karaf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-Baptiste Onofré (JIRA) <j...@apache.org>
Subject [jira] [Updated] (KARAF-4204) Weak SecurityManager Check: Overridable Method
Date Thu, 31 Mar 2016 16:09:25 GMT

     [ https://issues.apache.org/jira/browse/KARAF-4204?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Jean-Baptiste Onofré updated KARAF-4204:
----------------------------------------
    Fix Version/s: 4.0.6
                   4.1.0

> Weak SecurityManager Check: Overridable Method
> ----------------------------------------------
>
>                 Key: KARAF-4204
>                 URL: https://issues.apache.org/jira/browse/KARAF-4204
>             Project: Karaf
>          Issue Type: Bug
>    Affects Versions: 4.0.3
>            Reporter: Eduardo Aguinaga
>             Fix For: 4.1.0, 4.0.6
>
>
> HP Fortify SCA and SciTools Understand were used to perform an application security analysis
of the karaf source code.
> Non-final methods that perform security checks can be overridden in ways that bypass
security checks. See external issue for more information.
> File: exception/src/main/java/java/lang/Exception.java
> Line: 137
> Exception.java, lines 137-153:
> {code}
> 137 public Class[] getThrowableContext(Throwable t) {
> 138     try {
> 139         Class[] context = getClassContext();
> 140         int nb = 0;
> 141         for (;;) {
> 142             if (context[context.length - 1 - nb] == t.getClass()) {
> 143                 break;
> 144             }
> 145             nb++;
> 146         }
> 147         Class[] nc = new Class[nb];
> 148         System.arraycopy(context, context.length - nb, nc, 0, nb);
> 149         return nc;
> 150     } catch (Exception e) {
> 151         return null;
> 152     }
> 153 }
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message