Skip to content

New changes 20260122 #7

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
jonathanvila wants to merge 12 commits into
base: main
Choose a base branch
from
Open

New changes 20260122 #7

jonathanvila wants to merge 12 commits into from

Conversation

@jonathanvila
Copy link
Collaborator

@jonathanvila jonathanvila commented Jan 22, 2026

No description provided.

@sonarqubecloud
Copy link

sonarqubecloud bot commented Jan 22, 2026

Quality Gate Failed Quality Gate failed

Failed conditions
0.0% Coverage on New Code (required ≥ 30%)
E Security Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 22, 2026
View reviewed changes
src/main/java/demo/security/util/DBUtils.java
String myJDBCPasswd = "myJDBCPasswd";
connection = DriverManager.getConnection(
"mYJDBCUrl", "myJDBCUser", "myJDBCPasswd");
"mYJDBCUrl", "myJDBCUser", myJDBCPasswd);

Check failure

Code scanning / SonarCloud

Credentials should not be hard-coded

<!--SONAR_ISSUE_KEY:AZvmahNCtvKpHQXPw_7--->Revoke and change this password, as it is compromised. <p>See more on <a href="https://sonarcloud.io/project/issues?id=jonathanvila_java-security-demo&issues=AZvmahNCtvKpHQXPw_7-&open=AZvmahNCtvKpHQXPw_7-&pullRequest=7">SonarQube Cloud</a></p>
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 22, 2026
View reviewed changes
src/main/java/demo/security/util/DBUtils.java
String myJDBCPasswd = "myJDBCPasswd";
connection = DriverManager.getConnection(
"mYJDBCUrl", "myJDBCUser", "myJDBCPasswd");
"mYJDBCUrl", "myJDBCUser", myJDBCPasswd);

Check failure

Code scanning / SonarCloud

Credentials should not be hard-coded High

Revoke and change this password, as it is compromised. See more on SonarQube Cloud
@sonarqubecloud
Copy link

sonarqubecloud bot commented Jan 22, 2026

SonarQube reviewer guide

Summary: Downgrade Java from 21 to 17, update Sonar configuration, and remove vulnerable/complex code methods.

Review Focus: Removal of SQL injection vulnerable findItem() method and virtual thread implementation connectToExternalUrlConcurrently(). Hardcoded password in newConnect() remains a security issue.

Start review at: src/main/java/demo/security/util/DBUtils.java. Contains critical security changes including removed vulnerable methods and a remaining hardcoded credential that needs addressing.

💬 Please send your feedback

Review in SonarQube
See all code changes, issues, and quality metrics in one place.

Quality Gate Failed Quality Gate failed

Failed conditions
5 New issues
0.0% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jonathanvila