Vulnerability fixes#1
Merged
harimohanr merged 4 commits intodevelopfrom Jun 9, 2023
Merged
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
|
|
||
| public String encrypt(String value) throws Exception { | ||
| SecretKey secretKey = new SecretKeySpec(SECRET_KEY.getBytes(StandardCharsets.UTF_8), ALGORITHM); | ||
| Cipher cipher = Cipher.getInstance(ALGORITHM + "/ECB/PKCS5Padding"); |
Check failure
Code scanning / CodeQL
Use of a broken or risky cryptographic algorithm
| public String decrypt(String encryptedValue) { | ||
| try { | ||
| SecretKey secretKey = new SecretKeySpec(SECRET_KEY.getBytes(StandardCharsets.UTF_8), ALGORITHM); | ||
| Cipher cipher = Cipher.getInstance(ALGORITHM + "/ECB/PKCS5Padding"); |
Check failure
Code scanning / CodeQL
Use of a broken or risky cryptographic algorithm
|
|
||
| public AESUtil() { | ||
| try { | ||
| cipher = Cipher.getInstance(CIPHER_ALGORITHM); |
Check failure
Code scanning / CodeQL
Use of a broken or risky cryptographic algorithm
| this.keySize = keySize; | ||
| this.iterationCount = iterationCount; | ||
| try { | ||
| cipher = Cipher.getInstance(CIPHER_ALGORITHM); |
Check failure
Code scanning / CodeQL
Use of a broken or risky cryptographic algorithm
|
|
||
| private SecretKey generateKey(String salt, String passPhrase) { | ||
| try { | ||
| SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance(SECRET_KEY_ALGORITHM); |
Check failure
Code scanning / CodeQL
Use of a broken or risky cryptographic algorithm
harimohanr
reviewed
Jun 8, 2023
| logger.info("userAuthenticate request - " + m_User + " " + m_User.getUserName() + " " + m_User.getPassword()); | ||
| try { | ||
| List<User> mUser = iemrAdminUserServiceImpl.userAuthenticate(m_User.getUserName(), m_User.getPassword()); | ||
| String decryptPassword = aesUtil.decrypt("Piramal12Piramal", m_User.getPassword()); |
Contributor
There was a problem hiding this comment.
@ravishanigarapu The username seems to be hardcoded here. Please check and correct.
harimohanr
reviewed
Jun 8, 2023
| throw new IEMRException("Please log with admin credentials"); | ||
| } | ||
| User mUser = iemrAdminUserServiceImpl.superUserAuthenticate(m_User.getUserName(), m_User.getPassword()); | ||
| String decryptPassword = aesUtil.decrypt("Piramal12Piramal", m_User.getPassword()); |
Contributor
There was a problem hiding this comment.
@ravishanigarapu The username seems to be hardcoded here. Please check and correct.
harimohanr
reviewed
Jun 8, 2023
| String setStatus; | ||
| noOfRowModified = iemrAdminUserServiceImpl.setForgetPassword(mUser, m_user.getPassword(), | ||
| m_user.getTransactionId(),m_user.getIsAdmin()); | ||
| String decryptPassword = aesUtil.decrypt("Piramal12Piramal", m_user.getPassword()); |
Contributor
There was a problem hiding this comment.
@ravishanigarapu The username seems to be hardcoded here. Please check and correct.
harimohanr
suggested changes
Jun 8, 2023
Contributor
harimohanr
left a comment
harimohanr
left a comment
There was a problem hiding this comment.
@ravishanigarapu User name seems to hardcoded in 3 places. Check the comments
harimohanr
approved these changes
Jun 9, 2023
Contributor
harimohanr
left a comment
harimohanr
left a comment
There was a problem hiding this comment.
@ravishanigarapu LGTM
harimohanr
added a commit
that referenced
this pull request
Jun 12, 2023
* Create README.md (#2) Created readme.md file * updated code-of-conduct, copying, contributing, readme (#3) * Update README.md * Create COPYING * Create CODE_OF_CONDUCT.md * Create CONTRIBUTING.md * Vulnerability fixes (#1) * Vulnerability fixes * removed unwanted loggers * super Admin User Authenticate Changes * Password Encryption Changes * modified .gitignore file (#4) * Update gitignore (#5) * modified .gitignore file * Create build-on-pull-request.yml * Create sast-and-package.yml * Delete Maven Build and CodeQL Analysis.yml * Delete logs directory --------- Co-authored-by: Mahima Elizabeth George <86731974+mahimaeg@users.noreply.github.com> Co-authored-by: Sweta Prakash <125380378+swetatech24@users.noreply.github.com> Co-authored-by: ravishanigarapu <133210792+ravishanigarapu@users.noreply.github.com> Co-authored-by: Vidyadevi Salunkhe <84471226+Vidyaaa24@users.noreply.github.com>
ravishanigarapu
added a commit
that referenced
this pull request
Oct 18, 2023
* Create README.md (#2) Created readme.md file * updated code-of-conduct, copying, contributing, readme (#3) * Update README.md * Create COPYING * Create CODE_OF_CONDUCT.md * Create CONTRIBUTING.md * Vulnerability fixes (#1) * Vulnerability fixes * removed unwanted loggers * super Admin User Authenticate Changes * Password Encryption Changes * modified .gitignore file (#4) * Update gitignore (#5) * modified .gitignore file * Create build-on-pull-request.yml * Create sast-and-package.yml * Delete Maven Build and CodeQL Analysis.yml * Delete logs directory * Update pom.xml (#7) pom.xml cleanup * Update README.md * Sonarqube reported code smell fixes (#8) * Code smell fixes (#9) * Sonarqube reported code smell fixes * Code smells fixed * Added copyright text (#10) Co-authored-by: Anjana K J <an356996@wipro.com> * Adding swagger configuration changes (#11) * Create prod workflow (#12) * Create sast-and-package-prod.yml * Update sast-and-package-prod.yml * 1097 refferal sms changes * removed test properties * Feature feedback (#17) * feedback changes * feedback changes --------- Co-authored-by: Indrani Bandyopadhyay <IN40068837@wipro.com> * Removing password encryption (#19) * Removing password encryption * Added placeholders * Addressing comments * feedback details changes (#20) Co-authored-by: Indrani Bandyopadhyay <IN40068837@wipro.com> * Passing Environment Variable (#21) * Passing Environment Variable * Passing Environment Variable * Workflow change (#22) * Update sast-and-package-prod.yml * Update sast-and-package.yml * CreatedDate Field changes in common & Identity api (#23) * property file changes * properties file removed creds * removed properties * property file changes (#24) * property file changes * properties file removed creds * removed properties --------- Co-authored-by: Karyamsetty Helen Grace <KA40094929@wipro.com> * close call time (#25) * CreatedDate Field changes in common & Identity api * call close time * Send SMS Null ID issue (#26) * CreatedDate Field changes in common & Identity api * call close time * Send SMS Null ID issue * mmu cr changes * API Cleanup * API Cleanup * emergencyRegistration field update * mmu cr changes for registration, quick search and update api * changes mmu cr * API Cleanup (#30) * API Cleanup * API Cleanup * changes mmu cr * changes mmu cr * mmu cr change (#32) * mmu cr changes * mmu cr changes for registration, quick search and update api * changes mmu cr * changes mmu cr * changes mmu cr --------- Co-authored-by: Indrani Bandyopadhyay <IN40068837@wipro.com> * changes mmu cr * password encryption changes- strong algorithm modified * Update sast-and-package.yml * Update AESUtil.java * register service change * MMU CR (#33) * mmu cr changes * mmu cr changes for registration, quick search and update api * changes mmu cr * changes mmu cr * changes mmu cr * changes mmu cr * password encryption changes- strong algorithm modified * Update sast-and-package.yml * Update AESUtil.java * register service change --------- Co-authored-by: Indrani Bandyopadhyay <IN40068837@wipro.com> * AES utils * AES utils (#35) * mmu cr changes * mmu cr changes for registration, quick search and update api * changes mmu cr * changes mmu cr * changes mmu cr * changes mmu cr * password encryption changes- strong algorithm modified * Update sast-and-package.yml * Update AESUtil.java * register service change * AES utils --------- Co-authored-by: Indrani Bandyopadhyay <IN40068837@wipro.com> * NHM_Agent_Real_Time_Data * AES utils * registration change * AES Utils secret key algorithm and padding change (#37) * mmu cr changes * mmu cr changes for registration, quick search and update api * changes mmu cr * changes mmu cr * changes mmu cr * changes mmu cr * password encryption changes- strong algorithm modified * Update sast-and-package.yml * Update AESUtil.java * register service change * AES utils * AES utils * registration change --------- Co-authored-by: Indrani Bandyopadhyay <IN40068837@wipro.com> * API Cleanup (#38) * Update SecurePassword.java * Update1 SecurePassword.java * Update RSAUtil.java * caller Id modified, pwd encryption changes reverted * Update SecurePassword.java * Update2 RSAUtil.java * nhm dashboard scheduler changes * pwd enc changes-modified strong algorithm * Update RSAUtil.java * Update AESUtil.java * Search benificiary modification * AES modification * NHM dashboard scheduler changes * pwd enc changes * 1097 sms changes * pull req (#43) * NHM dashboard scheduler changes * 1097 sms changes --------- Co-authored-by: Karyamsetty Helen Grace <KA40094929@wipro.com> * Update sast-and-package-prod.yml (#44) * update api changes (#45) * update api changes * abandon summary pojo changes --------- Co-authored-by: Indrani Bandyopadhyay <IN40068837@wipro.com> * changes made for czentrix (#46) * pwd enc changes (#47) * update api changes * abandon summary pojo changes * pwd enc userAuthenticate logic change --------- Co-authored-by: Indrani Bandyopadhyay <IN40068837@wipro.com> * Swaasa Changes (#48) * Swaasa Changes * Swaasa Changes * Swaasa Changes * Swaasa Changes * Added call type Id zero * Added call type Id zero (#49) Co-authored-by: Devika <de40034072@wipro.com> * Added call type Id 9999 * Czentrix Changes * call type null issue * controller name changes (#53) * E-Sanjeevani requirement changes * Delete .github/workflows/sast-and-package-prod.yml * Delete .github/workflows/sast-and-package.yml * Create package-prod.yml * Create package.yml * Create sast.yml * Request mapping modified for SWAASA (#57) * E-Sanjeevani model class handling logic (#55) Co-authored-by: appuser <appuser@WIPRO-DEV> * bhavya authentication api for plain text (#58) Co-authored-by: mukul <mukul.5947@gmail.com> * Biometric changes (#56) * Biometric changes * biometric device changes * biometric pid changes --------- Co-authored-by: Ancy Riju <AN40085822@wipro.com> * esanjeevani changes (#59) * esanjeevani changes * commented code removed * Unused imports (#60) * Biometric changes * biometric device changes * biometric pid changes * removed unused imports --------- Co-authored-by: Ancy Riju <AN40085822@wipro.com> * Added Pull Request template, added placeholders in properties file, and added admin_local to git ignore * modified ScheduleForCallCentre * resolved package file conflicts --------- Co-authored-by: Mahima Elizabeth George <86731974+mahimaeg@users.noreply.github.com> Co-authored-by: Sweta Prakash <125380378+swetatech24@users.noreply.github.com> Co-authored-by: ravishanigarapu <133210792+ravishanigarapu@users.noreply.github.com> Co-authored-by: Vidyadevi Salunkhe <84471226+Vidyaaa24@users.noreply.github.com> Co-authored-by: Harimohan Rajamohanan <30436665+harimohanr@users.noreply.github.com> Co-authored-by: Anjana2310 <134688551+Anjana2310@users.noreply.github.com> Co-authored-by: Anjana K J <an356996@wipro.com> Co-authored-by: Karyamsetty Helen Grace <KA40094929@wipro.com> Co-authored-by: devikasuresh20 <57424483+devikasuresh20@users.noreply.github.com> Co-authored-by: indraniBan <133205641+indraniBan@users.noreply.github.com> Co-authored-by: Indrani Bandyopadhyay <IN40068837@wipro.com> Co-authored-by: mukul5947 <133210744+mukul5947@users.noreply.github.com> Co-authored-by: swetatech24 <sweta.prakash@wipro.com> Co-authored-by: Ravi Shanigarapu <ravi.shanigarapu@wipro.com> Co-authored-by: Parth Kothari <109517053+KpParth@users.noreply.github.com> Co-authored-by: parth <pa20251871@wipro.com> Co-authored-by: Devika <de40034072@wipro.com> Co-authored-by: KA40094929 <KA40094929@L-158018332.wipro.com> Co-authored-by: appuser <appuser@WIPRO-DEV> Co-authored-by: mukul <mukul.5947@gmail.com> Co-authored-by: AncyRiju <133205637+AncyRiju@users.noreply.github.com> Co-authored-by: Ancy Riju <AN40085822@wipro.com> Co-authored-by: Mithun James <drtechie@users.noreply.github.com>
ravishanigarapu
added a commit
that referenced
this pull request
Oct 19, 2023
* Develop branch merge to master (#6) * Create README.md (#2) Created readme.md file * updated code-of-conduct, copying, contributing, readme (#3) * Update README.md * Create COPYING * Create CODE_OF_CONDUCT.md * Create CONTRIBUTING.md * Vulnerability fixes (#1) * Vulnerability fixes * removed unwanted loggers * super Admin User Authenticate Changes * Password Encryption Changes * modified .gitignore file (#4) * Update gitignore (#5) * modified .gitignore file * Create build-on-pull-request.yml * Create sast-and-package.yml * Delete Maven Build and CodeQL Analysis.yml * Delete logs directory --------- Co-authored-by: Mahima Elizabeth George <86731974+mahimaeg@users.noreply.github.com> Co-authored-by: Sweta Prakash <125380378+swetatech24@users.noreply.github.com> Co-authored-by: ravishanigarapu <133210792+ravishanigarapu@users.noreply.github.com> Co-authored-by: Vidyadevi Salunkhe <84471226+Vidyaaa24@users.noreply.github.com> * resolved package file conflicts * Deleted unwanted cryptoUtil file and its addition in other files --------- Co-authored-by: Harimohan Rajamohanan <30436665+harimohanr@users.noreply.github.com> Co-authored-by: Mahima Elizabeth George <86731974+mahimaeg@users.noreply.github.com> Co-authored-by: Sweta Prakash <125380378+swetatech24@users.noreply.github.com> Co-authored-by: ravishanigarapu <133210792+ravishanigarapu@users.noreply.github.com> Co-authored-by: Vidyadevi Salunkhe <84471226+Vidyaaa24@users.noreply.github.com> Co-authored-by: Karyamsetty Helen Grace <KA40094929@wipro.com> Co-authored-by: KA40094929 <KA40094929@L-158018332.wipro.com>
srishtigrp78
added a commit
that referenced
this pull request
Oct 14, 2024
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.