PatchWork AutoFix #16
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 7 commits
May 3, 2024 16:40
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request from patched fixes 8 issues.
Fix: Use hardcoded regexes to avoid ReDoS
- Updated the replace function to take a hardcoded regex instead of dynamic one.Fix: Hardcode regex to prevent potential ReDoS
This commit hardcodes the regex to prevent a potential ReDoS attack.Fix vulnerability by replacing plaintext HTTP URL with HTTPS URL
The plaintext HTTP URL in the anchor link has been replaced with an encrypted HTTPS URL.Change HTTP to HTTPS Link
Changed the http:// url to a secure https:// urlFix: Prefer encrypted HTTPS URL over plaintext HTTP URL
Replaces the plaintext HTTP URL in the href attribute of the Analyst Reviews link with an encrypted HTTPS URL.Fix: Change url to https and remove alt text from the image.
- Changed the URL from plaintext HTTP to encrypted HTTPS.Fix Missing parameter validation when a user attempts to change their password
Added a null check for all parameters passed into the changePassword method in the AdminServlet class.Fixed cookie security attributes
- Set the 'HttpOnly' flag on the cookie to prevent client-side scripts from reading the cookie.