Uploaded image for project: 'Karaf'
  1. Karaf
  2. KARAF-4205

Privacy Violation

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Won't Fix
    • 4.0.3
    • None
    • None
    • None

    Description

      HP Fortify SCA and SciTools Understand were used to perform an application security analysis of the karaf source code.

      The method find() in GogoParser.java mishandles confidential information, which can compromise user privacy and is often illegal.

      File: shell/core/src/main/java/org/apache/karaf/shell/support/parsing/GogoParser.java
      Line: 332

      GogoParser.java, lines 329-333:
      329 while (level != 0) {
      330 if (eof())

      { 331 throw new RuntimeException("Eof found in the middle of a compound for '" 332 + target + deeper + "', begins at " + context(start)); 333 }

      Attachments

        Activity

          People

            Unassigned Unassigned
            EdAInWestOC Eduardo Aguinaga
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: