Merge pull request #127 from playframework/fortify-1.1.0-RC2

Fortify plugin 1.1.0-RC2 (was -RC1)
playframework · Feb 22, 2024 · 0908df5 · 0908df5
2 parents 8f06906 + dedd244
commit 0908df5
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 10 deletions.
diff --git a/.github/workflows/fortify.yml b/.github/workflows/fortify.yml
@@ -17,14 +17,14 @@ jobs:
         scala: [2.13.x, 3.x]
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - uses: coursier/cache-action@v6
     - uses: actions/setup-java@v4
       with:
         distribution: temurin
         java-version: ${{matrix.java}}
 
-    - uses: actions/cache@v3
+    - uses: actions/cache@v4
       env:
         cache-name: fortify
       with:

diff --git a/build.sbt b/build.sbt
@@ -3,7 +3,7 @@ lazy val `play-webgoat` = (project in file(".")).enablePlugins(PlayScala)
 name := "play-webgoat"
 version := "1.0"
 
-crossScalaVersions := Seq("2.13.12", "3.3.1")
+crossScalaVersions := Seq("2.13.13", "3.3.2")
 scalaVersion := crossScalaVersions.value.head // tc-skip
 
 libraryDependencies ++= Seq(guice, ws)
@@ -12,6 +12,6 @@ scalacOptions ++= Seq(
   "-feature", "-Werror",
 )
 scalacOptions ++= (CrossVersion.partialVersion(scalaVersion.value) match {
-  case Some((2, _)) => Seq("-Xlint:-unused,_")
+  case Some((2, _)) => Seq("-Xlint:-unused,-named-booleans,_")
   case _ => Seq()
 })
diff --git a/fortify.sbt b/fortify.sbt
@@ -1,6 +1,6 @@
 // enable the plugin
 addCompilerPlugin(
-  "com.lightbend" %% "scala-fortify" % "1.1.0-RC1"
+  "com.lightbend" %% "scala-fortify" % "1.1.0-RC2"
     cross CrossVersion.patch)
 
 // configure the plugin

diff --git a/vulnerabilities-3.x.txt b/vulnerabilities-3.x.txt
@@ -130,8 +130,8 @@ app/controllers/HomeController.scala(231) :  ->ProcessBuilder.!!(this)
     app/controllers/HomeController.scala(229) : <- RequestHeader.getQueryString(return)
 
 [19934AF014F44D85C1841457D8ED6581 : critical : Cross-Site Scripting : Reflected : dataflow ]
-target/scala-3.3.1/twirl/main/views/html/xss.template.scala(28) :  ->BaseScalaTemplate._display_(0)
-    target/scala-3.3.1/twirl/main/views/html/xss.template.scala(28) : <->Html.apply(0->return)
+target/scala-3.3.2/twirl/main/views/html/xss.template.scala(28) :  ->BaseScalaTemplate._display_(0)
+    target/scala-3.3.2/twirl/main/views/html/xss.template.scala(28) : <->Html.apply(0->return)
     app/controllers/HomeController.scala(202) :  ->xss.apply(0)
     app/controllers/HomeController.scala(201) :  ->controllers.HomeControllertwirlXSS$$anonfun$1$$anonfun$1.apply(0)
     app/controllers/HomeController.scala(201) : <- RequestHeader.getQueryString(return)
@@ -183,6 +183,6 @@ target/scala-3.3.1/twirl/main/views/html/xss.template.scala(28) :  ->BaseScalaTe
     app/controllers/HomeController.scala(285)
 
 [C997F7BB94E70A739A5522B291E17A57 : low : Code Correctness : Constructor Invokes Overridable Function : structural ]
-    target/scala-3.3.1/routes/main/router/Routes.scala(37)
-    Function: router.Routes.Routes [target/scala-3.3.1/routes/main/router/Routes.scala(13)]
-        Function: router.Routes.prefix [target/scala-3.3.1/routes/main/router/Routes.scala(19)]
+    target/scala-3.3.2/routes/main/router/Routes.scala(37)
+    Function: router.Routes.Routes [target/scala-3.3.2/routes/main/router/Routes.scala(13)]
+        Function: router.Routes.prefix [target/scala-3.3.2/routes/main/router/Routes.scala(19)]