From 849bd5bcbd5e59931379274ef21c5a670c7fb3f5 Mon Sep 17 00:00:00 2001
From: Priyanka Agarwal <gudia.agar01@gmail.com>
Date: Sun, 26 Sep 2021 19:06:41 +0530
Subject: [PATCH 1/3] Update messages.properties

---
 src/main/resources/i18n/messages.properties | 22 ++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/src/main/resources/i18n/messages.properties b/src/main/resources/i18n/messages.properties
index b789e1f2..e3b4dc65 100755
--- a/src/main/resources/i18n/messages.properties
+++ b/src/main/resources/i18n/messages.properties
@@ -11,12 +11,12 @@ SYSTEM_ERROR=System Error Occurred. please check logs.
 # XSS based Injections
 XSS_VULNERABILITY=Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into \
 otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code,\
- generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed\
+ generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed \
   are quite widespread and occur anywhere a web application uses input from a user within the output \
   it generates without validating or encoding it. <br/> <br/> An attacker can use XSS to send a malicious script to an unsuspecting user.\
-  The end user\u2019s browser has no way to know that the script should not be trusted, and will execute the script.\
-   Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens,\
-    or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content\
+  The end user\u2019s browser has no way to know that the script should not be trusted, and will execute the script. \
+   Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, \
+    or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content \
      of the HTML page. <br/><br/> For more information on XSS: <ol><li><a href="https://owasp.org/www-community/attacks/xss/" target="_blank">Owasp XSS</a> \
      <li><a href="https://www.google.com/about/appsecurity/learning/xss/" target="_blank">Google Application Security</a></ol>
    
@@ -268,21 +268,21 @@ Important Links on SQLInjection : \
 URL_CONTAINING_CAR_ID_PARAMETER=Car Id is passed as a URL Query Parameter named \"id\"
 
 #### AttackVector description
-ERROR_SQL_INJECTION_URL_PARAM_APPENDED_DIRECTLY_TO_QUERY=Query param is directly appended to the SQL Query causing exception in certain scenarios\
+ERROR_SQL_INJECTION_URL_PARAM_APPENDED_DIRECTLY_TO_QUERY=Query param is directly appended to the SQL Query causing exception in certain scenarios \
  and hence exposes the application data.
-ERROR_SQL_INJECTION_URL_PARAM_WRAPPED_WITH_SINGLE_QUOTE_APPENDED_TO_QUERY=Query param is wrapped around "'" and then appended to the SQL Query causing exception in certain scenarios\
+ERROR_SQL_INJECTION_URL_PARAM_WRAPPED_WITH_SINGLE_QUOTE_APPENDED_TO_QUERY=Query param is wrapped around "'" and then appended to the SQL Query causing exception in certain scenarios \
  and hence exposes the application data.
-ERROR_SQL_INJECTION_URL_PARAM_REMOVES_SINGLE_QUOTE_WRAPPED_WITH_SINGLE_QUOTE_APPENDED_TO_QUERY=Single Quote is removed from Query param and then appended to SQL Query by wrapping\
+ERROR_SQL_INJECTION_URL_PARAM_REMOVES_SINGLE_QUOTE_WRAPPED_WITH_SINGLE_QUOTE_APPENDED_TO_QUERY=Single Quote is removed from Query param and then appended to SQL Query by wrapping \
  with "'".
-ERROR_SQL_INJECTION_URL_PARAM_APPENDED_TO_PARAMETERIZED_QUERY=Query param is appended directly to the SQL Query and then a parameterized query is formed. This is to depict that\
+ERROR_SQL_INJECTION_URL_PARAM_APPENDED_TO_PARAMETERIZED_QUERY=Query param is appended directly to the SQL Query and then a parameterized query is formed. This is to depict that \
  proper usage of PreparedStatement is important.
  
-UNION_SQL_INJECTION_URL_PARAM_APPENDED_DIRECTLY_TO_QUERY=Query param is directly appended to the Query and hence \"Union\" keyword can be used to club the results and\
+UNION_SQL_INJECTION_URL_PARAM_APPENDED_DIRECTLY_TO_QUERY=Query param is directly appended to the Query and hence \"Union\" keyword can be used to club the results and \
 extract the application data.
-UNION_SQL_INJECTION_URL_PARAM_WRAPPED_WITH_SINGLE_QUOTE_APPENDED_TO_QUERY=Query param is wrapped around "'" and then appended to the Query and hence \"Union\" keyword can be used to club the results and\
+UNION_SQL_INJECTION_URL_PARAM_WRAPPED_WITH_SINGLE_QUOTE_APPENDED_TO_QUERY=Query param is wrapped around "'" and then appended to the Query and hence \"Union\" keyword can be used to club the results and \
 extract the application data.
 UNION_SQL_INJECTION_URL_PARAM_REMOVES_SINGLE_QUOTE_WITH_SINGLE_QUOTE_APPENDED_TO_QUERY=Single Quote is removed from Query param and then appended to SQL Query by wrapping around "'"\
  hence \"Union\" keyword can be used to club the results and extract the application data.
  
 BLIND_SQL_INJECTION_URL_PARAM_APPENDED_DIRECTLY_TO_QUERY=Query param is directly appended to the Query hence Query can be manipulated.
-BLIND_SQL_INJECTION_URL_PARAM_WRAPPED_WITH_SINGLE_QUOTE_APPENDED_TO_QUERY=Query param is wrapped around "'" and then appended to the SQL Query hence query can be manipulated.
\ No newline at end of file
+BLIND_SQL_INJECTION_URL_PARAM_WRAPPED_WITH_SINGLE_QUOTE_APPENDED_TO_QUERY=Query param is wrapped around "'" and then appended to the SQL Query hence query can be manipulated.

From 608ad4777c5b8e06cffb86a03640287a0d5bf23e Mon Sep 17 00:00:00 2001
From: Priyanka Agarwal <gudia.agar01@gmail.com>
Date: Sun, 26 Sep 2021 19:09:14 +0530
Subject: [PATCH 2/3] Update messages.properties

---
 src/main/resources/i18n/messages.properties | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/main/resources/i18n/messages.properties b/src/main/resources/i18n/messages.properties
index e3b4dc65..7e5a7384 100755
--- a/src/main/resources/i18n/messages.properties
+++ b/src/main/resources/i18n/messages.properties
@@ -64,7 +64,7 @@ data into the target of a redirection in an unsafe way.<br/> An attacker can con
 causes a redirection to an arbitrary external domain. This behavior can be leveraged to facilitate phishing attacks against users of the application.<br/> \
 The ability to use an authentic application URL, targeting the correct domain and with a valid SSL certificate (if SSL is used), lends credibility to \
 the phishing attack because many users, even if they verify these features, will not notice the subsequent redirection to a different domain. \
-<br/><br/> <a href="https://www.w3.org/Protocols/rfc2616/rfc2616.html" target="_blank">RFC 2616 - "Hypertext Transfer Protocol - HTTP/1.1"</a> defines a variety\
+<br/><br/> <a href="https://www.w3.org/Protocols/rfc2616/rfc2616.html" target="_blank">RFC 2616 - "Hypertext Transfer Protocol - HTTP/1.1"</a> defines a variety \
  of 3xx status codes that will cause a browser to redirect to a specified location and this implementation is based on 3xx status codes <br/><br/>\
  Important Links:<ol>\
  <li><a href="http://projects.webappsec.org/w/page/13246981/URL%20Redirector%20Abuse" target="_blank">WASC-38</a><br/></li>\
@@ -154,7 +154,7 @@ XXE_DISABLE_GENERAL_ENTITY=Parser is disabled from processing general external e
 XXE_DISABLE_GENERAL_AND_PARAMETER_ENTITY=Parser is disabled from processing general and parameter entities.
 
 # Path Traversal Attack
-PATH_TRAVERSAL_VULNERABILITY=A directory traversal (or path traversal) consists in exploiting insufficient security validation/sanitization of user-supplied input file names,\
+PATH_TRAVERSAL_VULNERABILITY=A directory traversal (or path traversal) consists in exploiting insufficient security validation/sanitization of user-supplied input file names, \
 such that characters representing "traverse to parent directory" are passed through to the file APIs.\
 <br/><br/>\
 The goal of this attack is to use an affected application to gain unauthorized access to the file system. <br/><br/>\

From 0107b943de7157c6b310fb041f4a298e3a48ee45 Mon Sep 17 00:00:00 2001
From: Priyanka Agarwal <gudia.agar01@gmail.com>
Date: Sun, 26 Sep 2021 19:12:02 +0530
Subject: [PATCH 3/3] Update messages_en_US.properties

---
 .../resources/i18n/messages_en_US.properties  | 32 +++++++++----------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/src/main/resources/i18n/messages_en_US.properties b/src/main/resources/i18n/messages_en_US.properties
index 0dc29256..524e6677 100755
--- a/src/main/resources/i18n/messages_en_US.properties
+++ b/src/main/resources/i18n/messages_en_US.properties
@@ -10,13 +10,13 @@ SYSTEM_ERROR=System Error Occurred. please check logs.
 
 # XSS based Injections
 XSS_VULNERABILITY=Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into \
-otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code,\
- generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed\
+otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, \
+ generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed \
   are quite widespread and occur anywhere a web application uses input from a user within the output \
-  it generates without validating or encoding it. <br/> <br/> An attacker can use XSS to send a malicious script to an unsuspecting user.\
-  The end user\u2019s browser has no way to know that the script should not be trusted, and will execute the script.\
-   Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens,\
-    or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content\
+  it generates without validating or encoding it. <br/> <br/> An attacker can use XSS to send a malicious script to an unsuspecting user. \
+  The end user\u2019s browser has no way to know that the script should not be trusted, and will execute the script. \
+   Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, \
+    or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content \
      of the HTML page. <br/><br/> For more information on XSS: <ol><li><a href="https://owasp.org/www-community/attacks/xss/" target="_blank">Owasp XSS</a> \
      <li><a href="https://www.google.com/about/appsecurity/learning/xss/" target="_blank">Google Application Security</a></ol>
    
@@ -64,7 +64,7 @@ data into the target of a redirection in an unsafe way.<br/> An attacker can con
 causes a redirection to an arbitrary external domain. This behavior can be leveraged to facilitate phishing attacks against users of the application.<br/> \
 The ability to use an authentic application URL, targeting the correct domain and with a valid SSL certificate (if SSL is used), lends credibility to \
 the phishing attack because many users, even if they verify these features, will not notice the subsequent redirection to a different domain. \
-<br/><br/> <a href="https://www.w3.org/Protocols/rfc2616/rfc2616.html">RFC 2616 - "Hypertext Transfer Protocol - HTTP/1.1" target="_blank"</a> defines a variety\
+<br/><br/> <a href="https://www.w3.org/Protocols/rfc2616/rfc2616.html">RFC 2616 - "Hypertext Transfer Protocol - HTTP/1.1" target="_blank"</a> defines a variety \
  of 3xx status codes that will cause a browser to redirect to a specified location and this implementation is based on 3xx status codes <br/><br/>\
  Important Links:<ol>\
  <li><a href="http://projects.webappsec.org/w/page/13246981/URL%20Redirector%20Abuse" target="_blank">WASC-38</a><br/></li>\
@@ -154,8 +154,8 @@ XXE_DISABLE_GENERAL_ENTITY=Parser is disabled from processing general external e
 XXE_DISABLE_GENERAL_AND_PARAMETER_ENTITY=Parser is disabled from processing general and parameter entities.
 
 # Path Traversal Attack
-PATH_TRAVERSAL_VULNERABILITY=A directory traversal (or path traversal) consists in exploiting insufficient security validation/sanitization of user-supplied input file names,\
-such that characters representing "traverse to parent directory" are passed through to the file APIs.\
+PATH_TRAVERSAL_VULNERABILITY=A directory traversal (or path traversal) consists in exploiting insufficient security validation/sanitization of user-supplied input file names, \
+such that characters representing "traverse to parent directory" are passed through to the file APIs. \
 <br/><br/>\
 The goal of this attack is to use an affected application to gain unauthorized access to the file system. <br/><br/>\
 Important Links:<br/>\
@@ -268,21 +268,21 @@ Important Links on SQLInjection : \
 URL_CONTAINING_CAR_ID_PARAMETER=Car Id is passed as a URL Query Parameter named \"id\"
 
 #### AttackVector description
-ERROR_SQL_INJECTION_URL_PARAM_APPENDED_DIRECTLY_TO_QUERY=Query param is directly appended to the SQL Query causing exception in certain scenarios\
+ERROR_SQL_INJECTION_URL_PARAM_APPENDED_DIRECTLY_TO_QUERY=Query param is directly appended to the SQL Query causing exception in certain scenarios \
  and hence exposes the application data.
-ERROR_SQL_INJECTION_URL_PARAM_WRAPPED_WITH_SINGLE_QUOTE_APPENDED_TO_QUERY=Query param is wrapped around "'" and then appended to the SQL Query causing exception in certain scenarios\
+ERROR_SQL_INJECTION_URL_PARAM_WRAPPED_WITH_SINGLE_QUOTE_APPENDED_TO_QUERY=Query param is wrapped around "'" and then appended to the SQL Query causing exception in certain scenarios \
  and hence exposes the application data.
-ERROR_SQL_INJECTION_URL_PARAM_REMOVES_SINGLE_QUOTE_WRAPPED_WITH_SINGLE_QUOTE_APPENDED_TO_QUERY=Single Quote is removed from Query param and then appended to SQL Query by wrapping\
+ERROR_SQL_INJECTION_URL_PARAM_REMOVES_SINGLE_QUOTE_WRAPPED_WITH_SINGLE_QUOTE_APPENDED_TO_QUERY=Single Quote is removed from Query param and then appended to SQL Query by wrapping \
  with "'".
-ERROR_SQL_INJECTION_URL_PARAM_APPENDED_TO_PARAMETERIZED_QUERY=Query param is appended directly to the SQL Query and then a parameterized query is formed. This is to depict that\
+ERROR_SQL_INJECTION_URL_PARAM_APPENDED_TO_PARAMETERIZED_QUERY=Query param is appended directly to the SQL Query and then a parameterized query is formed. This is to depict that \
  proper usage of PreparedStatement is important.
  
-UNION_SQL_INJECTION_URL_PARAM_APPENDED_DIRECTLY_TO_QUERY=Query param is directly appended to the Query and hence \"Union\" keyword can be used to club the results and\
+UNION_SQL_INJECTION_URL_PARAM_APPENDED_DIRECTLY_TO_QUERY=Query param is directly appended to the Query and hence \"Union\" keyword can be used to club the results and \
 extract the application data.
-UNION_SQL_INJECTION_URL_PARAM_WRAPPED_WITH_SINGLE_QUOTE_APPENDED_TO_QUERY=Query param is wrapped around "'" and then appended to the Query and hence \"Union\" keyword can be used to club the results and\
+UNION_SQL_INJECTION_URL_PARAM_WRAPPED_WITH_SINGLE_QUOTE_APPENDED_TO_QUERY=Query param is wrapped around "'" and then appended to the Query and hence \"Union\" keyword can be used to club the results and \
 extract the application data.
 UNION_SQL_INJECTION_URL_PARAM_REMOVES_SINGLE_QUOTE_WITH_SINGLE_QUOTE_APPENDED_TO_QUERY=Single Quote is removed from Query param and then appended to SQL Query by wrapping around "'"\
  hence \"Union\" keyword can be used to club the results and extract the application data.
  
 BLIND_SQL_INJECTION_URL_PARAM_APPENDED_DIRECTLY_TO_QUERY=Query param is directly appended to the Query hence Query can be manipulated.
-BLIND_SQL_INJECTION_URL_PARAM_WRAPPED_WITH_SINGLE_QUOTE_APPENDED_TO_QUERY=Query param is wrapped around "'" and then appended to the SQL Query hence query can be manipulated.
\ No newline at end of file
+BLIND_SQL_INJECTION_URL_PARAM_WRAPPED_WITH_SINGLE_QUOTE_APPENDED_TO_QUERY=Query param is wrapped around "'" and then appended to the SQL Query hence query can be manipulated.