karaf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-Baptiste Onofré (JIRA) <j...@apache.org>
Subject [jira] [Updated] (KARAF-4211) Portability Flaw: Locale Dependent Comparison
Date Tue, 23 Aug 2016 17:32:20 GMT

     [ https://issues.apache.org/jira/browse/KARAF-4211?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Jean-Baptiste Onofré updated KARAF-4211:
----------------------------------------
    Fix Version/s:     (was: 4.0.6)
                   4.0.7

> Portability Flaw: Locale Dependent Comparison
> ---------------------------------------------
>
>                 Key: KARAF-4211
>                 URL: https://issues.apache.org/jira/browse/KARAF-4211
>             Project: Karaf
>          Issue Type: Bug
>    Affects Versions: 4.0.3
>            Reporter: Eduardo Aguinaga
>             Fix For: 4.1.0, 4.0.7
>
>
> HP Fortify SCA and SciTools Understand were used to perform an application security analysis
on the karaf source code.
> The call to compareTo() on line 109 causes portability problems because it has different
locales which may lead to unexpected output. This may also circumvent custom validation routines.
> File: features/command/src/main/java/org/apache/karaf/features/command/ListFeaturesCommand.java
> Line: 109
> ListFeaturesCommand.java, lines 107-111:
> 107 class FeatureComparator implements Comparator<Feature> {
> 108     public int compare(Feature o1, Feature o2) {
> 109         return o1.getName().toLowerCase().compareTo( o2.getName().toLowerCase() );
> 110     }
> 111 }



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message