Describe the bug
A clear and concise description of what the bug is.
sendRedirect() is called with no try-catch clause which has th epotential to throw an IOException.
To Reproduc e
Steps to reproduce the behavior:

1. IF there is a netowork or issue with the servlet container. an IOException error is thrown.

Expected behavior
A try-catych clause to handle cases of these errors.

Desktop (please complete the following information):

• Linux Ubuntu
• Browser [Chrome]
• Version 123.0.6312.106

Describe the bug
A clear and concise description of what the bug is.

To Reproduce
Steps to reproduce the behavior:

1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots
If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

• OS: [e.g. iOS]
• Browser [e.g. chrome, safari]
• Version [e.g. 22]

Smartphone (please complete the following information):

• Device: [e.g. iPhone6]
• OS: [e.g. iOS8.1]
• Browser [e.g. stock browser, safari]
• Version [e.g. 22]

Additional context
Add any other context about the problem here.

Describe the bug
The website is having a security vulnerability. This could potentially put user accounts at risk, and allow malicious activities to take place. I have attached the screenshots of performing Cross-Site Scripting "<script>alert("ATTACK")</script>" on text input boxes.

Steps to reproduce the behavior:

1. Go to HomePage
2. Type <script>alert("ATTACK")</script> in search items text box
3. alert box will pop up (bug).

Expected behavior
The website should not allow any type Cross-Site Scripting injection. However, it allowed the Cross-Site Scripting injection and an alert box appeared (bug).

Screenshots

org.apache.jasper.JasperException: An exception occurred processing [/index.jsp] at line [47]

44: products = prodDao.getAllProductsByType(type);
45: message = "Showing Results for '" + type + "'";
46: } else {
47: products = prodDao.getAllProducts();
48: }
49: if (products.isEmpty()) {
50: message = "No items found for the search '" + (search != null ? search : type) + "'";

Stacktrace:
org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:599)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:488)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:380)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:328)
jakarta.servlet.http.HttpServlet.service(HttpServlet.java:658)
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51)

Root Cause

java.lang.NullPointerException: Cannot invoke "java.sql.Connection.prepareStatement(String)" because "con" is null
com.shashi.service.impl.ProductServiceImpl.getAllProducts(ProductServiceImpl.java:196)
org.apache.jsp.index_jsp._jspService(index_jsp.java:183)
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
jakarta.servlet.http.HttpServlet.service(HttpServlet.java:658)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:456)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:380)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:328)
jakarta.servlet.http.HttpServlet.service(HttpServlet.java:658)
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51)

Note The full stack trace of the root cause is available in the server logs.

Even though mysql is running fine, it still says conn is null.

Can you upload the sql file please.

Describe the bug
There is a branch of statement that, if executed, guarantees that a null value will be dereferenced, which would generate a NullPointerException when the code is executed. Line 46 in UserServiceImpl.java

Found through FindBUgs, white box static code testing. ps = conn.prepareStatement("insert into " + IUserConstants.TABLE_USER + " values(?,?,?,?,?,?)");

if Conn is null this could cause issues. there is line 40 which checks if conn is null but this should also be used for the insert statement on line 46

if (conn != null) {....

I have come across a malicious code vulnerability.

The issue occurs in the class OrderDetails on line 59.

It states the error: This code stores a reference to an externally mutable object into the internal representation of the object.  If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Storing a copy of the object is better approach in many situations

I have followed the instructions for installation from the youtube video but I have come up with a problem of not loading some contexts in the page.
i am not able to view the cart and login into the webpage and it show http response error 404 where pages are present but i am not able to access it
i have connected the database properly and have the requirements installed (screenshots given)
product category not working
i have installed this using git from the repo directly into eclipse

i am mainly getting a http 404 error , which is the following

HTTP Status 404 – Not Found
Type Status Report

Message The requested resource [/shopping-cart/LoginSrv] is not available

Description The origin server did not find a current representation for the target resource or is not willing to disclose that one exists.

Screenshots

• OS: windows 11
• Browser - microsoft edge
• tomcat version 10
• maven build vesion 4

console log:
Oct 19, 2023 12:28:50 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Server version name: Apache Tomcat/10.0.27
Oct 19, 2023 12:28:50 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Server built: Oct 3 2022 14:18:31 UTC
Oct 19, 2023 12:28:50 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Server version number: 10.0.27.0
Oct 19, 2023 12:28:50 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: OS Name: Windows 11
Oct 19, 2023 12:28:50 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: OS Version: 10.0
Oct 19, 2023 12:28:50 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Architecture: amd64
Oct 19, 2023 12:28:50 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Java Home: C:\Program Files\Java\jdk-20
Oct 19, 2023 12:28:50 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: JVM Version: 20.0.2+9-78
Oct 19, 2023 12:28:50 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: JVM Vendor: Oracle Corporation
Oct 19, 2023 12:28:50 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: CATALINA_BASE: C:\Users\rutta\eclipse-workspace\ecommerce.metadata.plugins\org.eclipse.wst.server.core\tmp0
Oct 19, 2023 12:28:50 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: CATALINA_HOME: D:\devesh-coding\java-coding\tomcat\apache-tomcat-10.0.27
Oct 19, 2023 12:28:50 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Dcatalina.base=C:\Users\rutta\eclipse-workspace\ecommerce.metadata.plugins\org.eclipse.wst.server.core\tmp0
Oct 19, 2023 12:28:50 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Dcatalina.home=D:\devesh-coding\java-coding\tomcat\apache-tomcat-10.0.27
Oct 19, 2023 12:28:50 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Dwtp.deploy=C:\Users\rutta\eclipse-workspace\ecommerce.metadata.plugins\org.eclipse.wst.server.core\tmp0\wtpwebapps
Oct 19, 2023 12:28:50 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: --add-opens=java.base/java.lang=ALL-UNNAMED
Oct 19, 2023 12:28:50 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: --add-opens=java.base/java.io=ALL-UNNAMED
Oct 19, 2023 12:28:50 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: --add-opens=java.base/java.util=ALL-UNNAMED
Oct 19, 2023 12:28:50 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: --add-opens=java.base/java.util.concurrent=ALL-UNNAMED
Oct 19, 2023 12:28:50 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED
Oct 19, 2023 12:28:50 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Dfile.encoding=UTF-8
Oct 19, 2023 12:28:50 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Dstdout.encoding=UTF-8
Oct 19, 2023 12:28:50 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Dstderr.encoding=UTF-8
Oct 19, 2023 12:28:50 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -XX:+ShowCodeDetailsInExceptionMessages
Oct 19, 2023 12:28:50 AM org.apache.catalina.core.AprLifecycleListener lifecycleEvent
INFO: The Apache Tomcat Native library which allows using OpenSSL was not found on the java.library.path: [C:\Program Files\Java\jdk-20\bin;C:\WINDOWS\Sun\Java\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\Program Files\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Windows\System32\OpenSSH;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0;C:\WINDOWS\System32\OpenSSH;C:\Program Files\dotnet;C:\Program Files\nodejs;C:\Program Files\Java\jdk-20\bin;C:\Program Files\MySQL\mysql-connector-j-8.1.0\mysql-connector-j-8.1.0;C:\ApacheMaven\apache-maven-3.9.5-bin\apache-maven-3.9.5\bin;C:\Program Files\Git\cmd;C:\Program Files\MySQL\MySQL Shell 8.0\bin;C:\Users\rutta\AppData\Local\Programs\Python\Python312\Scripts;C:\Users\rutta\AppData\Local\Programs\Python\Python312;C:\Users\rutta\AppData\Local\Microsoft\WindowsApps;C:\Users\rutta\AppData\Roaming\npm;C:\Users\rutta\AppData\Local\GitHubDesktop\bin;C:\Users\rutta\AppData\Local\Programs\Microsoft VS Code\bin;.]
Oct 19, 2023 12:28:50 AM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-nio-8080"]
Oct 19, 2023 12:28:50 AM org.apache.catalina.startup.Catalina load
INFO: Server initialization in [1502] milliseconds
Oct 19, 2023 12:28:50 AM org.apache.catalina.core.StandardService startInternal
INFO: Starting service [Catalina]
Oct 19, 2023 12:28:50 AM org.apache.catalina.core.StandardEngine startInternal
INFO: Starting Servlet engine: [Apache Tomcat/10.0.27]
Oct 19, 2023 12:28:51 AM org.apache.catalina.util.SessionIdGeneratorBase createSecureRandom
WARNING: Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [131] milliseconds.
Oct 19, 2023 12:28:54 AM org.apache.jasper.servlet.TldScanner scanJars
INFO: At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
Oct 19, 2023 12:28:54 AM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-nio-8080"]
Oct 19, 2023 12:28:54 AM org.apache.catalina.startup.Catalina start
INFO: Server startup in [3581] milliseconds
.
.
.
.
.
.
i probably think database or install error or code error i am actually recieving

please resolve this error in this project @shashirajraja @the-suman