Skip to content

New changes 20260122#7

Open
jonathanvila wants to merge 12 commits intomainfrom
20260122
Open

New changes 20260122#7
jonathanvila wants to merge 12 commits intomainfrom
20260122

Conversation

@jonathanvila
Copy link
Copy Markdown

@jonathanvila jonathanvila commented Jan 22, 2026

No description provided.

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Jan 22, 2026

Quality Gate Failed Quality Gate failed

Failed conditions
0.0% Coverage on New Code (required ≥ 30%)
E Security Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

github-advanced-security[bot]
github-advanced-security AI found potential problems Jan 22, 2026
View reviewed changes
Comment thread src/main/java/demo/security/util/DBUtils.java
String myJDBCPasswd = "myJDBCPasswd";
connection = DriverManager.getConnection(
"mYJDBCUrl", "myJDBCUser", "myJDBCPasswd");
"mYJDBCUrl", "myJDBCUser", myJDBCPasswd);

Check failure

Code scanning / SonarCloud

Credentials should not be hard-coded

<!--SONAR_ISSUE_KEY:AZvmahNCtvKpHQXPw_7--->Revoke and change this password, as it is compromised. <p>See more on <a href="https://sonarcloud.io/project/issues?id=jonathanvila_java-security-demo&issues=AZvmahNCtvKpHQXPw_7-&open=AZvmahNCtvKpHQXPw_7-&pullRequest=7">SonarQube Cloud</a></p>
github-advanced-security[bot]
github-advanced-security AI found potential problems Jan 22, 2026
View reviewed changes
Comment thread src/main/java/demo/security/util/DBUtils.java
String myJDBCPasswd = "myJDBCPasswd";
connection = DriverManager.getConnection(
"mYJDBCUrl", "myJDBCUser", "myJDBCPasswd");
"mYJDBCUrl", "myJDBCUser", myJDBCPasswd);

Check failure

Code scanning / SonarCloud

Credentials should not be hard-coded High

Revoke and change this password, as it is compromised. See more on SonarQube Cloud
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Jan 22, 2026

SonarQube reviewer guide

Summary: Downgrade Java from 21 to 17, update Sonar configuration, and remove vulnerable/complex code methods.

Review Focus: Removal of SQL injection vulnerable findItem() method and virtual thread implementation connectToExternalUrlConcurrently(). Hardcoded password in newConnect() remains a security issue.

Start review at: src/main/java/demo/security/util/DBUtils.java. Contains critical security changes including removed vulnerable methods and a remaining hardcoded credential that needs addressing.

💬 Please send your feedback

Review in SonarQube
See all code changes, issues, and quality metrics in one place.

Quality Gate Failed Quality Gate failed

Failed conditions
5 New issues
0.0% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jonathanvila @github-advanced-security