feat: Add comprehensive SonarQube demo issues

- Add SQL injection vulnerabilities with taint analysis examples
- Include XSS vulnerabilities with unescaped user input
- Add path traversal and command injection issues
- Include security hotspots (hardcoded passwords, weak crypto)
- Add code quality issues (dead code, duplicated code, magic numbers)
- Create complex data flow examples for taint analysis demos
- Add deserialization vulnerabilities and information disclosure
- Include performance issues and code smells
- Update README with comprehensive demo guide for sales engineers

Perfect for demonstrating SonarQube's comprehensive analysis capabilities
including taint analysis, security hotspots, and code quality metrics.

Author: root

README.md

@@ -1,12 +1,44 @@
 # Demo - Java Security        
 [![Quality Gate Status](https://nautilus.sonarqube.org/api/project_badges/measure?project=demo%3Ajava-security&metric=alert_status&token=squ_1e4f3504bdc994f093721895e070abe7c11b1632)](https://nautilus.sonarqube.org/dashboard?id=demo%3Ajava-security) [![Maintainability Rating](https://nautilus.sonarqube.org/api/project_badges/measure?project=demo%3Ajava-security&metric=sqale_rating&token=squ_1e4f3504bdc994f093721895e070abe7c11b1632)](https://nautilus.sonarqube.org/dashboard?id=demo%3Ajava-security) [![Reliability Rating](https://nautilus.sonarqube.org/api/project_badges/measure?project=demo%3Ajava-security&metric=reliability_rating&token=squ_1e4f3504bdc994f093721895e070abe7c11b1632)](https://nautilus.sonarqube.org/dashboard?id=demo%3Ajava-security) [![Security Rating](https://nautilus.sonarqube.org/api/project_badges/measure?project=demo%3Ajava-security&metric=security_rating&token=squ_1e4f3504bdc994f093721895e070abe7c11b1632)](https://nautilus.sonarqube.org/dashboard?id=demo%3Ajava-security) [![Security Hotspots](https://nautilus.sonarqube.org/api/project_badges/measure?project=demo%3Ajava-security&metric=security_hotspots&token=squ_1e4f3504bdc994f093721895e070abe7c11b1632)](https://nautilus.sonarqube.org/dashboard?id=demo%3Ajava-security)
+
 ## Use case
 This example demonstrates:
-- Vulnerabilities
-- Security Hotspots
+- **Vulnerabilities** (including SQL Injection, XSS, Path Traversal)
+- **Security Hotspots** (hardcoded passwords, weak crypto, unsafe deserialization)
+- **Taint Analysis Issues** (complex data flow vulnerabilities)
+- **Code Quality Issues** (dead code, duplicated code, magic numbers)
+
+Perfect for **SonarQube sales demos** showcasing comprehensive security analysis capabilities.
+
+## SonarQube Issues Included
+
+### 🔴 Security Vulnerabilities
+- **SQL Injection**: Direct string concatenation in SQL queries
+- **Cross-Site Scripting (XSS)**: Unescaped user input in HTML output
+- **Path Traversal**: User input used in file paths
+- **Command Injection**: User input passed to system commands
+- **Deserialization Vulnerabilities**: Unsafe object deserialization
+- **Information Disclosure**: Sensitive data in error messages
+
+### 🟡 Security Hotspots
+- **Hardcoded Passwords**: Plaintext passwords in source code
+- **Weak Cryptographic Algorithms**: Insecure hashing methods
+- **Unsafe Deserialization**: ObjectInputStream without validation
 
-It also demonstrates the possibility to define your own custom sources, sanitizers and sinks to detect more injection cases
-(or avoid false positives)
+### 🔵 Code Quality Issues
+- **Null Pointer Vulnerabilities**: Missing null checks
+- **Dead Code**: Unreachable code and unused methods
+- **Code Duplication**: Repeated logic across methods
+- **Magic Numbers**: Hardcoded numeric values
+- **Long Methods**: Methods with too many responsibilities
+- **Too Many Parameters**: Methods with excessive parameters
+- **Generic Exception Handling**: Catching Exception instead of specific types
+
+### 🟢 Taint Analysis Examples
+- **Complex Data Flow**: User input flowing through multiple methods to SQL queries
+- **String Concatenation**: Taint propagation through string building
+- **Session Data**: Untrusted session data used without validation
+- **File Operations**: User input affecting file system operations
 
 ## Usage
 
@@ -16,11 +48,21 @@ This will:
 - Delete the project key **training:java-security** if it exists in SonarQube (to start from a scratch)
 - Run `mvn clean verify sonar:sonar` to re-create the project
 
-Project consists of a single class (`Insecure.java`) with a number of Vulnerabilities and Security Hotspots.
+Project consists of multiple servlet classes with intentional vulnerabilities and code quality issues perfect for demonstrating SonarQube's analysis capabilities.
 
 ## Custom security configuration 
 At the bottom of the class you see a bunch of methods that demonstrate custom injections.
 - The method without sanitization (`doSomething()`) has an injection vulnerability
 - The method with custom sanitization (`doSomethingSanitized()`) has no vulnerability
 
 The custom security configuration file is in the root directory [here](s3649JavaSqlInjectionConfig.json)
+
+## Sales Demo Tips
+
+This project is specifically designed for SonarQube sales demonstrations:
+
+1. **Show Taint Analysis**: Demonstrate how SonarQube tracks data flow from user input to vulnerable sinks
+2. **Highlight Security Hotspots**: Show the difference between vulnerabilities and security hotspots
+3. **Code Quality**: Demonstrate maintainability and reliability issues
+4. **Custom Rules**: Show how custom sources, sanitizers, and sinks can be configured
+5. **Real-time Analysis**: Run analysis during the demo to show immediate feedback

src/main/java/demo/security/servlet/HomeServlet.java

@@ -2,6 +2,11 @@
 
 import java.io.IOException;
 import java.io.PrintWriter;
+import java.sql.Connection;
+import java.sql.DriverManager;
+import java.sql.ResultSet;
+import java.sql.Statement;
+import java.util.logging.Logger;
 import javax.servlet.ServletException;
 import javax.servlet.annotation.WebServlet;
 import javax.servlet.http.HttpServlet;
@@ -11,26 +16,73 @@
 @WebServlet("/helloWorld")
 public class HomeServlet extends HttpServlet {
     private static final long serialVersionUID = 1L;
+    private static final Logger logger = Logger.getLogger(HomeServlet.class.getName());
 
     public HomeServlet() {
         super();
         // TODO Auto-generated constructor stub
     }
 
-
     protected void doGet(HttpServletRequest request,
                          HttpServletResponse response) throws ServletException, IOException {
+        // SonarQube Issue: Null pointer vulnerability - no null check
         String name = request.getParameter("name").trim();
+        
+        // SonarQube Issue: XSS vulnerability - direct output without escaping
         response.setContentType("text/html");
         PrintWriter out = response.getWriter();
         out.print("<h2>Hello "+name+ "</h2>");
+        
+        // SonarQube Issue: SQL Injection vulnerability - taint analysis will catch this
+        String userId = request.getParameter("userId");
+        if (userId != null) {
+            try {
+                Connection conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/demo", "root", "password");
+                Statement stmt = conn.createStatement();
+                // This is a classic SQL injection - taint analysis will flag this
+                String query = "SELECT * FROM users WHERE id = " + userId;
+                ResultSet rs = stmt.executeQuery(query);
+                while (rs.next()) {
+                    out.print("<p>User: " + rs.getString("username") + "</p>");
+                }
+                rs.close();
+                stmt.close();
+                conn.close();
+            } catch (Exception e) {
+                // SonarQube Issue: Information disclosure - logging sensitive data
+                logger.severe("Database error for user " + userId + ": " + e.getMessage());
+            }
+        }
+        
+        // SonarQube Issue: Hardcoded password
+        String adminPassword = "admin123";
+        if (request.getParameter("password") != null && 
+            request.getParameter("password").equals(adminPassword)) {
+            out.print("<h3>Welcome Admin!</h3>");
+        }
+        
         out.close();
     }
 
     protected void doPost(HttpServletRequest request,
                           HttpServletResponse response) throws ServletException, IOException {
-        // TODO Auto-generated method stub
+        // SonarQube Issue: Empty method - code smell
         doGet(request, response);
     }
+    
+    // SonarQube Issue: Dead code - unused method
+    private void unusedMethod() {
+        System.out.println("This method is never called");
+    }
+    
+    // SonarQube Issue: Duplicated code - same logic as doGet
+    protected void doPut(HttpServletRequest request,
+                         HttpServletResponse response) throws ServletException, IOException {
+        String name = request.getParameter("name").trim();
+        response.setContentType("text/html");
+        PrintWriter out = response.getWriter();
+        out.print("<h2>Hello "+name+ "</h2>");
+        out.close();
+    }
 
 }

src/main/java/demo/security/servlet/SearchServlet.java

@@ -0,0 +1,158 @@
+package demo.security.servlet;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.sql.Connection;
+import java.sql.DriverManager;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.Statement;
+import java.util.logging.Logger;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+@WebServlet("/api/search")
+public class SearchServlet extends HttpServlet {
+    private static final long serialVersionUID = 1L;
+    private static final Logger logger = Logger.getLogger(SearchServlet.class.getName());
+
+    @Override
+    protected void doGet(HttpServletRequest request, HttpServletResponse response) 
+            throws ServletException, IOException {
+        
+        // SonarQube Issue: Taint Analysis - Complex data flow vulnerability
+        String searchTerm = request.getParameter("q");
+        String category = request.getParameter("category");
+        String sortBy = request.getParameter("sort");
+        
+        // This creates a taint flow from user input to SQL query
+        String dynamicQuery = buildSearchQuery(searchTerm, category, sortBy);
+        
+        try {
+            Connection conn = DriverManager.getConnection(
+                "jdbc:mysql://localhost:3306/products", "root", "password");
+            
+            // SonarQube Issue: SQL Injection - taint analysis will catch this
+            Statement stmt = conn.createStatement();
+            ResultSet rs = stmt.executeQuery(dynamicQuery);
+            
+            response.setContentType("text/html");
+            PrintWriter out = response.getWriter();
+            out.print("<h2>Search Results</h2>");
+            
+            while (rs.next()) {
+                // SonarQube Issue: XSS vulnerability - direct output
+                out.print("<div>Product: " + rs.getString("name") + 
+                         " - Price: $" + rs.getString("price") + "</div>");
+            }
+            
+            rs.close();
+            stmt.close();
+            conn.close();
+            
+        } catch (Exception e) {
+            // SonarQube Issue: Information disclosure in error message
+            logger.severe("Search failed for term: " + searchTerm + " - " + e.getMessage());
+            response.getWriter().print("Error: " + e.getMessage());
+        }
+    }
+    
+    // SonarQube Issue: Taint Analysis - This method propagates taint
+    private String buildSearchQuery(String searchTerm, String category, String sortBy) {
+        StringBuilder query = new StringBuilder("SELECT * FROM products WHERE 1=1");
+        
+        if (searchTerm != null && !searchTerm.isEmpty()) {
+            // Taint flows through string concatenation
+            query.append(" AND name LIKE '%").append(searchTerm).append("%'");
+        }
+        
+        if (category != null && !category.isEmpty()) {
+            // Taint flows through string concatenation
+            query.append(" AND category = '").append(category).append("'");
+        }
+        
+        if (sortBy != null && !sortBy.isEmpty()) {
+            // Taint flows through string concatenation - ORDER BY injection
+            query.append(" ORDER BY ").append(sortBy);
+        }
+        
+        return query.toString();
+    }
+    
+    @Override
+    protected void doPost(HttpServletRequest request, HttpServletResponse response) 
+            throws ServletException, IOException {
+        
+        // SonarQube Issue: Taint Analysis - File upload vulnerability
+        String fileName = request.getParameter("filename");
+        String fileContent = request.getParameter("content");
+        
+        if (fileName != null && fileContent != null) {
+            // SonarQube Issue: Path Traversal - taint analysis will catch this
+            String filePath = "/uploads/" + fileName;
+            
+            try {
+                // Simulate file writing (in real app, this would write to filesystem)
+                logger.info("Writing file: " + filePath + " with content: " + fileContent);
+                
+                // SonarQube Issue: Command Injection - taint analysis will catch this
+                String command = "process_file " + fileName;
+                Runtime.getRuntime().exec(command);
+                
+                response.getWriter().print("File uploaded successfully: " + fileName);
+                
+            } catch (Exception e) {
+                // SonarQube Issue: Generic exception handling
+                throw new RuntimeException("File upload failed", e);
+            }
+        }
+    }
+    
+    // SonarQube Issue: Security Hotspot - Weak cryptographic algorithm
+    private String hashPassword(String password) {
+        // This would be flagged as a security hotspot
+        return Integer.toString(password.hashCode());
+    }
+    
+    // SonarQube Issue: Code Smell - Long method
+    private void processComplexData(HttpServletRequest request) {
+        String data1 = request.getParameter("data1");
+        String data2 = request.getParameter("data2");
+        String data3 = request.getParameter("data3");
+        String data4 = request.getParameter("data4");
+        String data5 = request.getParameter("data5");
+        
+        // Process data1
+        if (data1 != null) {
+            String processed1 = data1.toUpperCase();
+            logger.info("Processed data1: " + processed1);
+        }
+        
+        // Process data2
+        if (data2 != null) {
+            String processed2 = data2.toLowerCase();
+            logger.info("Processed data2: " + processed2);
+        }
+        
+        // Process data3
+        if (data3 != null) {
+            String processed3 = data3.trim();
+            logger.info("Processed data3: " + processed3);
+        }
+        
+        // Process data4
+        if (data4 != null) {
+            String processed4 = data4.replace(" ", "_");
+            logger.info("Processed data4: " + processed4);
+        }
+        
+        // Process data5
+        if (data5 != null) {
+            String processed5 = data5.substring(0, Math.min(10, data5.length()));
+            logger.info("Processed data5: " + processed5);
+        }
+    }
+}