Skip to content

Add OpenTaint + ZAP action and more controllers#4

Closed
seqradev wants to merge 1 commit intodemo/endpointsfrom
demo/zap
Closed

Add OpenTaint + ZAP action and more controllers#4
seqradev wants to merge 1 commit intodemo/endpointsfrom
demo/zap

Conversation

@seqradev
Copy link
Member

@seqradev seqradev commented Mar 25, 2026

No description provided.

github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 25, 2026
View reviewed changes
@github-advanced-security
Copy link

github-advanced-security bot commented Mar 25, 2026

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 25, 2026
View reviewed changes
src/main/java/org/seqra/demo/controller/TemplateController.java
Comment on lines +119 to +123
return ResponseEntity.ok(Map.of(
"template", template,
"preview", preview != null ? preview.toString() : "",
"sampleData", sampleData
));

Check failure

Code scanning / OpenTaint

Potential cross-site scripting (XSS) Error

Potential XSS: writing user input directly to a web page.
src/main/java/org/seqra/demo/controller/TemplateController.java
sampleData.forEach(context::setVariable);

Expression exp = parser.parseExpression(template);
Object preview = exp.getValue(context);

Check failure

Code scanning / OpenTaint

Potential expression language injection Error

Potential code injection: calling Spring Expression Language method directly with user-supplied input may allow an adversary to read or modify sensitive data, bypass security checks, or, in severe cases, execute arbitrary code within the application's context.
src/main/java/org/seqra/demo/controller/TemplateController.java
Comment on lines +88 to +92
return ResponseEntity.ok(Map.of(
"expression", expr,
"result", result != null ? result : 0,
"success", true
));

Check failure

Code scanning / OpenTaint

Potential cross-site scripting (XSS) Error

Potential XSS: writing user input directly to a web page.
src/main/java/org/seqra/demo/controller/TemplateController.java

try {
Expression expression = parser.parseExpression(expr);
Object result = expression.getValue();

Check failure

Code scanning / OpenTaint

Potential expression language injection Error

Potential code injection: calling Spring Expression Language method directly with user-supplied input may allow an adversary to read or modify sensitive data, bypass security checks, or, in severe cases, execute arbitrary code within the application's context.
src/main/java/org/seqra/demo/controller/TemplateController.java
Comment on lines +66 to +70
return ResponseEntity.ok(Map.of(
"template", template,
"rendered", rendered != null ? rendered.toString() : "",
"userName", userName
));

Check failure

Code scanning / OpenTaint

Potential cross-site scripting (XSS) Error

Potential XSS: writing user input directly to a web page.
src/main/java/org/seqra/demo/controller/RedirectController.java
response.setHeader("X-Campaign", campaign);
}

response.sendRedirect(destination);

Check warning

Code scanning / OpenTaint + ZAP

Application redirects to user-manipulated URL which can be malicious Warning

Application redirects to a destination URL specified by a user-supplied parameter that is not validated. This could direct users to malicious locations. Consider using an allowlist to validate URLs.
src/main/java/org/seqra/demo/controller/RedirectController.java
}

if (campaign != null) {
response.setHeader("X-Campaign", campaign);

Check warning

Code scanning / OpenTaint

HTTP response splitting Warning

Older Java application servers are vulnerable to HTTP response splitting, which may occur if an HTTP request can be injected with CRLF characters.
src/main/java/org/seqra/demo/controller/RedirectController.java
HttpServletResponse response) throws IOException {

if (trackingId != null) {
response.setHeader("X-Tracking-ID", trackingId);

Check warning

Code scanning / OpenTaint

HTTP response splitting Warning

Older Java application servers are vulnerable to HTTP response splitting, which may occur if an HTTP request can be injected with CRLF characters.
src/main/java/org/seqra/demo/controller/RedirectController.java
response.setHeader("X-Custom-Header", headerValue);
}

response.setHeader("Location", url);

Check warning

Code scanning / OpenTaint

HTTP response splitting Warning

Older Java application servers are vulnerable to HTTP response splitting, which may occur if an HTTP request can be injected with CRLF characters.
src/main/java/org/seqra/demo/controller/RedirectController.java
HttpServletResponse response) throws IOException {

if (headerValue != null && !headerValue.isEmpty()) {
response.setHeader("X-Custom-Header", headerValue);

Check warning

Code scanning / OpenTaint

HTTP response splitting Warning

Older Java application servers are vulnerable to HTTP response splitting, which may occur if an HTTP request can be injected with CRLF characters.
@misonijnik misonijnik closed this Mar 26, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@seqradev @misonijnik