Jacques Le Roux created OFBIZ-12924:
---------------------------------------
Summary: [codeQL] Resolving possible security issues reported by
codeQL
Key: OFBIZ-12924
URL: https://issues.apache.org/jira/browse/OFBIZ-12924
Project: OFBiz
Issue Type: Improvement
Components: ALL COMPONENTS
Affects Versions: Upcoming Branch
Reporter: Jacques Le Roux
Assignee: Jacques Le Roux
Fix For: Upcoming Branch
We recenlty use codeQL as a GitHub action to check Java code. We had it before
to check JavaScript code. But it did not work for Java.
After a 1st step where I dismissed a lot (371) of "Insecure randomness" because
we use the safe schema {{{}RandomStringUtils.random(SECURE_RANDOM{}}}, I fixed
5 other "Uncontrolled data used in path expression" issues with the help of
SpotBugs (OFBIZ-12912) and fixed 2 other issues "Resolving XML external entity
in user-controlled data" and "XSLT transformation with user-controlled
stylesheet" by removing useless deprecated code (OFBIZ-12919)
This is an umbrella task to resolve the 47 remaining issues of different types
with subtasks
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
