Skip to content

michael-PR-failed-QG#84

Open
michail-melizanis-sonarsource wants to merge 1 commit into
mainfrom
michael-PR-failed-QG
Open

michael-PR-failed-QG#84
michail-melizanis-sonarsource wants to merge 1 commit into
mainfrom
michael-PR-failed-QG

Add servlet with intentional SQLi and XSS for QG failure demo.

df455d6
Select commit
Loading
Failed to load commit list.
Sonar-Nautilus / SonarQube Code Analysis failed May 18, 2026 in 20s

Quality Gate failed

Failed conditions
4 New issues
1 Security Hotspot
0.0% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE SonarQube for IDE

Annotations

Check warning on line 28 in src/main/java/demo/security/servlet/MichaelQgFailServlet.java

See this annotation in the file changed.

@sonar-nautilus sonar-nautilus / SonarQube Code Analysis

Handle the following exception that could be thrown by "getWriter": IOException.

[S1989] Exceptions should not be thrown from servlet methods
 See more on https://nautilus.sonarqube.org/project/issues?id=demo%3Ajava-security&pullRequest=84&issues=abafa160-d46d-400d-b250-e8287943839d&open=abafa160-d46d-400d-b250-e8287943839d

Check failure on line 44 in src/main/java/demo/security/servlet/MichaelQgFailServlet.java

See this annotation in the file changed.

@sonar-nautilus sonar-nautilus / SonarQube Code Analysis

Change this code to not construct SQL queries directly from user-controlled data.

[S3649] Database queries should not be vulnerable to injection attacks
 See more on https://nautilus.sonarqube.org/project/issues?id=demo%3Ajava-security&pullRequest=84&issues=a60af7c4-11ca-4fa9-aa63-b6a5834e6aa7&open=a60af7c4-11ca-4fa9-aa63-b6a5834e6aa7

Check failure on line 31 in src/main/java/demo/security/servlet/MichaelQgFailServlet.java

See this annotation in the file changed.

@sonar-nautilus sonar-nautilus / SonarQube Code Analysis

Change this code to not reflect unsanitized user-controlled data.

[S5131] Endpoints should not be vulnerable to reflected cross-site scripting (XSS) attacks
 See more on https://nautilus.sonarqube.org/project/issues?id=demo%3Ajava-security&pullRequest=84&issues=a9ac9500-fa16-4a76-b2ea-43c0f14f5481&open=a9ac9500-fa16-4a76-b2ea-43c0f14f5481

Check failure on line 41 in src/main/java/demo/security/servlet/MichaelQgFailServlet.java

See this annotation in the file changed.

@sonar-nautilus sonar-nautilus / SonarQube Code Analysis

Revoke and change this password, as it is compromised.

[S6437] Credentials should not be hard-coded
 See more on https://nautilus.sonarqube.org/project/issues?id=demo%3Ajava-security&pullRequest=84&issues=c1a59453-1896-4f6c-88d6-cccf2eeb6d74&open=c1a59453-1896-4f6c-88d6-cccf2eeb6d74

Check warning on line 44 in src/main/java/demo/security/servlet/MichaelQgFailServlet.java

See this annotation in the file changed.

@sonar-nautilus sonar-nautilus / SonarQube Code Analysis

Make sure using a dynamically formatted SQL query is safe here.

[S2077] Formatting SQL queries is security-sensitive
 See more on https://nautilus.sonarqube.org/project/issues?id=demo%3Ajava-security&pullRequest=84&issues=2f7a3a2b-27a7-4479-a29f-39506424f63d&open=2f7a3a2b-27a7-4479-a29f-39506424f63d