unvalidated input into JSON. This call might allow an attacker to inject arbitrary elements or attributes into the JSON entity. More information