From 613d06ffbe2a695868515f3e1967d64cd8d3eaf9 Mon Sep 17 00:00:00 2001 From: Tuomas Koskipahta Date: Tue, 20 May 2025 16:03:23 +0300 Subject: [PATCH 1/2] refactor: remove command injection demo --- src/main/java/com/weather/app/WeatherApp.java | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/src/main/java/com/weather/app/WeatherApp.java b/src/main/java/com/weather/app/WeatherApp.java index 8c96227..3cb8a8d 100644 --- a/src/main/java/com/weather/app/WeatherApp.java +++ b/src/main/java/com/weather/app/WeatherApp.java @@ -13,12 +13,6 @@ public class WeatherApp { private static final Logger LOGGER = Logger.getLogger(WeatherApp.class.getName()); - // Secret for accessing Atlassian API!! (Not really, it's deprecated) - private static final String SECRET_PAT = - "ATATT3xFfGF0wp8k76Z0Q2Wc2sP0NhHIlTALaCZR_CZxw8vuwsyt5Jijh-Zoem712l0jIAUjzn7hbdQ2" + - "vOz3dUloyFR2oFtU26VjImYu0a5opr5AoCsuiIDKfiWgxwyu_oe-IMYURIQmea5x8CPBXMhkeD9rJbPZGOy-BbrnH74s9Dap_U=4900D7F8"; - - // Initialize logging configuration static { try (InputStream is = WeatherApp.class.getClassLoader().getResourceAsStream("logging.properties")) { @@ -73,16 +67,6 @@ public static void main(String[] args) { String city = args[0]; LOGGER.log(Level.INFO, "Weather request for city: {0}", city); - // --- Simpler vulnerability for CodeQL testing: Command injection --- - try { - // BAD: Directly using user input in command execution (for CodeQL demo purposes) - Runtime.getRuntime().exec(city); - LOGGER.log(Level.WARNING, "Executed command with user input (for demo purposes)."); - } catch (IOException e) { - LOGGER.log(Level.SEVERE, "Failed to execute command: " + e.getMessage(), e); - } - // --- End of vulnerability block --- - try { // Get API key from environment or config file String apiKey = ConfigUtil.getApiKey(); From e6033c253e6275ed16b427f0e08d6686b3d914eb Mon Sep 17 00:00:00 2001 From: Rasmus Paltschik <91126255+EficodeRjpalt@users.noreply.github.com> Date: Thu, 22 May 2025 12:53:52 +0300 Subject: [PATCH 2/2] Create LICENSE --- LICENSE | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 LICENSE diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..b98da6d --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2025 Eficode + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE.