You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@karaf.apache.org by "Eduardo Aguinaga (JIRA)" <ji...@apache.org> on 2015/12/15 16:44:46 UTC
[jira] [Created] (KARAF-4204) Weak SecurityManager Check:
Overridable Method
Eduardo Aguinaga created KARAF-4204:
---------------------------------------
Summary: Weak SecurityManager Check: Overridable Method
Key: KARAF-4204
URL: https://issues.apache.org/jira/browse/KARAF-4204
Project: Karaf
Issue Type: Bug
Affects Versions: 4.0.3
Reporter: Eduardo Aguinaga
HP Fortify SCA and SciTools Understand were used to perform an application security analysis of the karaf source code.
Non-final methods that perform security checks can be overridden in ways that bypass security checks. See external issue for more information.
File: exception/src/main/java/java/lang/Exception.java
Line: 137
Exception.java, lines 137-153:
137 public Class[] getThrowableContext(Throwable t) {
138 try {
139 Class[] context = getClassContext();
140 int nb = 0;
141 for (;;) {
142 if (context[context.length - 1 - nb] == t.getClass()) {
143 break;
144 }
145 nb++;
146 }
147 Class[] nc = new Class[nb];
148 System.arraycopy(context, context.length - nb, nc, 0, nb);
149 return nc;
150 } catch (Exception e) {
151 return null;
152 }
153 }
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)