-
Notifications
You must be signed in to change notification settings - Fork 160
Add project key to jas config api call #1157
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: dev-deprecated-please-target-master-directly
Are you sure you want to change the base?
Add project key to jas config api call #1157
Conversation
📗 Scan Summary
|
at 🎯 Static Application Security Testing (SAST) VulnerabilityFull descriptionVulnerability Details
OverviewUsing insecure protocols—such as HTTP, FTP, or LDAP—can expose sensitive Vulnerable exampleIn this example, the application uses insecure protocols to communicate, package main
import (
"fmt"
)
type SwampService struct {
InsecureHttpProtocol string
InsecureFtpProtocol string
}
func NewSwampService() *SwampService {
return &SwampService{
InsecureHttpProtocol: "http://", // Insecure protocol
InsecureFtpProtocol: "ftp://", // Insecure protocol
}
}
func (s *SwampService) ConnectToFrogService(server string) {
url := s.InsecureHttpProtocol + server + "/frogEndpoint"
s.connect(url)
url = s.InsecureFtpProtocol + server + "/frogFile"
s.connect(url)
}
func (s *SwampService) connect(url string) {
fmt.Printf("Connecting to %s\n", url)
// Logic to connect to the service
}
func main() {
service := NewSwampService()
service.ConnectToFrogService("example.com")
} In this vulnerable example, the RemediationTo mitigate the use of insecure protocols, replace them with secure alternatives package main
import (
"fmt"
)
type SwampService struct {
InsecureHttpProtocol string
InsecureFtpProtocol string
}
func NewSwampService() *SwampService {
return &SwampService{
InsecureHttpProtocol: "http://", // Insecure protocol
InsecureFtpProtocol: "ftp://", // Insecure protocol
}
}
func (s *SwampService) ConnectToFrogService(server string) {
url := s.InsecureHttpProtocol + server + "/frogEndpoint"
s.connect(url)
url = s.InsecureFtpProtocol + server + "/frogFile"
s.connect(url)
}
func (s *SwampService) connect(url string) {
fmt.Printf("Connecting to %s\n", url)
// Logic to connect to the service
}
func main() {
service := NewSwampService()
service.ConnectToFrogService("example.com")
} In this remediated example, the |
at 🎯 Static Application Security Testing (SAST) VulnerabilityFull descriptionVulnerability Details
OverviewUsing insecure protocols—such as HTTP, FTP, or LDAP—can expose sensitive Vulnerable exampleIn this example, the application uses insecure protocols to communicate, package main
import (
"fmt"
)
type SwampService struct {
InsecureHttpProtocol string
InsecureFtpProtocol string
}
func NewSwampService() *SwampService {
return &SwampService{
InsecureHttpProtocol: "http://", // Insecure protocol
InsecureFtpProtocol: "ftp://", // Insecure protocol
}
}
func (s *SwampService) ConnectToFrogService(server string) {
url := s.InsecureHttpProtocol + server + "/frogEndpoint"
s.connect(url)
url = s.InsecureFtpProtocol + server + "/frogFile"
s.connect(url)
}
func (s *SwampService) connect(url string) {
fmt.Printf("Connecting to %s\n", url)
// Logic to connect to the service
}
func main() {
service := NewSwampService()
service.ConnectToFrogService("example.com")
} In this vulnerable example, the RemediationTo mitigate the use of insecure protocols, replace them with secure alternatives package main
import (
"fmt"
)
type SwampService struct {
InsecureHttpProtocol string
InsecureFtpProtocol string
}
func NewSwampService() *SwampService {
return &SwampService{
InsecureHttpProtocol: "http://", // Insecure protocol
InsecureFtpProtocol: "ftp://", // Insecure protocol
}
}
func (s *SwampService) ConnectToFrogService(server string) {
url := s.InsecureHttpProtocol + server + "/frogEndpoint"
s.connect(url)
url = s.InsecureFtpProtocol + server + "/frogFile"
s.connect(url)
}
func (s *SwampService) connect(url string) {
fmt.Printf("Connecting to %s\n", url)
// Logic to connect to the service
}
func main() {
service := NewSwampService()
service.ConnectToFrogService("example.com")
} In this remediated example, the |
at 🎯 Static Application Security Testing (SAST) VulnerabilityFull descriptionVulnerability Details
OverviewUsing insecure protocols—such as HTTP, FTP, or LDAP—can expose sensitive Vulnerable exampleIn this example, the application uses insecure protocols to communicate, package main
import (
"fmt"
)
type SwampService struct {
InsecureHttpProtocol string
InsecureFtpProtocol string
}
func NewSwampService() *SwampService {
return &SwampService{
InsecureHttpProtocol: "http://", // Insecure protocol
InsecureFtpProtocol: "ftp://", // Insecure protocol
}
}
func (s *SwampService) ConnectToFrogService(server string) {
url := s.InsecureHttpProtocol + server + "/frogEndpoint"
s.connect(url)
url = s.InsecureFtpProtocol + server + "/frogFile"
s.connect(url)
}
func (s *SwampService) connect(url string) {
fmt.Printf("Connecting to %s\n", url)
// Logic to connect to the service
}
func main() {
service := NewSwampService()
service.ConnectToFrogService("example.com")
} In this vulnerable example, the RemediationTo mitigate the use of insecure protocols, replace them with secure alternatives package main
import (
"fmt"
)
type SwampService struct {
InsecureHttpProtocol string
InsecureFtpProtocol string
}
func NewSwampService() *SwampService {
return &SwampService{
InsecureHttpProtocol: "http://", // Insecure protocol
InsecureFtpProtocol: "ftp://", // Insecure protocol
}
}
func (s *SwampService) ConnectToFrogService(server string) {
url := s.InsecureHttpProtocol + server + "/frogEndpoint"
s.connect(url)
url = s.InsecureFtpProtocol + server + "/frogFile"
s.connect(url)
}
func (s *SwampService) connect(url string) {
fmt.Printf("Connecting to %s\n", url)
// Logic to connect to the service
}
func main() {
service := NewSwampService()
service.ConnectToFrogService("example.com")
} In this remediated example, the |
at 🎯 Static Application Security Testing (SAST) VulnerabilityFull descriptionVulnerability Details
OverviewUsing insecure protocols—such as HTTP, FTP, or LDAP—can expose sensitive Vulnerable exampleIn this example, the application uses insecure protocols to communicate, package main
import (
"fmt"
)
type SwampService struct {
InsecureHttpProtocol string
InsecureFtpProtocol string
}
func NewSwampService() *SwampService {
return &SwampService{
InsecureHttpProtocol: "http://", // Insecure protocol
InsecureFtpProtocol: "ftp://", // Insecure protocol
}
}
func (s *SwampService) ConnectToFrogService(server string) {
url := s.InsecureHttpProtocol + server + "/frogEndpoint"
s.connect(url)
url = s.InsecureFtpProtocol + server + "/frogFile"
s.connect(url)
}
func (s *SwampService) connect(url string) {
fmt.Printf("Connecting to %s\n", url)
// Logic to connect to the service
}
func main() {
service := NewSwampService()
service.ConnectToFrogService("example.com")
} In this vulnerable example, the RemediationTo mitigate the use of insecure protocols, replace them with secure alternatives package main
import (
"fmt"
)
type SwampService struct {
InsecureHttpProtocol string
InsecureFtpProtocol string
}
func NewSwampService() *SwampService {
return &SwampService{
InsecureHttpProtocol: "http://", // Insecure protocol
InsecureFtpProtocol: "ftp://", // Insecure protocol
}
}
func (s *SwampService) ConnectToFrogService(server string) {
url := s.InsecureHttpProtocol + server + "/frogEndpoint"
s.connect(url)
url = s.InsecureFtpProtocol + server + "/frogFile"
s.connect(url)
}
func (s *SwampService) connect(url string) {
fmt.Printf("Connecting to %s\n", url)
// Logic to connect to the service
}
func main() {
service := NewSwampService()
service.ConnectToFrogService("example.com")
} In this remediated example, the |
at 🎯 Static Application Security Testing (SAST) VulnerabilityFull descriptionVulnerability Details
OverviewUsing insecure protocols—such as HTTP, FTP, or LDAP—can expose sensitive Vulnerable exampleIn this example, the application uses insecure protocols to communicate, package main
import (
"fmt"
)
type SwampService struct {
InsecureHttpProtocol string
InsecureFtpProtocol string
}
func NewSwampService() *SwampService {
return &SwampService{
InsecureHttpProtocol: "http://", // Insecure protocol
InsecureFtpProtocol: "ftp://", // Insecure protocol
}
}
func (s *SwampService) ConnectToFrogService(server string) {
url := s.InsecureHttpProtocol + server + "/frogEndpoint"
s.connect(url)
url = s.InsecureFtpProtocol + server + "/frogFile"
s.connect(url)
}
func (s *SwampService) connect(url string) {
fmt.Printf("Connecting to %s\n", url)
// Logic to connect to the service
}
func main() {
service := NewSwampService()
service.ConnectToFrogService("example.com")
} In this vulnerable example, the RemediationTo mitigate the use of insecure protocols, replace them with secure alternatives package main
import (
"fmt"
)
type SwampService struct {
InsecureHttpProtocol string
InsecureFtpProtocol string
}
func NewSwampService() *SwampService {
return &SwampService{
InsecureHttpProtocol: "http://", // Insecure protocol
InsecureFtpProtocol: "ftp://", // Insecure protocol
}
}
func (s *SwampService) ConnectToFrogService(server string) {
url := s.InsecureHttpProtocol + server + "/frogEndpoint"
s.connect(url)
url = s.InsecureFtpProtocol + server + "/frogFile"
s.connect(url)
}
func (s *SwampService) connect(url string) {
fmt.Printf("Connecting to %s\n", url)
// Logic to connect to the service
}
func main() {
service := NewSwampService()
service.ConnectToFrogService("example.com")
} In this remediated example, the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Added project key as query param to jas config api call as it is expected to be passed.