You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@karaf.apache.org by "Jean-Baptiste Onofré (JIRA)" <ji...@apache.org> on 2016/08/23 17:34:21 UTC
[jira] [Updated] (KARAF-4204) Weak SecurityManager Check:
Overridable Method
[ https://issues.apache.org/jira/browse/KARAF-4204?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jean-Baptiste Onofré updated KARAF-4204:
----------------------------------------
Fix Version/s: (was: 4.0.6)
4.0.7
> Weak SecurityManager Check: Overridable Method
> ----------------------------------------------
>
> Key: KARAF-4204
> URL: https://issues.apache.org/jira/browse/KARAF-4204
> Project: Karaf
> Issue Type: Bug
> Affects Versions: 4.0.3
> Reporter: Eduardo Aguinaga
> Fix For: 4.1.0, 4.0.7
>
>
> HP Fortify SCA and SciTools Understand were used to perform an application security analysis of the karaf source code.
> Non-final methods that perform security checks can be overridden in ways that bypass security checks. See external issue for more information.
> File: exception/src/main/java/java/lang/Exception.java
> Line: 137
> Exception.java, lines 137-153:
> {code}
> 137 public Class[] getThrowableContext(Throwable t) {
> 138 try {
> 139 Class[] context = getClassContext();
> 140 int nb = 0;
> 141 for (;;) {
> 142 if (context[context.length - 1 - nb] == t.getClass()) {
> 143 break;
> 144 }
> 145 nb++;
> 146 }
> 147 Class[] nc = new Class[nb];
> 148 System.arraycopy(context, context.length - nb, nc, 0, nb);
> 149 return nc;
> 150 } catch (Exception e) {
> 151 return null;
> 152 }
> 153 }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)