You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@karaf.apache.org by "Eduardo Aguinaga (JIRA)" <ji...@apache.org> on 2015/12/15 16:44:46 UTC

[jira] [Created] (KARAF-4204) Weak SecurityManager Check: Overridable Method

Eduardo Aguinaga created KARAF-4204:
---------------------------------------

             Summary: Weak SecurityManager Check: Overridable Method
                 Key: KARAF-4204
                 URL: https://issues.apache.org/jira/browse/KARAF-4204
             Project: Karaf
          Issue Type: Bug
    Affects Versions: 4.0.3
            Reporter: Eduardo Aguinaga


HP Fortify SCA and SciTools Understand were used to perform an application security analysis of the karaf source code.

Non-final methods that perform security checks can be overridden in ways that bypass security checks. See external issue for more information.

File: exception/src/main/java/java/lang/Exception.java
Line: 137

Exception.java, lines 137-153:
137 public Class[] getThrowableContext(Throwable t) {
138     try {
139         Class[] context = getClassContext();
140         int nb = 0;
141         for (;;) {
142             if (context[context.length - 1 - nb] == t.getClass()) {
143                 break;
144             }
145             nb++;
146         }
147         Class[] nc = new Class[nb];
148         System.arraycopy(context, context.length - nb, nc, 0, nb);
149         return nc;
150     } catch (Exception e) {
151         return null;
152     }
153 }




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)