Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

authhelper: use DB details and close on notify #6278

Merged
merged 1 commit into from
Mar 24, 2025
Merged

authhelper: use DB details and close on notify #6278

merged 1 commit into from
Mar 24, 2025

Conversation

thc202
Copy link
Member

@thc202 thc202 commented Mar 17, 2025
edited
Loading

Change to use the new core changes, if available, which allow to remove hardcoded DB details and to properly free resources.

@psiinon
Copy link
Member

psiinon commented Mar 17, 2025
edited
Loading

Logo
Checkmarx One – Scan Summary & Details00c9e8d0-ff44-4f07-9633-2147e699c861

New Issues (1)

Checkmarx found the following issues in this Pull Request

Severity Issue Source File / Package Checkmarx Insight
LOW Heap_Inspection /addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/internal/db/TableJdo.java: 78
detailsMethod at line 78 of /addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/internal/db/TableJdo.java defines password, which is designated...
Attack Vector

@thc202 thc202 changed the title authhelper: use DB details and close on notify [WIP] authhelper: use DB details and close on notify Mar 19, 2025
@thc202
Copy link
Member Author

thc202 commented Mar 19, 2025

WIP to change it to use reflection.

@thc202 thc202 force-pushed the authhelper/db-tweks branch from 750a18e to d2cf827 Compare March 24, 2025 13:06
@thc202 thc202 changed the title [WIP] authhelper: use DB details and close on notify authhelper: use DB details and close on notify Mar 24, 2025
@thc202
authhelper: use DB details and close on notify
49311ca 
Change to use the new core changes, if available, which allow to remove
hardcoded DB details and to properly free resources.

Signed-off-by: thc202 <[email protected]>
@thc202 thc202 force-pushed the authhelper/db-tweks branch from d2cf827 to 49311ca Compare March 24, 2025 13:08
@thc202
Copy link
Member Author

thc202 commented Mar 24, 2025

Now using reflection for the new core code.

@kingthorin kingthorin merged commit 5757142 into zaproxy:main Mar 24, 2025
9 of 10 checks passed
@github-actions github-actions bot locked and limited conversation to collaborators Mar 24, 2025
@thc202 thc202 deleted the authhelper/db-tweks branch March 24, 2025 14:10
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@psiinon psiinon psiinon approved these changes

@kingthorin kingthorin kingthorin approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@thc202 @psiinon @kingthorin