Skip to content

Create Java application with intentional vulnerabilities and CodeQL autobuild workflow #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mickeygousset merged 14 commits into from
Sep 29, 2025

Rename application from Test to Test2

c9d90bc
Select commit
Loading
Failed to load commit list.
Merged

Create Java application with intentional vulnerabilities and CodeQL autobuild workflow #2

Rename application from Test to Test2
c9d90bc
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / CodeQL failed Sep 29, 2025 in 3s

6 new alerts including 1 critical severity security vulnerability

New alerts in code changed by this pull request

Security Alerts:

  • 1 critical
  • 3 high
  • 1 medium

Other Alerts:

  • 1 warning

See annotations below for details.

View all branch alerts.

Annotations

Check failure on line 32 in src/main/java/com/example/database/UserDatabase.java

See this annotation in the file changed.

Code scanning / CodeQL

Query built by concatenation with a possibly-untrusted string High

Query built by concatenation with
this expression
Loading
, which may be untrusted.
Query built by concatenation with
this expression
Loading
, which may be untrusted.

Check failure on line 61 in src/main/java/com/example/database/UserDatabase.java

See this annotation in the file changed.

Code scanning / CodeQL

Query built by concatenation with a possibly-untrusted string High

Query built by concatenation with
this expression
Loading
, which may be untrusted.
Query built by concatenation with
this expression
Loading
, which may be untrusted.

Check failure on line 50 in src/main/java/com/example/security/CryptoUtils.java

See this annotation in the file changed.

Code scanning / CodeQL

Use of a potentially broken or risky cryptographic algorithm High

Cryptographic algorithm
MD5
Loading
may not be secure. Consider using a different algorithm.

Check failure on line 81 in src/main/java/com/example/web/FileController.java

See this annotation in the file changed.

Code scanning / CodeQL

Building a command line with string concatenation Critical

Command line is built with string concatenation.

Check warning on line 81 in src/main/java/com/example/web/FileController.java

See this annotation in the file changed.

Code scanning / CodeQL

Executing a command with a relative path Medium

Command with a relative path 'sh' is executed.

Check warning on line 110 in src/main/java/com/example/web/FileController.java

See this annotation in the file changed.

Code scanning / CodeQL

Potential input resource leak Warning

This InputStreamReader is not always closed on method exit.