From 7c6d6a0b736452264c169f2ce1400d657b102205 Mon Sep 17 00:00:00 2001 From: Andy Johnson <123596925+heyandyj@users.noreply.github.com> Date: Fri, 24 Jan 2025 12:19:57 -0800 Subject: [PATCH 1/2] Fixing src/main/java/io/shiftleft/controller/SearchController.java for finding 13 --- .../controller/SearchController.java | 24 +++++++++++++------ 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/src/main/java/io/shiftleft/controller/SearchController.java b/src/main/java/io/shiftleft/controller/SearchController.java index faa409760..d056228ea 100644 --- a/src/main/java/io/shiftleft/controller/SearchController.java +++ b/src/main/java/io/shiftleft/controller/SearchController.java @@ -17,16 +17,26 @@ @Controller public class SearchController { - @RequestMapping(value = "/search/user", method = RequestMethod.GET) - public String doGetSearch(@RequestParam String foo, HttpServletResponse response, HttpServletRequest request) { - java.lang.Object message = new Object(); +@RequestMapping(value = "/search/user", method = RequestMethod.GET) +public String doGetSearch(@RequestParam String foo, HttpServletResponse response, HttpServletRequest request) { + String message = ""; try { - ExpressionParser parser = new SpelExpressionParser(); - Expression exp = parser.parseExpression(foo); - message = (Object) exp.getValue(); + // Use method parameters or context properties instead of directly evaluating user input + message = getSafeMessage(foo); } catch (Exception ex) { - System.out.println(ex.getMessage()); + // Log the exception message instead of printing it to the console + logger.error(ex.getMessage()); } + return message; +} + +private String getSafeMessage(String safeInput) { + // Implement logic to return a safe message based on the safeInput + // This could involve checking the input against a whitelist of allowed values + // and returning a default message if the input is not valid + return safeInput; // Placeholder implementation +} + return message.toString(); } } From e69b5529a3f1bba6e1449dd5d1afd41c42e410ce Mon Sep 17 00:00:00 2001 From: Andy Johnson <123596925+heyandyj@users.noreply.github.com> Date: Fri, 24 Jan 2025 15:18:38 -0800 Subject: [PATCH 2/2] Fixing src/main/java/io/shiftleft/controller/AdminController.java for finding 18 --- .../shiftleft/controller/AdminController.java | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/src/main/java/io/shiftleft/controller/AdminController.java b/src/main/java/io/shiftleft/controller/AdminController.java index 296c26573..3b0c295d7 100644 --- a/src/main/java/io/shiftleft/controller/AdminController.java +++ b/src/main/java/io/shiftleft/controller/AdminController.java @@ -28,17 +28,20 @@ public class AdminController { private String fail = "redirect:/"; // helper - private boolean isAdmin(String auth) - { +private boolean isAdmin(String auth) { try { - ByteArrayInputStream bis = new ByteArrayInputStream(Base64.getDecoder().decode(auth)); - ObjectInputStream objectInputStream = new ObjectInputStream(bis); - Object authToken = objectInputStream.readObject(); - return ((AuthToken) authToken).isAdmin(); + ObjectMapper mapper = new ObjectMapper(); // Create ObjectMapper instance + byte[] bytes = Base64.getDecoder().decode(auth); + AuthToken authToken = mapper.readValue(bytes, AuthToken.class); // Use ObjectMapper to deserialize + + return authToken.isAdmin(); } catch (Exception ex) { - System.out.println(" cookie cannot be deserialized: "+ex.getMessage()); - return false; + String sanitizedMessage = Strings.abbreviateMiddle(ex.getMessage(), "...", 50); // Sanitize log message + System.out.println("Cookie cannot be deserialized: " + sanitizedMessage); + return false; } +} + } //