hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "oliver z (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCORE-338) A security test showed some "warnings"
Date Thu, 02 May 2013 08:52:17 GMT

    [ https://issues.apache.org/jira/browse/HTTPCORE-338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13647387#comment-13647387

oliver  z commented on HTTPCORE-338:

AuthenticationStrategyImpl.java 254
> A security test showed some "warnings"
> --------------------------------------
>                 Key: HTTPCORE-338
>                 URL: https://issues.apache.org/jira/browse/HTTPCORE-338
>             Project: HttpComponents HttpCore
>          Issue Type: Bug
>          Components: HttpCore
>    Affects Versions: 4.2.4
>            Reporter: oliver  z
> I use HttpCore 4.2.4 and HttpClient 4.2.5 in a project which just got scanned by a security
framework that showed me some warnings and i would like to know if that is a real risk or
just a false positive.
> ChunkedOutputStream.java 97
> ChunkedOutputStream.java 109
> ChunkedOutputStream.java 110
> ContentLengthOutputStream.java 119
> It says it should be avoided to directly embed user input in log files. User-supplied
data should be sanitized to construct log entries and a safe logging mechanism should be used
like OWASP ESAPI logger which automatically removes unexpected carriage returns and line feeds.
User supplied data should always be validated.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org

View raw message