From 492c3a7ffa28123b9c61b6594c87a043aea61f70 Mon Sep 17 00:00:00 2001 From: Seth Tisue Date: Wed, 21 Feb 2024 19:52:24 -0800 Subject: [PATCH 1/3] CI: bump version to avoid Node 16 warnings --- .github/workflows/fortify.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/fortify.yml b/.github/workflows/fortify.yml index b673504..fbeaa64 100644 --- a/.github/workflows/fortify.yml +++ b/.github/workflows/fortify.yml @@ -17,14 +17,14 @@ jobs: scala: [2.13.x, 3.x] runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: coursier/cache-action@v6 - uses: actions/setup-java@v4 with: distribution: temurin java-version: ${{matrix.java}} - - uses: actions/cache@v3 + - uses: actions/cache@v4 env: cache-name: fortify with: From d0345620eefced552f9cb7e99354c3806901641e Mon Sep 17 00:00:00 2001 From: Seth Tisue Date: Wed, 21 Feb 2024 18:45:31 -0800 Subject: [PATCH 2/3] Fortify plugin 1.1.0-RC2 (was -RC1) --- fortify.sbt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fortify.sbt b/fortify.sbt index d1d908b..2ffebf6 100644 --- a/fortify.sbt +++ b/fortify.sbt @@ -1,6 +1,6 @@ // enable the plugin addCompilerPlugin( - "com.lightbend" %% "scala-fortify" % "1.1.0-RC1" + "com.lightbend" %% "scala-fortify" % "1.1.0-RC2" cross CrossVersion.patch) // configure the plugin From dedd244cda5363816d5a17829c6e59707a9ce8f6 Mon Sep 17 00:00:00 2001 From: Seth Tisue Date: Wed, 21 Feb 2024 18:48:17 -0800 Subject: [PATCH 3/3] Scala 2.13.13 (was .12), 3.3.2 (was .1) --- build.sbt | 4 ++-- vulnerabilities-3.x.txt | 10 +++++----- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/build.sbt b/build.sbt index 1787870..8a165b2 100644 --- a/build.sbt +++ b/build.sbt @@ -3,7 +3,7 @@ lazy val `play-webgoat` = (project in file(".")).enablePlugins(PlayScala) name := "play-webgoat" version := "1.0" -crossScalaVersions := Seq("2.13.12", "3.3.1") +crossScalaVersions := Seq("2.13.13", "3.3.2") scalaVersion := crossScalaVersions.value.head // tc-skip libraryDependencies ++= Seq(guice, ws) @@ -12,6 +12,6 @@ scalacOptions ++= Seq( "-feature", "-Werror", ) scalacOptions ++= (CrossVersion.partialVersion(scalaVersion.value) match { - case Some((2, _)) => Seq("-Xlint:-unused,_") + case Some((2, _)) => Seq("-Xlint:-unused,-named-booleans,_") case _ => Seq() }) diff --git a/vulnerabilities-3.x.txt b/vulnerabilities-3.x.txt index cdc12f7..63a9165 100644 --- a/vulnerabilities-3.x.txt +++ b/vulnerabilities-3.x.txt @@ -130,8 +130,8 @@ app/controllers/HomeController.scala(231) : ->ProcessBuilder.!!(this) app/controllers/HomeController.scala(229) : <- RequestHeader.getQueryString(return) [19934AF014F44D85C1841457D8ED6581 : critical : Cross-Site Scripting : Reflected : dataflow ] -target/scala-3.3.1/twirl/main/views/html/xss.template.scala(28) : ->BaseScalaTemplate._display_(0) - target/scala-3.3.1/twirl/main/views/html/xss.template.scala(28) : <->Html.apply(0->return) +target/scala-3.3.2/twirl/main/views/html/xss.template.scala(28) : ->BaseScalaTemplate._display_(0) + target/scala-3.3.2/twirl/main/views/html/xss.template.scala(28) : <->Html.apply(0->return) app/controllers/HomeController.scala(202) : ->xss.apply(0) app/controllers/HomeController.scala(201) : ->controllers.HomeControllertwirlXSS$$anonfun$1$$anonfun$1.apply(0) app/controllers/HomeController.scala(201) : <- RequestHeader.getQueryString(return) @@ -183,6 +183,6 @@ target/scala-3.3.1/twirl/main/views/html/xss.template.scala(28) : ->BaseScalaTe app/controllers/HomeController.scala(285) [C997F7BB94E70A739A5522B291E17A57 : low : Code Correctness : Constructor Invokes Overridable Function : structural ] - target/scala-3.3.1/routes/main/router/Routes.scala(37) - Function: router.Routes.Routes [target/scala-3.3.1/routes/main/router/Routes.scala(13)] - Function: router.Routes.prefix [target/scala-3.3.1/routes/main/router/Routes.scala(19)] + target/scala-3.3.2/routes/main/router/Routes.scala(37) + Function: router.Routes.Routes [target/scala-3.3.2/routes/main/router/Routes.scala(13)] + Function: router.Routes.prefix [target/scala-3.3.2/routes/main/router/Routes.scala(19)]