Skip to content

PatchWork AutoFix #16

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

PatchWork AutoFix #16

wants to merge 7 commits into from

Conversation

@CTY-git
Copy link

@CTY-git CTY-git commented May 3, 2024
edited
Loading

This pull request from patched fixes 8 issues.

@sonarqubecloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@patched-codes
Copy link

patched-codes bot commented Mar 3, 2025

File Changed: WebContent/static/inside_about.htm

Details: The change from http to https in the URL is a security improvement, not a vulnerability. This addresses Rule 2 positively.

Affected Code Snippet:

-    <li><a href="http://www.newspapersyndications.tv">Analyst Reviews</a></li>
+    <li><a href="https://www.newspapersyndications.tv">Analyst Reviews</a></li>

Start Line: 12

End Line: 12

File Changed: WebContent/static/inside_community.htm

Details: A potential security vulnerability has been introduced by changing the URL for the PDF report link.

Affected Code Snippet:

<p>The 2006 community efforts of Altoro Mutual and our employees is quite impressive including charitable contributions, volunteerism, diversity initiatives, and other support.  <a href="https://www.adobe.com/products/acrobat/readstep2.html">View</a> the summary report (PDF, 800KB).</p>

Start Line: 12

End Line: 12

Details: The removal of the 'alt' attribute from the image tag violates accessibility standards and deviates from the original coding standards.

Affected Code Snippet:

<p><img src="images/adobe.gif" border=0><br />

Start Line: 14

End Line: 14

File Changed: WebContent/swagger/lib/marked.js

Details: The modification introduces a potential bug by using a hardcoded regex pattern instead of the original dynamic one.

Affected Code Snippet:

-            ? item.replace(new RegExp('^ {1,' + space + '}', 'gm'), '')
+            ? item.replace(/^ {1,6}/gm, '')

Start Line: 311

End Line: 311

Details: The modification deviates from the original coding standards by introducing inconsistent naming conventions and unnecessary line breaks.

Affected Code Snippet:

-function replace(regex, opt) {
-  regex = regex.source;
+function replace(hardcodedRegex, opt) {
+  const regex = hardcodedRegex.source;

Start Line: 1098

End Line: 1099

File Changed: src/com/ibm/security/appscan/altoromutual/servlet/AdminServlet.java

Details: Violation of Rule 3 detected. The code modifications deviate from the original coding standards by changing the indentation and formatting of the conditional statements.

Affected Code Snippet:

if ( (username == null || username.trim().length() == 0)
    || (password1 == null || password1.trim().length() == 0)
    || (password2 == null || password2.trim().length() == 0) )

Start Line: 62

End Line: 64

Details: Another violation of Rule 3 detected. Similar to the previous violation, the code modifications change the indentation and formatting of the conditional statements in another part of the file.

Affected Code Snippet:

if ( (username == null || username.trim().length() == 0) 
    || (password1 == null || password1.trim().length() == 0) 
    || (password2 == null || password2.trim().length() == 0) )

Start Line: 93

End Line: 95

File Changed: src/com/ibm/security/appscan/altoromutual/servlet/LoginServlet.java

Details: No violation of Rule 2 detected. In fact, the changes improve security by adding HttpOnly and Secure flags to the cookie.

Affected Code Snippet:

//Set the HttpOnly flag for the cookie
accountCookie.setHttpOnly(true);
//Set the secure flag for the cookie
accountCookie.setSecure(true);

Start Line: 95

End Line: 98

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@CTY-git