This repo is developed for comparing codeql and fortify scan results.
Vulnerability Type | File:line | CodeQL | Fortify |
---|---|---|---|
XSS | CourseController:33 | ☑️ true positive | ❌ false negative |
XXE | CourseController:43 | ☑️ true positive | ☑️ true positive |
XSS | hello.jsp:8 | ☑️ true negative | ☑️ true negative |
Path Manipulation | CourseController:67 | ☑️ true positive | ❌ false negative |
Vulnerability Type | File:line | CodeQL | Fortify |
---|---|---|---|
XXE | CourseController:54 | ☑️ true negative | ❌ false positive |
Cross-site scripting vulnerability due to user-provided value.
Unsafe parsing of XML file from user input.
Parsing user-controlled XML reosurce
Cross-site scripting for jsp file