From 9075b6d84bb053b6b7eae55d60a874ca0816668b Mon Sep 17 00:00:00 2001
From: Carlos Ruiz <carg67@gmail.com>
Date: Sat, 17 Oct 2020 08:11:12 +0200
Subject: [PATCH] IDEMPIERE-4495 github code scanning alerts (#305)

* IDEMPIERE-4495 github code scanning alerts

Failure to use secure cookies

* Query built without neutralizing special characters
---
 org.adempiere.base/src/org/compiere/util/WebUtil.java       | 2 +-
 .../src/org/compiere/db/DB_Oracle.java                      | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/org.adempiere.base/src/org/compiere/util/WebUtil.java b/org.adempiere.base/src/org/compiere/util/WebUtil.java
index 68b7fce9b7..e2c895a21e 100644
--- a/org.adempiere.base/src/org/compiere/util/WebUtil.java
+++ b/org.adempiere.base/src/org/compiere/util/WebUtil.java
@@ -450,7 +450,7 @@ public final class WebUtil
 		{
 			Cookie cookie = new Cookie (WebEnv.COOKIE_INFO, propertiesEncode(cookieProperties));
 			cookie.setComment("(c) iDempiere, Inc - Jorg Janke");
-			cookie.setSecure(false);
+			cookie.setSecure(true);
 			cookie.setPath("/");
 			if (cookieProperties.size() == 0)
 				cookie.setMaxAge(0);            //  delete cookie
diff --git a/org.compiere.db.oracle.provider/src/org/compiere/db/DB_Oracle.java b/org.compiere.db.oracle.provider/src/org/compiere/db/DB_Oracle.java
index 11c43a986f..aee1018fab 100644
--- a/org.compiere.db.oracle.provider/src/org/compiere/db/DB_Oracle.java
+++ b/org.compiere.db.oracle.provider/src/org/compiere/db/DB_Oracle.java
@@ -992,7 +992,6 @@ public class DB_Oracle implements AdempiereDatabase
             Text1   NVARCHAR2(2000) NULL,
             Text2   VARCHAR2(2000)  NULL
         );
-        **/
         try
         {
             String myString1 = "123456789 12345678";
@@ -1007,13 +1006,13 @@ public class DB_Oracle implements AdempiereDatabase
             System.out.println(Util.size(myString.toString()));
             //
             Connection conn2 = db.getCachedConnection(cc, true, Connection.TRANSACTION_READ_COMMITTED);
-            /** **/
+            //
             PreparedStatement pstmt = conn2.prepareStatement
                 ("INSERT INTO X_Test(Text1, Text2) values(?,?)");
             pstmt.setString(1, myString.toString()); // NVARCHAR2 column
             pstmt.setString(2, myString.toString()); // VARCHAR2 column
             System.out.println(pstmt.executeUpdate());
-            /** **/
+            //
             Statement stmt = conn2.createStatement();
             System.out.println(stmt.executeUpdate
                 ("INSERT INTO X_Test(Text1, Text2) values('" + myString + "','" + myString + "')"));
@@ -1024,6 +1023,7 @@ public class DB_Oracle implements AdempiereDatabase
         }
         db.cleanup();
         System.out.println("--------------------------------------------------");
+        **/
         System.exit(0);