Jacques Le Roux created OFBIZ-12924: ---------------------------------------
Summary: [codeQL] Resolving possible security issues reported by codeQL Key: OFBIZ-12924 URL: https://issues.apache.org/jira/browse/OFBIZ-12924 Project: OFBiz Issue Type: Improvement Components: ALL COMPONENTS Affects Versions: Upcoming Branch Reporter: Jacques Le Roux Assignee: Jacques Le Roux Fix For: Upcoming Branch We recenlty use codeQL as a GitHub action to check Java code. We had it before to check JavaScript code. But it did not work for Java. After a 1st step where I dismissed a lot (371) of "Insecure randomness" because we use the safe schema {{{}RandomStringUtils.random(SECURE_RANDOM{}}}, I fixed 5 other "Uncontrolled data used in path expression" issues with the help of SpotBugs (OFBIZ-12912) and fixed 2 other issues "Resolving XML external entity in user-controlled data" and "XSLT transformation with user-controlled stylesheet" by removing useless deprecated code (OFBIZ-12919) This is an umbrella task to resolve the 47 remaining issues of different types with subtasks -- This message was sent by Atlassian Jira (v8.20.10#820010)