Skip to content

Update HelloController.java #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
layro01 wants to merge 1 commit into
base: master
Choose a base branch
from

Update HelloController.java

7adde5c
Select commit
Loading
Failed to load commit list.
Open

Update HelloController.java #5

Update HelloController.java
7adde5c
Select commit
Loading
Failed to load commit list.
DryRunSecurity / Cross-Site Scripting Analyzer failed Apr 23, 2026 in 3s

DryRun Security

Details

Cross-Site Scripting Analyzer Findings: 1 detected

⚠️ Potential Cross-Site Scripting src/main/java/com/veracode/iast/samples/apigoat/HelloController.java (click for details)
Type Potential Cross-Site Scripting
Description The controller reads an HTTP request parameter and returns it directly in the response body without any encoding or sanitization.
Filename src/main/java/com/veracode/iast/samples/apigoat/HelloController.java
CodeLink

java-api-goat/src/main/java/com/veracode/iast/samples/apigoat/HelloController.java

Lines 19 to 21 in 7adde5c

return String.format(template, param);
}
}
View more details on DryRunSecurity