Skip to content
Snippets Groups Projects

EPMOSDU-1401-sast fix

Merged EPMOSDU-1401-sast fix
EPMOSDU-1401-sast-fix into master
Merged Vladimir Korolevskii (EPAM) requested to merge EPMOSDU-1401-sast-fix into master

Description

Checkmarx complains that untrusted data is embedded into the output without proper sanitization or encoding,
enabling an attacker to inject malicious code into the generated web-page.

Piece of spotted code:

image

image

Original message from Checkmarx:

image

What is the current behavior?

No sanitization is provided for untrusted data.

What is the new behavior?

Sanitization is provided for untrusted data.

Does this introduce a breaking change?

No

Edited by Vladimir Korolevskii (EPAM)

Merge request reports

Merge request pipeline #312575 failed

Stage: review
Stage: build
Stage: publish
Stage: deploy
Pipeline: Legal

#312577

    Merge request pipeline failed for 0abf7f0d

    Merged by Rustam Lotsmanenko (EPAM)Rustam Lotsmanenko (EPAM) 1 week ago (Mar 17, 2025 12:31pm UTC)

    Loading

    Pipeline #314079 failed

    Stage: build
    Stage: csp-build
    Stage: coverage
    Stage: containerize
    Stage: scan
    Stage: deploy
    Stage: integration
    Stage: acceptance
    Stage: publish

    Pipeline failed for 3fad3971 on master

    5 environments impacted.

    Activity

    Filter activity
    • Approvals
    • Assignees & reviewers
    • Comments (from bots)
    • Comments (from users)
    • Commits & branches
    • Edits
    • Labels
    • Lock status
    • Mentions
    • Merge request status
    • Tracking
  • Derek Hudson
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
    • Please register or sign in to reply