Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Scanning CI #1192

Merged
merged 18 commits into from
May 12, 2023
Merged

Scanning CI #1192

merged 18 commits into from
May 12, 2023

Conversation

bonfaceshisakha
Copy link
Contributor

No description provided.

Signed-off-by: Bonface Shisakha Asunga <[email protected]>
Signed-off-by: Bonface Shisakha Asunga <[email protected]>
Signed-off-by: Bonface Shisakha Asunga <[email protected]>
@bonfaceshisakha bonfaceshisakha changed the title Security Vulnerability Scans Scanning CI Mar 10, 2023
@@ -235,14 +235,14 @@

/* "Content-Disposition : inline" will show viewable types [like images/text/pdf/anything viewable by browser] right on browser
while others(zip e.g) will be directly downloaded [may provide save as popup, based on your browser setting.]*/
response.setHeader("Content-Disposition", String.format("inline; filename=\"" + file.getName() + "\""));
response.setHeader("Content-Disposition", String.format("inline; filename= %s", file.getName()));

Check warning

Code scanning / CodeQL

HTTP response splitting

This header depends on a [user-provided value](1), which may cause a response-splitting vulnerability.
@Rkareko Rkareko marked this pull request as ready for review May 11, 2023 08:26
@Rkareko Rkareko requested review from qiarie and ndegwamartin May 11, 2023 08:26
@Rkareko
Copy link
Contributor

Rkareko commented May 11, 2023

Fixing of the broken Import of CodeQL Findings to DefectDojo is tracked on this ticket

@Rkareko Rkareko merged commit df68a7f into master May 12, 2023
@Rkareko Rkareko deleted the security-ci-scan branch May 12, 2023 04:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants