Skip to content

Add OpenTaint + ZAP action and more controllers #6

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
misonijnik wants to merge 1 commit into
base: demo/endpoints
Choose a base branch
from

Add OpenTaint + ZAP action and more controllers

ba5db0b
Select commit
Loading
Failed to load commit list.
Open

Add OpenTaint + ZAP action and more controllers #6

Add OpenTaint + ZAP action and more controllers
ba5db0b
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / OpenTaint + ZAP failed Mar 26, 2026 in 3s

5 new alerts including 2 errors

New alerts in code changed by this pull request

  • 2 errors
  • 3 warnings

See annotations below for details.

View all branch alerts.

Annotations

Check failure on line 92 in src/main/java/org/seqra/demo/controller/RedirectController.java

See this annotation in the file changed.

Code scanning / OpenTaint + ZAP

Potential cross-site scripting (XSS) Error

Potential XSS: writing user input directly to a web page.

Check failure on line 105 in src/main/java/org/seqra/demo/controller/RedirectController.java

See this annotation in the file changed.

Code scanning / OpenTaint + ZAP

Potential cross-site scripting (XSS) Error

Potential XSS: writing user input directly to a web page.

Check warning on line 51 in src/main/java/org/seqra/demo/controller/RedirectController.java

See this annotation in the file changed.

Code scanning / OpenTaint + ZAP

Application redirects to user-manipulated URL which can be malicious Warning

Application redirects to a destination URL specified by a user-supplied parameter that is not validated. This could direct users to malicious locations. Consider using an allowlist to validate URLs.

Check warning on line 79 in src/main/java/org/seqra/demo/controller/RedirectController.java

See this annotation in the file changed.

Code scanning / OpenTaint + ZAP

HTTP response splitting Warning

Older Java application servers are vulnerable to HTTP response splitting, which may occur if an HTTP request can be injected with CRLF characters.

Check warning on line 86 in src/main/java/org/seqra/demo/controller/RedirectController.java

See this annotation in the file changed.

Code scanning / OpenTaint + ZAP

HTTP response splitting Warning

Older Java application servers are vulnerable to HTTP response splitting, which may occur if an HTTP request can be injected with CRLF characters.