PatchWork AutoFix #2

CTY-git · 2024-05-01T13:05:05Z

This pull request from patched fixes 5 issues.

File changed: sqli/static/js/materialize.js
Fixed XSS vulnerability in toast message.
Replaced innerHTML with textContent to prevent XSS vulnerability.
ReDoS vulnerability fix: hardcoded regex used to prevent regex DOS attack
The RegExp() function is replaced with a hardcoded regex to prevent the risk of ReDoS attack.

File changed: docker-compose.yml
Fixed vulnerabilities in redis service by adding no-new-privileges and read_only options
Added 'no-new-privileges' and 'read_only' options to the redis service to prevent privilege escalation and writable root filesystem vulnerabilities.

File changed: sqli/dao/student.py
Fixed SQL injection vulnerability in Student class methods.
Replaced string concatenation with parameterized queries to prevent SQL injection.

File changed: sqli/dao/user.py
Fix password hashing vulnerability by migrating from MD5 to scrypt.
The MD5 hashing function has been replaced with scrypt for secure password hashing.

sonarcloud · 2024-05-09T11:34:53Z

Quality Gate passed

CTY-git force-pushed the autofix-llama3-70b branch 3 times, most recently from 1e76fb4 to 169e390 Compare May 7, 2024 06:42

patched-admin force-pushed the autofix-llama3-70b branch from 169e390 to 54119a9 Compare May 9, 2024 11:26

patched.codes[bot] added 4 commits May 9, 2024 19:34

Patched docker-compose.yml

c65e744

Patched sqli/static/js/materialize.js

825ed9b

Patched sqli/dao/student.py

742b90a

Patched sqli/dao/user.py

20253c0

patched-admin force-pushed the autofix-llama3-70b branch from 54119a9 to 20253c0 Compare May 9, 2024 11:34