diff --git a/.github/workflows/fortify.yml b/.github/workflows/fortify.yml index b673504..fbeaa64 100644 --- a/.github/workflows/fortify.yml +++ b/.github/workflows/fortify.yml @@ -17,14 +17,14 @@ jobs: scala: [2.13.x, 3.x] runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: coursier/cache-action@v6 - uses: actions/setup-java@v4 with: distribution: temurin java-version: ${{matrix.java}} - - uses: actions/cache@v3 + - uses: actions/cache@v4 env: cache-name: fortify with: diff --git a/build.sbt b/build.sbt index 1787870..8a165b2 100644 --- a/build.sbt +++ b/build.sbt @@ -3,7 +3,7 @@ lazy val `play-webgoat` = (project in file(".")).enablePlugins(PlayScala) name := "play-webgoat" version := "1.0" -crossScalaVersions := Seq("2.13.12", "3.3.1") +crossScalaVersions := Seq("2.13.13", "3.3.2") scalaVersion := crossScalaVersions.value.head // tc-skip libraryDependencies ++= Seq(guice, ws) @@ -12,6 +12,6 @@ scalacOptions ++= Seq( "-feature", "-Werror", ) scalacOptions ++= (CrossVersion.partialVersion(scalaVersion.value) match { - case Some((2, _)) => Seq("-Xlint:-unused,_") + case Some((2, _)) => Seq("-Xlint:-unused,-named-booleans,_") case _ => Seq() }) diff --git a/fortify.sbt b/fortify.sbt index d1d908b..2ffebf6 100644 --- a/fortify.sbt +++ b/fortify.sbt @@ -1,6 +1,6 @@ // enable the plugin addCompilerPlugin( - "com.lightbend" %% "scala-fortify" % "1.1.0-RC1" + "com.lightbend" %% "scala-fortify" % "1.1.0-RC2" cross CrossVersion.patch) // configure the plugin diff --git a/vulnerabilities-3.x.txt b/vulnerabilities-3.x.txt index cdc12f7..63a9165 100644 --- a/vulnerabilities-3.x.txt +++ b/vulnerabilities-3.x.txt @@ -130,8 +130,8 @@ app/controllers/HomeController.scala(231) : ->ProcessBuilder.!!(this) app/controllers/HomeController.scala(229) : <- RequestHeader.getQueryString(return) [19934AF014F44D85C1841457D8ED6581 : critical : Cross-Site Scripting : Reflected : dataflow ] -target/scala-3.3.1/twirl/main/views/html/xss.template.scala(28) : ->BaseScalaTemplate._display_(0) - target/scala-3.3.1/twirl/main/views/html/xss.template.scala(28) : <->Html.apply(0->return) +target/scala-3.3.2/twirl/main/views/html/xss.template.scala(28) : ->BaseScalaTemplate._display_(0) + target/scala-3.3.2/twirl/main/views/html/xss.template.scala(28) : <->Html.apply(0->return) app/controllers/HomeController.scala(202) : ->xss.apply(0) app/controllers/HomeController.scala(201) : ->controllers.HomeControllertwirlXSS$$anonfun$1$$anonfun$1.apply(0) app/controllers/HomeController.scala(201) : <- RequestHeader.getQueryString(return) @@ -183,6 +183,6 @@ target/scala-3.3.1/twirl/main/views/html/xss.template.scala(28) : ->BaseScalaTe app/controllers/HomeController.scala(285) [C997F7BB94E70A739A5522B291E17A57 : low : Code Correctness : Constructor Invokes Overridable Function : structural ] - target/scala-3.3.1/routes/main/router/Routes.scala(37) - Function: router.Routes.Routes [target/scala-3.3.1/routes/main/router/Routes.scala(13)] - Function: router.Routes.prefix [target/scala-3.3.1/routes/main/router/Routes.scala(19)] + target/scala-3.3.2/routes/main/router/Routes.scala(37) + Function: router.Routes.Routes [target/scala-3.3.2/routes/main/router/Routes.scala(13)] + Function: router.Routes.prefix [target/scala-3.3.2/routes/main/router/Routes.scala(19)]