Adding two vulnerabilities

HenrichN · HenrichN · commit 037056b3a72b · 2023-12-12T17:09:32.000+01:00
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -16,7 +16,7 @@ env:
   WEB_APP_ADDRESS: https://app.code-intelligence.com
   # Directory in which the repository will be cloned.
   CHECKOUT_DIR: checkout-dir/
-  CIFUZZ_DOWNLOAD_URL: "https://git.1-hub.cnCodeIntelligenceTesting/cifuzz/releases/latest/download/cifuzz_installer_linux_amd64"
+  CIFUZZ_DOWNLOAD_URL: "https://git.1-hub.cnCodeIntelligenceTesting/cifuzz/releases/download/v2.18.0/cifuzz_installer_linux_amd64"
   CIFUZZ_INSTALL_DIR: ./cifuzz
   FUZZING_ARTIFACT: fuzzing-artifact.tar.gz
 jobs:
@@ -42,7 +42,7 @@ jobs:
           cd $CHECKOUT_DIR/
           $GITHUB_WORKSPACE/$CIFUZZ_INSTALL_DIR/bin/cifuzz bundle \
             --commit $GITHUB_SHA \
-            --branch $GITHUB_REF_NAME \
+            --branch $GITHUB_HEAD_REF \
             --output $GITHUB_WORKSPACE/$CHECKOUT_DIR/$FUZZING_ARTIFACT
         shell: "bash"
       - id: start-fuzzing
diff --git a/src/main/java/com/example/app/controller/GreetEndpointController.java b/src/main/java/com/example/app/controller/GreetEndpointController.java
@@ -20,7 +20,8 @@ public String greet(@RequestParam(required = false, defaultValue = "World") Stri
                     conn.createStatement().execute(query);
                     conn.close();
                 }
-            } catch (SQLException ignored) {}
+            } catch (SQLException ignored) {
+            }
         }
 
         return "Greetings " + name + "!";
diff --git a/src/main/java/com/example/app/controller/HelloEndpointController.java b/src/main/java/com/example/app/controller/HelloEndpointController.java
@@ -14,7 +14,8 @@ public String hello(@RequestParam(required = false, defaultValue = "World") Stri
             String className = name.substring(8);
             try {
                 Class.forName(className).getConstructor().newInstance();
-            } catch (Exception ignored){}
+            } catch (Exception ignored) {
+            }
         }
         return "Hello " + name + "!";
     }
diff --git a/src/test/java/com/example/app/GreetEndpointTests.java b/src/test/java/com/example/app/GreetEndpointTests.java
@@ -27,22 +27,23 @@
 
 @WebMvcTest()
 public class GreetEndpointTests {
-  @Autowired private MockMvc mockMvc;
-
-  @Test
-  public void unitTestGreetDeveloper() throws Exception {
-    mockMvc.perform(get("/greet").param("name", "Developer"));
-  }
-
-  @Test
-  public void unitTestGreetContributor() throws Exception {
-    mockMvc.perform(get("/greet").param("name", "Contributor"));
-  }
-
-  @FuzzTest
-  public void fuzzTestGreet(FuzzedDataProvider data) throws Exception {
-    String name = data.consumeRemainingAsString();
-    mockMvc.perform(get("/greet").param("name", name));
-  }
+    @Autowired
+    private MockMvc mockMvc;
+
+    @Test
+    public void unitTestGreetDeveloper() throws Exception {
+        mockMvc.perform(get("/greet").param("name", "Developer"));
+    }
+
+    @Test
+    public void unitTestGreetContributor() throws Exception {
+        mockMvc.perform(get("/greet").param("name", "Contributor"));
+    }
+
+    @FuzzTest
+    public void fuzzTestGreet(FuzzedDataProvider data) throws Exception {
+        String name = data.consumeRemainingAsString();
+        mockMvc.perform(get("/greet").param("name", name));
+    }
 
 }
diff --git a/src/test/java/com/example/app/HelloEndpointTests.java b/src/test/java/com/example/app/HelloEndpointTests.java
@@ -27,22 +27,23 @@
 
 @WebMvcTest()
 public class HelloEndpointTests {
-  @Autowired private MockMvc mockMvc;
-
-  @Test
-  public void unitTestHelloDeveloper() throws Exception {
-    mockMvc.perform(get("/hello").param("name", "Developer"));
-  }
-
-  @Test
-  public void unitTestHelloContributor() throws Exception {
-    mockMvc.perform(get("/hello").param("name", "Contributor"));
-  }
-
-  @FuzzTest
-  public void fuzzTestHello(FuzzedDataProvider data) throws Exception {
-    String name = data.consumeRemainingAsString();
-    mockMvc.perform(get("/hello").param("name", name));
-  }
+    @Autowired
+    private MockMvc mockMvc;
+
+    @Test
+    public void unitTestHelloDeveloper() throws Exception {
+        mockMvc.perform(get("/hello").param("name", "Developer"));
+    }
+
+    @Test
+    public void unitTestHelloContributor() throws Exception {
+        mockMvc.perform(get("/hello").param("name", "Contributor"));
+    }
+
+    @FuzzTest
+    public void fuzzTestHello(FuzzedDataProvider data) throws Exception {
+        String name = data.consumeRemainingAsString();
+        mockMvc.perform(get("/hello").param("name", name));
+    }
 
 }

Original file line number	Diff line number	Diff line change
`@@ -20,7 +20,8 @@ public String greet(@RequestParam(required = false, defaultValue = "World") Stri`
`20`	`20`	`conn.createStatement().execute(query);`
`21`	`21`	`conn.close();`
`22`	`22`	`}`
`23`		`- } catch (SQLException ignored) {}`
	`23`	`+ } catch (SQLException ignored) {`
	`24`	`+ }`
`24`	`25`	`}`
`25`	`26`
`26`	`27`	`return "Greetings " + name + "!";`
Original file line number	Diff line number	Diff line change
`@@ -14,7 +14,8 @@ public String hello(@RequestParam(required = false, defaultValue = "World") Stri`
`14`	`14`	`String className = name.substring(8);`
`15`	`15`	`try {`
`16`	`16`	`Class.forName(className).getConstructor().newInstance();`
`17`		`- } catch (Exception ignored){}`
	`17`	`+ } catch (Exception ignored) {`
	`18`	`+ }`
`18`	`19`	`}`
`19`	`20`	`return "Hello " + name + "!";`
`20`	`21`	`}`