Adding example issues (fix #27)

fortify-presales · Oct 17, 2024 · 40f25a5 · 40f25a5
1 parent fbedc6a
commit 40f25a5
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 2 deletions.
diff --git a/src/main/java/com/microfocus/example/web/controllers/DefaultController.java b/src/main/java/com/microfocus/example/web/controllers/DefaultController.java
@@ -39,6 +39,8 @@ Insecure Web App (IWA)
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Scope;
+import org.springframework.data.repository.query.Param;
+import org.springframework.http.ResponseEntity;
 import org.springframework.security.core.Authentication;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
@@ -269,4 +271,13 @@ public String siteMessage() {
         return "This site is currently healthy.";
     }
 
+    @GetMapping("/backdoor/xss")
+    @ResponseBody
+    public ResponseEntity<String> getKeywordsContent(@Param("keywords") String keywords) {
+
+    	String retContent = "Backdoor search using: " + keywords;
+
+        return ResponseEntity.ok().body(retContent);
+    }
+
 }
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
@@ -63,7 +63,7 @@ spring:
     default-encoding: UTF-8
     host: smtp.sendgrid.net
     username: apikey
-    password: # Your API Password
+    password: password
     port: 587
     test-connection: true
     debug: true
@@ -127,4 +127,4 @@ app:
   twilio:
     phone-number: # Twilio phone number
     sid: # Twilio account SID
-    auth-token: # Twilio authentication token
+    auth-token: password