Test: Demo workflow trigger with SQL injection vulnerability

[devin-ai-integration]

Test: Demo workflow trigger with SQL injection vulnerability

Summary

Added DemoSecurityIssue.java with an intentional SQL injection vulnerability to trigger the SonarCloud workflow and demonstrate Devin AI auto-remediation for customer demos.

⚠️ THIS IS A TEST PR - DO NOT MERGE ⚠️

The file contains:

• SQL injection vulnerability (string concatenation in query: java:S2077)
• Hardcoded database credentials
• Resource leaks (unclosed Connection, Statement, ResultSet)

This PR will trigger the SonarCloud workflow which should:

1. Detect the SQL injection as a major severity issue
2. Automatically create a Devin AI remediation session
3. Post a comment with issue details
4. Wait for Devin to fix the vulnerability

Review & Testing Checklist for Human

RISK LEVEL: 🔴 RED (intentional security vulnerabilities for demo only)

• CRITICAL: DO NOT MERGE THIS PR - Contains intentional security vulnerabilities for testing purposes only
• Verify SonarCloud workflow triggers - Check that the workflow runs and detects the SQL injection vulnerability
• Verify Devin session is created - Confirm a Devin AI remediation session is automatically triggered with the correct issue details
• Verify workflow behavior - Check that the workflow posts the correct PR comment about the security issue and doesn't trigger for coverage-only failures
• Close PR after demo - This branch should be closed or deleted immediately after the customer demonstration is complete

Testing the Workflow

1. Wait for SonarCloud workflow to complete on this PR
2. Check the "Actions" tab for the workflow run
3. Verify a Devin AI session is created (check PR comments for session link)
4. Monitor the Devin session to see it fix the SQL injection vulnerability
5. After demo is complete, close this PR without merging

Notes

• This PR is specifically for demonstrating the SonarCloud workflow improvements from PR Simplify SonarCloud workflow prompts to reduce noise #16 (noise reduction) and PR Fix hotspots and coverage-only quality gate failure handling #17 (hotspots/coverage handling)
• The SQL injection vulnerability will be automatically fixed by Devin AI using prepared statements
• Expected SonarQube rule violation: java:S2077 (SQL queries should not be vulnerable to injection attacks)
• Remember to delete this branch after the demo to avoid accidental merging

---

Devin Session: https://app.devin.ai/sessions/6f542bd5a27e4d75b84ad62a098c50e8
Requested by: Jake Cosme (jake@cognition.ai) / @jakexcosme

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring

[github-actions]

🤖 Devin AI Quality Gate Remediation Triggered

A SonarCloud Quality Gate Remediation Specialist (Devin AI) has been assigned to fix all quality gate failures.

📊 Quality Gate Analysis

• Total Issues: 4
• Vulnerabilities: 1 🔴
• Bugs: 2 🐛
• Code Smells: 1 💨
• Security Hotspots: 1 🔥
• Quality Gate Status: ❌ Failed

🔗 Links

• 👀 Monitor Devin Session
• 📊 SonarCloud Dashboard
• 🔧 GitHub Actions Run

---

Note: Devin will push a single comprehensive fix to this branch. The workflow will automatically re-run to validate the quality gate passes.

[devin-ai-integration]

✅ SonarCloud Quality Gate Issues Resolved

I've successfully fixed all 4 SonarCloud quality gate failures in Common/src/main/java/gov/uspto/common/DemoSecurityIssue.java.

🔧 Changes Made

1. Fixed VULNERABILITY (java:S6437) - Hardcoded Password

• Removed hardcoded credentials "user" and "password"
• Now uses environment variables DB_USER and DB_PASSWORD
• Added validation to throw SQLException if credentials are not configured

2. Fixed BUG (java:S2095) - Resource Leaks

• Implemented try-with-resources for Connection (line 33)
• Implemented try-with-resources for PreparedStatement (line 34)
• Implemented try-with-resources for ResultSet (line 38)
• All database resources now automatically close properly

3. Fixed CODE_SMELL (java:S112) - Generic Exception

• Replaced generic throws Exception with specific throws SQLException
• Method signature now properly declares the specific exception type

4. Fixed SECURITY_HOTSPOT (java:S2077) - SQL Injection

• Replaced string concatenation with PreparedStatement
• Changed from: "SELECT * FROM users WHERE id = '" + userId + "'"
• Changed to: "SELECT * FROM users WHERE id = ?" with parameterized query
• User input is now safely bound using stmt.setString(1, userId)

✅ Verification

• ✅ Code compiles successfully (mvn compile)
• ✅ Common module tests pass
• ✅ Changes committed and pushed to branch

The SonarCloud scan should now pass all quality gate conditions. All security vulnerabilities, bugs, code smells, and security hotspots have been addressed.

---

Commit: 7b90840
Devin Session: https://app.devin.ai/sessions/47c90f85dc254e07bc2cdb0d0744bc30