diff --git a/instructions.md b/instructions.md new file mode 100644 index 000000000..14b3c495f --- /dev/null +++ b/instructions.md @@ -0,0 +1,162 @@ +# Spring PetClinic Sample Application [![Build Status](https://github.com/spring-projects/spring-petclinic/actions/workflows/maven-build.yml/badge.svg)](https://github.com/spring-projects/spring-petclinic/actions/workflows/maven-build.yml) + +[![Open in Gitpod](https://gitpod.io/button/open-in-gitpod.svg)](https://gitpod.io/#https://github.com/spring-projects/spring-petclinic) [![Open in GitHub Codespaces](https://github.com/codespaces/badge.svg)](https://github.com/codespaces/new?hide_repo_select=true&ref=main&repo=7517918) + +## Understanding the Spring Petclinic application with a few diagrams + +[See the presentation here](https://speakerdeck.com/michaelisvy/spring-petclinic-sample-application) + +## Run Petclinic locally + +Spring Petclinic is a [Spring Boot](https://spring.io/guides/gs/spring-boot) application built using [Maven](https://spring.io/guides/gs/maven/) or [Gradle](https://spring.io/guides/gs/gradle/). You can build a jar file and run it from the command line (it should work just as well with Java 17 or newer): + +```bash +git clone https://github.com/spring-projects/spring-petclinic.git +cd spring-petclinic +./mvnw package +java -jar target/*.jar +``` + +You can then access the Petclinic at . + +petclinic-screenshot + +Or you can run it from Maven directly using the Spring Boot Maven plugin. If you do this, it will pick up changes that you make in the project immediately (changes to Java source files require a compile as well - most people use an IDE for this): + +```bash +./mvnw spring-boot:run +``` + +> NOTE: If you prefer to use Gradle, you can build the app using `./gradlew build` and look for the jar file in `build/libs`. + +## Building a Container + +There is no `Dockerfile` in this project. You can build a container image (if you have a docker daemon) using the Spring Boot build plugin: + +```bash +./mvnw spring-boot:build-image +``` + +## In case you find a bug/suggested improvement for Spring Petclinic + +Our issue tracker is available [here](https://github.com/spring-projects/spring-petclinic/issues). + +## Database configuration + +In its default configuration, Petclinic uses an in-memory database (H2) which +gets populated at startup with data. The h2 console is exposed at `http://localhost:8080/h2-console`, +and it is possible to inspect the content of the database using the `jdbc:h2:mem:` URL. The UUID is printed at startup to the console. + +A similar setup is provided for MySQL and PostgreSQL if a persistent database configuration is needed. Note that whenever the database type changes, the app needs to run with a different profile: `spring.profiles.active=mysql` for MySQL or `spring.profiles.active=postgres` for PostgreSQL. + +You can start MySQL or PostgreSQL locally with whatever installer works for your OS or use docker: + +```bash +docker run -e MYSQL_USER=petclinic -e MYSQL_PASSWORD=petclinic -e MYSQL_ROOT_PASSWORD=root -e MYSQL_DATABASE=petclinic -p 3306:3306 mysql:8.4 +``` + +or + +```bash +docker run -e POSTGRES_USER=petclinic -e POSTGRES_PASSWORD=petclinic -e POSTGRES_DB=petclinic -p 5432:5432 postgres:16.3 +``` + +Further documentation is provided for [MySQL](https://github.com/spring-projects/spring-petclinic/blob/main/src/main/resources/db/mysql/petclinic_db_setup_mysql.txt) +and [PostgreSQL](https://github.com/spring-projects/spring-petclinic/blob/main/src/main/resources/db/postgres/petclinic_db_setup_postgres.txt). + +Instead of vanilla `docker` you can also use the provided `docker-compose.yml` file to start the database containers. Each one has a profile just like the Spring profile: + +```bash +docker-compose --profile mysql up +``` + +or + +```bash +docker-compose --profile postgres up +``` + +## Test Applications + +At development time we recommend you use the test applications set up as `main()` methods in `PetClinicIntegrationTests` (using the default H2 database and also adding Spring Boot Devtools), `MySqlTestApplication` and `PostgresIntegrationTests`. These are set up so that you can run the apps in your IDE to get fast feedback and also run the same classes as integration tests against the respective database. The MySql integration tests use Testcontainers to start the database in a Docker container, and the Postgres tests use Docker Compose to do the same thing. + +## Compiling the CSS + +There is a `petclinic.css` in `src/main/resources/static/resources/css`. It was generated from the `petclinic.scss` source, combined with the [Bootstrap](https://getbootstrap.com/) library. If you make changes to the `scss`, or upgrade Bootstrap, you will need to re-compile the CSS resources using the Maven profile "css", i.e. `./mvnw package -P css`. There is no build profile for Gradle to compile the CSS. + +## Working with Petclinic in your IDE + +### Prerequisites + +The following items should be installed in your system: + +- Java 17 or newer (full JDK, not a JRE) +- [Git command line tool](https://help.github.com/articles/set-up-git) +- Your preferred IDE + - Eclipse with the m2e plugin. Note: when m2e is available, there is an m2 icon in `Help -> About` dialog. If m2e is + not there, follow the install process [here](https://www.eclipse.org/m2e/) + - [Spring Tools Suite](https://spring.io/tools) (STS) + - [IntelliJ IDEA](https://www.jetbrains.com/idea/) + - [VS Code](https://code.visualstudio.com) + +### Steps + +1. On the command line run: + + ```bash + git clone https://github.com/spring-projects/spring-petclinic.git + ``` + +1. Inside Eclipse or STS: + + Open the project via `File -> Import -> Maven -> Existing Maven project`, then select the root directory of the cloned repo. + + Then either build on the command line `./mvnw generate-resources` or use the Eclipse launcher (right-click on project and `Run As -> Maven install`) to generate the CSS. Run the application's main method by right-clicking on it and choosing `Run As -> Java Application`. + +1. Inside IntelliJ IDEA: + + In the main menu, choose `File -> Open` and select the Petclinic [pom.xml](pom.xml). Click on the `Open` button. + + - CSS files are generated from the Maven build. You can build them on the command line `./mvnw generate-resources` or right-click on the `spring-petclinic` project then `Maven -> Generates sources and Update Folders`. + + - A run configuration named `PetClinicApplication` should have been created for you if you're using a recent Ultimate version. Otherwise, run the application by right-clicking on the `PetClinicApplication` main class and choosing `Run 'PetClinicApplication'`. + +1. Navigate to the Petclinic + + Visit [http://localhost:8080](http://localhost:8080) in your browser. + +## Looking for something in particular? + +|Spring Boot Configuration | Class or Java property files | +|--------------------------|---| +|The Main Class | [PetClinicApplication](https://github.com/spring-projects/spring-petclinic/blob/main/src/main/java/org/springframework/samples/petclinic/PetClinicApplication.java) | +|Properties Files | [application.properties](https://github.com/spring-projects/spring-petclinic/blob/main/src/main/resources) | +|Caching | [CacheConfiguration](https://github.com/spring-projects/spring-petclinic/blob/main/src/main/java/org/springframework/samples/petclinic/system/CacheConfiguration.java) | + +## Interesting Spring Petclinic branches and forks + +The Spring Petclinic "main" branch in the [spring-projects](https://github.com/spring-projects/spring-petclinic) +GitHub org is the "canonical" implementation based on Spring Boot and Thymeleaf. There are +[quite a few forks](https://spring-petclinic.github.io/docs/forks.html) in the GitHub org +[spring-petclinic](https://github.com/spring-petclinic). If you are interested in using a different technology stack to implement the Pet Clinic, please join the community there. + +## Interaction with other open-source projects + +One of the best parts about working on the Spring Petclinic application is that we have the opportunity to work in direct contact with many Open Source projects. We found bugs/suggested improvements on various topics such as Spring, Spring Data, Bean Validation and even Eclipse! In many cases, they've been fixed/implemented in just a few days. +Here is a list of them: + +| Name | Issue | +|------|-------| +| Spring JDBC: simplify usage of NamedParameterJdbcTemplate | [SPR-10256](https://jira.springsource.org/browse/SPR-10256) and [SPR-10257](https://jira.springsource.org/browse/SPR-10257) | +| Bean Validation / Hibernate Validator: simplify Maven dependencies and backward compatibility |[HV-790](https://hibernate.atlassian.net/browse/HV-790) and [HV-792](https://hibernate.atlassian.net/browse/HV-792) | +| Spring Data: provide more flexibility when working with JPQL queries | [DATAJPA-292](https://jira.springsource.org/browse/DATAJPA-292) | + +## Contributing + +The [issue tracker](https://github.com/spring-projects/spring-petclinic/issues) is the preferred channel for bug reports, feature requests and submitting pull requests. + +For pull requests, editor preferences are available in the [editor config](.editorconfig) for easy use in common text editors. Read more and download plugins at . If you have not previously done so, please fill out and submit the [Contributor License Agreement](https://cla.pivotal.io/sign/spring). + +## License + +The Spring PetClinic sample application is released under version 2.0 of the [Apache License](https://www.apache.org/licenses/LICENSE-2.0). diff --git a/readme.md b/readme.md index 14b3c495f..919aa31b9 100644 --- a/readme.md +++ b/readme.md @@ -1,162 +1,59 @@ -# Spring PetClinic Sample Application [![Build Status](https://github.com/spring-projects/spring-petclinic/actions/workflows/maven-build.yml/badge.svg)](https://github.com/spring-projects/spring-petclinic/actions/workflows/maven-build.yml) +# Setting up Jenkins -[![Open in Gitpod](https://gitpod.io/button/open-in-gitpod.svg)](https://gitpod.io/#https://github.com/spring-projects/spring-petclinic) [![Open in GitHub Codespaces](https://github.com/codespaces/badge.svg)](https://github.com/codespaces/new?hide_repo_select=true&ref=main&repo=7517918) +## Steps 1: Set up Jenkins in Docker -## Understanding the Spring Petclinic application with a few diagrams +1. Create a DockerFile with the following content: -[See the presentation here](https://speakerdeck.com/michaelisvy/spring-petclinic-sample-application) - -## Run Petclinic locally - -Spring Petclinic is a [Spring Boot](https://spring.io/guides/gs/spring-boot) application built using [Maven](https://spring.io/guides/gs/maven/) or [Gradle](https://spring.io/guides/gs/gradle/). You can build a jar file and run it from the command line (it should work just as well with Java 17 or newer): - -```bash -git clone https://github.com/spring-projects/spring-petclinic.git -cd spring-petclinic -./mvnw package -java -jar target/*.jar -``` - -You can then access the Petclinic at . - -petclinic-screenshot - -Or you can run it from Maven directly using the Spring Boot Maven plugin. If you do this, it will pick up changes that you make in the project immediately (changes to Java source files require a compile as well - most people use an IDE for this): - -```bash -./mvnw spring-boot:run -``` - -> NOTE: If you prefer to use Gradle, you can build the app using `./gradlew build` and look for the jar file in `build/libs`. - -## Building a Container - -There is no `Dockerfile` in this project. You can build a container image (if you have a docker daemon) using the Spring Boot build plugin: - -```bash -./mvnw spring-boot:build-image -``` - -## In case you find a bug/suggested improvement for Spring Petclinic - -Our issue tracker is available [here](https://github.com/spring-projects/spring-petclinic/issues). - -## Database configuration - -In its default configuration, Petclinic uses an in-memory database (H2) which -gets populated at startup with data. The h2 console is exposed at `http://localhost:8080/h2-console`, -and it is possible to inspect the content of the database using the `jdbc:h2:mem:` URL. The UUID is printed at startup to the console. - -A similar setup is provided for MySQL and PostgreSQL if a persistent database configuration is needed. Note that whenever the database type changes, the app needs to run with a different profile: `spring.profiles.active=mysql` for MySQL or `spring.profiles.active=postgres` for PostgreSQL. - -You can start MySQL or PostgreSQL locally with whatever installer works for your OS or use docker: - -```bash -docker run -e MYSQL_USER=petclinic -e MYSQL_PASSWORD=petclinic -e MYSQL_ROOT_PASSWORD=root -e MYSQL_DATABASE=petclinic -p 3306:3306 mysql:8.4 -``` - -or - -```bash -docker run -e POSTGRES_USER=petclinic -e POSTGRES_PASSWORD=petclinic -e POSTGRES_DB=petclinic -p 5432:5432 postgres:16.3 -``` - -Further documentation is provided for [MySQL](https://github.com/spring-projects/spring-petclinic/blob/main/src/main/resources/db/mysql/petclinic_db_setup_mysql.txt) -and [PostgreSQL](https://github.com/spring-projects/spring-petclinic/blob/main/src/main/resources/db/postgres/petclinic_db_setup_postgres.txt). - -Instead of vanilla `docker` you can also use the provided `docker-compose.yml` file to start the database containers. Each one has a profile just like the Spring profile: - -```bash -docker-compose --profile mysql up -``` - -or - -```bash -docker-compose --profile postgres up -``` - -## Test Applications - -At development time we recommend you use the test applications set up as `main()` methods in `PetClinicIntegrationTests` (using the default H2 database and also adding Spring Boot Devtools), `MySqlTestApplication` and `PostgresIntegrationTests`. These are set up so that you can run the apps in your IDE to get fast feedback and also run the same classes as integration tests against the respective database. The MySql integration tests use Testcontainers to start the database in a Docker container, and the Postgres tests use Docker Compose to do the same thing. - -## Compiling the CSS - -There is a `petclinic.css` in `src/main/resources/static/resources/css`. It was generated from the `petclinic.scss` source, combined with the [Bootstrap](https://getbootstrap.com/) library. If you make changes to the `scss`, or upgrade Bootstrap, you will need to re-compile the CSS resources using the Maven profile "css", i.e. `./mvnw package -P css`. There is no build profile for Gradle to compile the CSS. - -## Working with Petclinic in your IDE - -### Prerequisites - -The following items should be installed in your system: - -- Java 17 or newer (full JDK, not a JRE) -- [Git command line tool](https://help.github.com/articles/set-up-git) -- Your preferred IDE - - Eclipse with the m2e plugin. Note: when m2e is available, there is an m2 icon in `Help -> About` dialog. If m2e is - not there, follow the install process [here](https://www.eclipse.org/m2e/) - - [Spring Tools Suite](https://spring.io/tools) (STS) - - [IntelliJ IDEA](https://www.jetbrains.com/idea/) - - [VS Code](https://code.visualstudio.com) - -### Steps - -1. On the command line run: - - ```bash - git clone https://github.com/spring-projects/spring-petclinic.git + ```dockerfile + FROM jenkins/jenkins:lts + USER root + RUN apt-get update && apt-get install -y docker.io + USER jenkins ``` -1. Inside Eclipse or STS: +2. Build and Run Jenkins: - Open the project via `File -> Import -> Maven -> Existing Maven project`, then select the root directory of the cloned repo. + ```bash + docker build -t my-jenkins jenkins/ + docker run -d --name jenkins --network devsecops-network -p 8081:8081 -v jenkins_home:/var/jenkins_home my-jenkins + ``` - Then either build on the command line `./mvnw generate-resources` or use the Eclipse launcher (right-click on project and `Run As -> Maven install`) to generate the CSS. Run the application's main method by right-clicking on it and choosing `Run As -> Java Application`. +3. Go to [http://localhost:8081/](http://localhost:8081/) -1. Inside IntelliJ IDEA: +4. Set up/install plugins - In the main menu, choose `File -> Open` and select the Petclinic [pom.xml](pom.xml). Click on the `Open` button. +5. When asked for a password, run the following command: - - CSS files are generated from the Maven build. You can build them on the command line `./mvnw generate-resources` or right-click on the `spring-petclinic` project then `Maven -> Generates sources and Update Folders`. + ```bash + docker exec b946b28cf4b3ce018871fa319494d7add5e1d6806ee3a2e05bb6262c57a8b3a1 cat /var/jenkins_home/secrets/initialAdminPassword + ``` - - A run configuration named `PetClinicApplication` should have been created for you if you're using a recent Ultimate version. Otherwise, run the application by right-clicking on the `PetClinicApplication` main class and choosing `Run 'PetClinicApplication'`. + Access Jenkins at: [http://localhost:8081/jenkins](http://localhost:8081/jenkins) -1. Navigate to the Petclinic +## Steps 2: Create Jenkins Pipeline - Visit [http://localhost:8080](http://localhost:8080) in your browser. +1. Access Jenkins: Open [http://localhost:8081](http://localhost:8081) and set up Jenkins. Install the suggested plugins. -## Looking for something in particular? +2. Install Required Plugins: + - Go to Manage Jenkins > Manage Plugins and install the following plugins: + - Pipeline + - Git + - GitHub Integration + - Docker Pipeline -|Spring Boot Configuration | Class or Java property files | -|--------------------------|---| -|The Main Class | [PetClinicApplication](https://github.com/spring-projects/spring-petclinic/blob/main/src/main/java/org/springframework/samples/petclinic/PetClinicApplication.java) | -|Properties Files | [application.properties](https://github.com/spring-projects/spring-petclinic/blob/main/src/main/resources) | -|Caching | [CacheConfiguration](https://github.com/spring-projects/spring-petclinic/blob/main/src/main/java/org/springframework/samples/petclinic/system/CacheConfiguration.java) | +3. Create a New Pipeline Job: + - Go to Jenkins Dashboard. + - Click on **New Item**. + - Enter a name for your pipeline (e.g., Spring PetClinic Pipeline). + - Select **Pipeline** and click **OK**. -## Interesting Spring Petclinic branches and forks +4. Configure the Pipeline: + - In the pipeline configuration, scroll down to the Pipeline section. + - Set **Definition** to **Pipeline script**. + - Write the script to configure the Pipeline. -The Spring Petclinic "main" branch in the [spring-projects](https://github.com/spring-projects/spring-petclinic) -GitHub org is the "canonical" implementation based on Spring Boot and Thymeleaf. There are -[quite a few forks](https://spring-petclinic.github.io/docs/forks.html) in the GitHub org -[spring-petclinic](https://github.com/spring-petclinic). If you are interested in using a different technology stack to implement the Pet Clinic, please join the community there. - -## Interaction with other open-source projects - -One of the best parts about working on the Spring Petclinic application is that we have the opportunity to work in direct contact with many Open Source projects. We found bugs/suggested improvements on various topics such as Spring, Spring Data, Bean Validation and even Eclipse! In many cases, they've been fixed/implemented in just a few days. -Here is a list of them: - -| Name | Issue | -|------|-------| -| Spring JDBC: simplify usage of NamedParameterJdbcTemplate | [SPR-10256](https://jira.springsource.org/browse/SPR-10256) and [SPR-10257](https://jira.springsource.org/browse/SPR-10257) | -| Bean Validation / Hibernate Validator: simplify Maven dependencies and backward compatibility |[HV-790](https://hibernate.atlassian.net/browse/HV-790) and [HV-792](https://hibernate.atlassian.net/browse/HV-792) | -| Spring Data: provide more flexibility when working with JPQL queries | [DATAJPA-292](https://jira.springsource.org/browse/DATAJPA-292) | - -## Contributing - -The [issue tracker](https://github.com/spring-projects/spring-petclinic/issues) is the preferred channel for bug reports, feature requests and submitting pull requests. - -For pull requests, editor preferences are available in the [editor config](.editorconfig) for easy use in common text editors. Read more and download plugins at . If you have not previously done so, please fill out and submit the [Contributor License Agreement](https://cla.pivotal.io/sign/spring). - -## License - -The Spring PetClinic sample application is released under version 2.0 of the [Apache License](https://www.apache.org/licenses/LICENSE-2.0). +5. Run the Pipeline: + - Save the Pipeline configuration by clicking **Save**. + - Go back to the Jenkins dashboard. + - Select your pipeline job. + - Click on **Build Now** to run the pipeline. diff --git a/spring-petclinic.yml b/spring-petclinic.yml index aa0c2967a..6786b3809 100644 --- a/spring-petclinic.yml +++ b/spring-petclinic.yml @@ -1,3 +1,5 @@ +version: '3' + services: petclinic: build: @@ -48,10 +50,30 @@ services: environment: - JENKINS_OPTS=--prefix=/jenkins + zap: + image: ghcr.io/zaproxy/zaproxy:stable + command: zap-baseline.py -t http://petclinic:8080 -g gen.conf -r zap-report.html + volumes: + - ./zap-report:/zap/wrk:rw + networks: + - custom-network + depends_on: + - petclinic + + sonarqube: + image: sonarqube:latest + ports: + - "9000:9000" + networks: + - custom-network + depends_on: + - petclinic + + volumes: prometheus_data: grafana_data: jenkins_data: networks: - custom-network: \ No newline at end of file + custom-network: diff --git a/zap-report/zap-report.html b/zap-report/zap-report.html index 0fab1f74a..06a20f09c 100644 --- a/zap-report/zap-report.html +++ b/zap-report/zap-report.html @@ -122,12 +122,12 @@ td {

- Site: http://localhost:8080 + Site: http://petclinic:8080

- Generated on Sun, 21 Jul 2024 03:17:02 + Generated on Sun, 21 Jul 2024 23:02:25

@@ -245,7 +245,7 @@ td { X-Content-Type-Options Header Missing Low - 11 + 12 Information Disclosure - Suspicious Comments @@ -313,7 +313,7 @@ td { URL - http://localhost:8080/owners/find + http://petclinic:8080/owners/find URL - http://localhost:8080/owners/new + http://petclinic:8080/owners/new URL - http://localhost:8080/owners?lastName=ZAP + http://petclinic:8080/owners?lastName=ZAP URL - http://localhost:8080/owners/new + http://petclinic:8080/owners/new URL - http://localhost:8080 + http://petclinic:8080 URL - http://localhost:8080/ + http://petclinic:8080/ URL - http://localhost:8080/owners/find + http://petclinic:8080/owners/find URL - http://localhost:8080/owners/new + http://petclinic:8080/owners/new URL - http://localhost:8080/owners?lastName=ZAP + http://petclinic:8080/owners?lastName=ZAP URL - http://localhost:8080/vets.html + http://petclinic:8080/vets.html URL - http://localhost:8080/vets.html?page=1 + http://petclinic:8080/vets.html?page=1 URL - http://localhost:8080/vets.html?page=2 + http://petclinic:8080/vets.html?page=2 URL - http://localhost:8080/owners/new + http://petclinic:8080/owners/new URL - http://localhost:8080 + http://petclinic:8080 URL - http://localhost:8080/ + http://petclinic:8080/ URL - http://localhost:8080/owners/find + http://petclinic:8080/owners/find URL - http://localhost:8080/owners/new + http://petclinic:8080/owners/new URL - http://localhost:8080/owners?lastName=ZAP + http://petclinic:8080/owners?lastName=ZAP URL - http://localhost:8080/vets.html + http://petclinic:8080/vets.html URL - http://localhost:8080/vets.html?page=1 + http://petclinic:8080/vets.html?page=1 URL - http://localhost:8080/vets.html?page=2 + http://petclinic:8080/vets.html?page=2 URL - http://localhost:8080/owners/new + http://petclinic:8080/owners/new URL - http://localhost:8080 + http://petclinic:8080 URL - http://localhost:8080 + http://petclinic:8080 URL - http://localhost:8080/ + http://petclinic:8080/ URL - http://localhost:8080/ + http://petclinic:8080/ URL - http://localhost:8080/owners/find + http://petclinic:8080/owners/find URL - http://localhost:8080/owners/find + http://petclinic:8080/owners/find URL - http://localhost:8080/owners/new + http://petclinic:8080/owners?lastName=ZAP URL - http://localhost:8080/owners/new + http://petclinic:8080/owners?lastName=ZAP URL - http://localhost:8080/owners?lastName=ZAP + http://petclinic:8080/vets.html URL - http://localhost:8080/owners?lastName=ZAP + http://petclinic:8080/vets.html URL - http://localhost:8080/oups + http://petclinic:8080/oups URL - http://localhost:8080 + http://petclinic:8080 URL - http://localhost:8080 + http://petclinic:8080 URL - http://localhost:8080/ + http://petclinic:8080/ URL - http://localhost:8080/ + http://petclinic:8080/ URL - http://localhost:8080/owners/find + http://petclinic:8080/owners/find URL - http://localhost:8080/owners/find + http://petclinic:8080/owners/find URL - http://localhost:8080/owners/new + http://petclinic:8080/owners?lastName=ZAP URL - http://localhost:8080/owners/new + http://petclinic:8080/owners?lastName=ZAP URL - http://localhost:8080/owners?lastName=ZAP + http://petclinic:8080/vets.html URL - http://localhost:8080/owners?lastName=ZAP + http://petclinic:8080/vets.html URL - http://localhost:8080/owners/new + http://petclinic:8080/owners/new URL - http://localhost:8080/owners/new + http://petclinic:8080/owners/new URL - http://localhost:8080/oups + http://petclinic:8080/oups URL - http://localhost:8080 + http://petclinic:8080 URL - http://localhost:8080/ + http://petclinic:8080/ URL - http://localhost:8080/owners/find + http://petclinic:8080/owners/find URL - http://localhost:8080/owners/new + http://petclinic:8080/owners/new URL - http://localhost:8080/owners?lastName=ZAP + http://petclinic:8080/owners?lastName=ZAP URL - http://localhost:8080/vets.html + http://petclinic:8080/vets.html URL - http://localhost:8080/vets.html?page=1 + http://petclinic:8080/vets.html?page=1 URL - http://localhost:8080/vets.html?page=2 + http://petclinic:8080/vets.html?page=2 URL - http://localhost:8080/webjars/bootstrap/5.3.3/dist/js/bootstrap.bundle.min.js + http://petclinic:8080/webjars/bootstrap/5.3.3/dist/js/bootstrap.bundle.min.js URL - http://localhost:8080/owners/new + http://petclinic:8080/owners/new URL - http://localhost:8080 + http://petclinic:8080 URL - http://localhost:8080/ + http://petclinic:8080/ URL - http://localhost:8080/owners/find + http://petclinic:8080/owners/find URL - http://localhost:8080/owners/new + http://petclinic:8080/owners/new URL - http://localhost:8080/owners?lastName=ZAP + http://petclinic:8080/owners?lastName=ZAP URL - http://localhost:8080/resources/css/petclinic.css + http://petclinic:8080/resources/css/petclinic.css URL - http://localhost:8080/resources/images/favicon.png + http://petclinic:8080/resources/images/favicon.png URL - http://localhost:8080/resources/images/pets.png + http://petclinic:8080/resources/images/pets.png URL - http://localhost:8080/resources/images/spring-logo.svg + http://petclinic:8080/resources/images/spring-logo.svg URL - http://localhost:8080/webjars/bootstrap/5.3.3/dist/js/bootstrap.bundle.min.js + http://petclinic:8080/vets.html URL - http://localhost:8080/webjars/font-awesome/4.7.0/css/font-awesome.min.css + http://petclinic:8080/webjars/bootstrap/5.3.3/dist/js/bootstrap.bundle.min.js + + + Method + GET + + + Parameter + x-content-type-options + + + Attack + + + + Evidence + + + + Other Info + This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. +At "High" threshold this scan rule will not alert on client or server error responses. + + + + URL + http://petclinic:8080/webjars/font-awesome/4.7.0/css/font-awesome.min.css Instances - 11 + 12 Solution @@ -2955,7 +2987,7 @@ At "High" threshold this scan rule will not alert on client or server URL - http://localhost:8080/webjars/bootstrap/5.3.3/dist/js/bootstrap.bundle.min.js + http://petclinic:8080/webjars/bootstrap/5.3.3/dist/js/bootstrap.bundle.min.js URL - http://localhost:8080/oups + http://petclinic:8080/oups URL - http://localhost:8080 + http://petclinic:8080 URL - http://localhost:8080/ + http://petclinic:8080/ URL - http://localhost:8080/owners/find + http://petclinic:8080/owners/find URL - http://localhost:8080/resources/css/petclinic.css + http://petclinic:8080/resources/css/petclinic.css URL - http://localhost:8080/resources/images/favicon.png + http://petclinic:8080/resources/images/favicon.png URL - http://localhost:8080/resources/images/pets.png + http://petclinic:8080/resources/images/pets.png URL - http://localhost:8080/resources/images/spring-logo.svg + http://petclinic:8080/resources/images/spring-logo.svg URL - http://localhost:8080/robots.txt + http://petclinic:8080/robots.txt URL - http://localhost:8080/sitemap.xml + http://petclinic:8080/sitemap.xml URL - http://localhost:8080/webjars/font-awesome/4.7.0/css/font-awesome.min.css + http://petclinic:8080/webjars/font-awesome/4.7.0/css/font-awesome.min.css URL - http://localhost:8080/owners?lastName=ZAP + http://petclinic:8080/owners?lastName=ZAP Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: -http://localhost:8080/owners?lastName=ZAP +http://petclinic:8080/owners?lastName=ZAP appears to include user input in: @@ -3583,7 +3615,7 @@ zap URL - http://localhost:8080/owners/new + http://petclinic:8080/owners/new class="indent2">Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: -http://localhost:8080/owners/new +http://petclinic:8080/owners/new appears to include user input in: @@ -3626,7 +3658,7 @@ The user-controlled value was: URL - http://localhost:8080/owners/new + http://petclinic:8080/owners/new Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: -http://localhost:8080/owners/new +http://petclinic:8080/owners/new appears to include user input in: @@ -3669,7 +3701,7 @@ east romaineburgh URL - http://localhost:8080/owners/new + http://petclinic:8080/owners/new class="indent2">Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: -http://localhost:8080/owners/new +http://petclinic:8080/owners/new appears to include user input in: @@ -3712,7 +3744,7 @@ zap URL - http://localhost:8080/owners/new + http://petclinic:8080/owners/new class="indent2">Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: -http://localhost:8080/owners/new +http://petclinic:8080/owners/new appears to include user input in: @@ -3755,7 +3787,7 @@ zap URL - http://localhost:8080/owners/new + http://petclinic:8080/owners/new class="indent2">Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: -http://localhost:8080/owners/new +http://petclinic:8080/owners/new appears to include user input in: