From 037056b3a72b573709fab310073ce09a8afeb557 Mon Sep 17 00:00:00 2001
From: Niklas Henrich <niklas.henrich@code-intelligence.com>
Date: Tue, 27 Jun 2023 15:47:15 +0200
Subject: [PATCH] Adding two vulnerabilities

---
 .github/workflows/main.yml                    |  4 +--
 .../controller/GreetEndpointController.java   |  3 +-
 .../controller/HelloEndpointController.java   |  3 +-
 .../com/example/app/GreetEndpointTests.java   | 35 ++++++++++---------
 .../com/example/app/HelloEndpointTests.java   | 35 ++++++++++---------
 5 files changed, 42 insertions(+), 38 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 1524706..95d604c 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -16,7 +16,7 @@ env:
   WEB_APP_ADDRESS: https://app.code-intelligence.com
   # Directory in which the repository will be cloned.
   CHECKOUT_DIR: checkout-dir/
-  CIFUZZ_DOWNLOAD_URL: "https://github.com/CodeIntelligenceTesting/cifuzz/releases/latest/download/cifuzz_installer_linux_amd64"
+  CIFUZZ_DOWNLOAD_URL: "https://github.com/CodeIntelligenceTesting/cifuzz/releases/download/v2.18.0/cifuzz_installer_linux_amd64"
   CIFUZZ_INSTALL_DIR: ./cifuzz
   FUZZING_ARTIFACT: fuzzing-artifact.tar.gz
 jobs:
@@ -42,7 +42,7 @@ jobs:
           cd $CHECKOUT_DIR/
           $GITHUB_WORKSPACE/$CIFUZZ_INSTALL_DIR/bin/cifuzz bundle \
             --commit $GITHUB_SHA \
-            --branch $GITHUB_REF_NAME \
+            --branch $GITHUB_HEAD_REF \
             --output $GITHUB_WORKSPACE/$CHECKOUT_DIR/$FUZZING_ARTIFACT
         shell: "bash"
       - id: start-fuzzing
diff --git a/src/main/java/com/example/app/controller/GreetEndpointController.java b/src/main/java/com/example/app/controller/GreetEndpointController.java
index b37c1bf..a27186d 100644
--- a/src/main/java/com/example/app/controller/GreetEndpointController.java
+++ b/src/main/java/com/example/app/controller/GreetEndpointController.java
@@ -20,7 +20,8 @@ public String greet(@RequestParam(required = false, defaultValue = "World") Stri
                     conn.createStatement().execute(query);
                     conn.close();
                 }
-            } catch (SQLException ignored) {}
+            } catch (SQLException ignored) {
+            }
         }
 
         return "Greetings " + name + "!";
diff --git a/src/main/java/com/example/app/controller/HelloEndpointController.java b/src/main/java/com/example/app/controller/HelloEndpointController.java
index 445f354..548993b 100644
--- a/src/main/java/com/example/app/controller/HelloEndpointController.java
+++ b/src/main/java/com/example/app/controller/HelloEndpointController.java
@@ -14,7 +14,8 @@ public String hello(@RequestParam(required = false, defaultValue = "World") Stri
             String className = name.substring(8);
             try {
                 Class.forName(className).getConstructor().newInstance();
-            } catch (Exception ignored){}
+            } catch (Exception ignored) {
+            }
         }
         return "Hello " + name + "!";
     }
diff --git a/src/test/java/com/example/app/GreetEndpointTests.java b/src/test/java/com/example/app/GreetEndpointTests.java
index b3304ff..28d733c 100644
--- a/src/test/java/com/example/app/GreetEndpointTests.java
+++ b/src/test/java/com/example/app/GreetEndpointTests.java
@@ -27,22 +27,23 @@
 
 @WebMvcTest()
 public class GreetEndpointTests {
-  @Autowired private MockMvc mockMvc;
-
-  @Test
-  public void unitTestGreetDeveloper() throws Exception {
-    mockMvc.perform(get("/greet").param("name", "Developer"));
-  }
-
-  @Test
-  public void unitTestGreetContributor() throws Exception {
-    mockMvc.perform(get("/greet").param("name", "Contributor"));
-  }
-
-  @FuzzTest
-  public void fuzzTestGreet(FuzzedDataProvider data) throws Exception {
-    String name = data.consumeRemainingAsString();
-    mockMvc.perform(get("/greet").param("name", name));
-  }
+    @Autowired
+    private MockMvc mockMvc;
+
+    @Test
+    public void unitTestGreetDeveloper() throws Exception {
+        mockMvc.perform(get("/greet").param("name", "Developer"));
+    }
+
+    @Test
+    public void unitTestGreetContributor() throws Exception {
+        mockMvc.perform(get("/greet").param("name", "Contributor"));
+    }
+
+    @FuzzTest
+    public void fuzzTestGreet(FuzzedDataProvider data) throws Exception {
+        String name = data.consumeRemainingAsString();
+        mockMvc.perform(get("/greet").param("name", name));
+    }
 
 }
diff --git a/src/test/java/com/example/app/HelloEndpointTests.java b/src/test/java/com/example/app/HelloEndpointTests.java
index 4718297..7bafbf9 100644
--- a/src/test/java/com/example/app/HelloEndpointTests.java
+++ b/src/test/java/com/example/app/HelloEndpointTests.java
@@ -27,22 +27,23 @@
 
 @WebMvcTest()
 public class HelloEndpointTests {
-  @Autowired private MockMvc mockMvc;
-
-  @Test
-  public void unitTestHelloDeveloper() throws Exception {
-    mockMvc.perform(get("/hello").param("name", "Developer"));
-  }
-
-  @Test
-  public void unitTestHelloContributor() throws Exception {
-    mockMvc.perform(get("/hello").param("name", "Contributor"));
-  }
-
-  @FuzzTest
-  public void fuzzTestHello(FuzzedDataProvider data) throws Exception {
-    String name = data.consumeRemainingAsString();
-    mockMvc.perform(get("/hello").param("name", name));
-  }
+    @Autowired
+    private MockMvc mockMvc;
+
+    @Test
+    public void unitTestHelloDeveloper() throws Exception {
+        mockMvc.perform(get("/hello").param("name", "Developer"));
+    }
+
+    @Test
+    public void unitTestHelloContributor() throws Exception {
+        mockMvc.perform(get("/hello").param("name", "Contributor"));
+    }
+
+    @FuzzTest
+    public void fuzzTestHello(FuzzedDataProvider data) throws Exception {
+        String name = data.consumeRemainingAsString();
+        mockMvc.perform(get("/hello").param("name", name));
+    }
 
 }