Skip to content

zxczxc #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
sagic-orca wants to merge 1 commit into
base: main
Choose a base branch
from
Open

zxczxc #1

sagic-orca wants to merge 1 commit into from

Conversation

@sagic-orca
Copy link
Owner

@sagic-orca sagic-orca commented Oct 15, 2025

No description provided.

github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 15, 2025
View reviewed changes
3.py
@@ -0,0 +1,4 @@
teaskdjnasd

Check failure

Code scanning / Orca Shift-Left Security

User Input Can Control File Paths Leading to Directory Traversal High

Detected user input controlling a file path. An attacker could control the location of this file, to include going backwards in the directory with '../'. To address this, ensure that user-controlled variables in file paths are sanitized. You may also consider using a utility method such as org.apache.commons.io.FilenameUtils.getName(...) to only retrieve the file name from the path.
3.py
@@ -0,0 +1,4 @@
teaskdjnasd

Check warning

Code scanning / Orca Shift-Left Security

Potential trust boundary violation from unvalidated HTTP request input Medium

Detected input from a HTTPServletRequest going into a session command, like setAttribute. User input into such a command could lead to an attacker inputting malicious code into your session parameters, blurring the line between what's trusted and untrusted, and therefore leading to a trust boundary violation. This could lead to programmers trusting unvalidated data. Instead, thoroughly sanitize user input before passing it into such function calls.
orca-security-us[bot]
orca-security-us bot reviewed Oct 15, 2025
View reviewed changes
Copy link

@orca-security-us orca-security-us bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Orca Security

Orca Security Scan Summary

Status Check Issues by priority
Passed Passed Infrastructure as Code high 0   medium 0   low 0   info 0 View in Orca
Passed Passed SAST high 0   medium 0   low 0   info 0 View in Orca
Passed Passed Secrets high 0   medium 0   low 0   info 0 View in Orca
Passed Passed Vulnerabilities high 0   medium 0   low 0   info 0 View in Orca

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@orca-security-us orca-security-us[bot] orca-security-us[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sagic-orca