Java Mailing List Archive

http://www.junlu.com/

Google
Google
Mailing List
Home
Forum Home
JBoss - Java Application Server
Struts - A MVC web framework
Tomcat - JSP/Servlet container
iText - An open source PDF Java Library
JDOM - JDOM XML Parser
J2EE - A mailing list for Java(tm) 2 Platform, Enterprise Edition
J2EE Pattern - An interest list for Sun Java Center J2EE Pattern Catalog
Servlet - A mailing list for discussion about Sun Microsystem's Java Servlet API Technology
JSP - A mailing list about Java Server Pages specification and reference
Struts & Hibernate
Subjects
JSP editor plugin for eclipse ?
org apache jasper JasperException: Unable to compile class for JSP
Tomcat: Connection reset by peer: socket write error
Cannot retrieve definition for form bean null
Struts Tiles Tutorial (free Struts training)
Where do I download Tomcat 4 0 6?
Data Access Object (DAO) pattern, example DAO 's
Where to download Tomcat v 4 1 24 from?
Tomcat 5 0 16 Requested resource not available
Oracle Connection Pooling in 3 2 2
Servlet : Session invalidate
Servlet action is currently unavailable
Tomcat/Struts Unicode Encoding/Decoding problems
Tomcat and webapplication specific java library path
Running a Simple JMS Example
Mapping in workers2 properties
org apache jasper JasperException
Cannot find message resources under key org apache struts action
   MESSAGE
problem with html:text bean throwing exception
Cannot find message resources under key org apache struts action MESSAGE
invalid direct reference problem with solution
Tool for jsp debug Try Sysdeo Eclipse Plugin
Tomcat 5 Cannot load JDBC driver class 'null ' SQL state: null
weblogic ejbc
java properties file
Jboss 3 2 3 Coyote Can 't re
Tomcat 5, Apache2 and mod jk2 integration problem
JBoss example problem new to J2EE
url string for connecting jboss to oracle
Value attribute of <html:checkbox
javax servlet ServletException: BeanUtils populate
HTTP Status 404 The requested resource is not available
5 0 18: Windows XP Pro vs Windows 2000
 
Warnings fortify generates on itext

Warnings fortify generates on itext

2005-06-27       - By Carsten Hammer

 Back
Reply:     1     2  

Hi,
for your information.
These are some warnings fortify generates on itext:

ResourceInjection - Tainted data affecting resources entering the system
PdfPKCS7.java (4 Vulnerabilities)
java.io.File Source code of java.io.File(java.lang.String Source code of java.lang.String.html>java.lang.String Source code of java.lang.String java.lang.String Source code of java.lang.String.java.html>Source code of <a href=http://www.docjar.com/docs/api/java/lang/String.html>java.lang.String</a> <a href=http://www.docjar.com/html/api/java/lang/String.java.html><img src=/j.gif alt=' border=0>, java.lang.String Source code of java.lang.String.html>java.lang.String Source code of java.lang.String java.lang.String Source code of java.lang.String.java.html>Source code of <a href=http://www.docjar.com/docs/api/java/lang/String.html>java.lang.String</a> <a href=http://www.docjar.com/html/api/java/lang/String.java.html><img src=/j.gif alt=' border=0>): 511
java.io.File Source code of java.io.File.html>java.io.File Source code of java.io.File java.io.File Source code of java.io.File.java.html>Source code of <a href=http://www.docjar.com/docs/api/java/io/File.html>java.io.File</a> <a href=http://www.docjar.com/html/api/java/io/File.java.html><img src=/j.gif alt=' border=0>(java.io.File Source code of java.io.File, java.lang.String Source code of java.lang.String): 512
java.io.File Source code of java.io.File.html>java.io.File Source code of java.io.File java.io.File Source code of java.io.File.java.html>Source code of <a href=http://www.docjar.com/docs/api/java/io/File.html>java.io.File</a> <a href=http://www.docjar.com/html/api/java/io/File.java.html><img src=/j.gif alt=' border=0>(java.io.File Source code of java.io.File, java.lang.String Source code of java.lang.String): 513
java.io.File Source code of java.io.FileInputStream.html>java.io.File Source code of java.io.FileInputStream java.io.File Source code of java.io.FileInputStream.java.html>Source code of <a href=http://www.docjar.com/docs/api/java/io/File.html>java.io.File</a> <a href=http://www.docjar.com/html/api/java/io/File.java.html><img src=/j.gif alt=InputStream' border=0>(java.io.File Source code of java.io.File): 516
RandomAccessFileOrArray.java (1 Vulnerability)
java.io.File Source code of java.io.File(java.lang.String Source code of java.lang.String): 73
SimplePatternParser.java (1 Vulnerability)
java.io.FileInputStream Source code of java.io.FileInputStream(java.lang.String Source code of java.lang.String): 271
XmlToHtml.java (1 Vulnerability)
java.io.FileInputStream Source code of java.io.FileInputStream(java.lang.String Source code of java.lang.String): 123
XmlToPdf.java (1 Vulnerability)
java.io.FileInputStream Source code of java.io.FileInputStream(java.lang.String Source code of java.lang.String): 123
XmlToRtf.java (1 Vulnerability)
java.io.FileInputStream Source code of java.io.FileInputStream(java.lang.String Source code of java.lang.String): 123
BuildTutorial.java (10 Vulnerabilities)
java.io.File Source code of java.io.File(java.lang.String Source code of java.lang.String): 44
java.io.File Source code of java.io.File(java.lang.String Source code of java.lang.String): 45
java.io.File Source code of java.io.File.html>java.io.File Source code of java.io.File java.io.File Source code of java.io.File.java.html>Source code of <a href=http://www.docjar.com/docs/api/java/io/File.html>java.io.File</a> <a href=http://www.docjar.com/html/api/java/io/File.java.html><img src=/j.gif alt=' border=0>(java.io.File Source code of java.io.File, java.lang.String Source code of java.lang.String): 46
java.io.File Source code of java.io.File.html>java.io.File Source code of java.io.File java.io.File Source code of java.io.File.java.html>Source code of <a href=http://www.docjar.com/docs/api/java/io/File.html>java.io.File</a> <a href=http://www.docjar.com/html/api/java/io/File.java.html><img src=/j.gif alt=' border=0>(java.io.File Source code of java.io.File, java.lang.String Source code of java.lang.String): 47
java.io.File Source code of java.io.File(java.lang.String Source code of java.lang.String.html>java.lang.String Source code of java.lang.String java.lang.String Source code of java.lang.String.java.html>Source code of <a href=http://www.docjar.com/docs/api/java/lang/String.html>java.lang.String</a> <a href=http://www.docjar.com/html/api/java/lang/String.java.html><img src=/j.gif alt=' border=0>, java.lang.String Source code of java.lang.String.html>java.lang.String Source code of java.lang.String java.lang.String Source code of java.lang.String.java.html>Source code of <a href=http://www.docjar.com/docs/api/java/lang/String.html>java.lang.String</a> <a href=http://www.docjar.com/html/api/java/lang/String.java.html><img src=/j.gif alt=' border=0>): 50
java.io.File Source code of java.io.File.html>java.io.File Source code of java.io.File java.io.File Source code of java.io.File.java.html>Source code of <a href=http://www.docjar.com/docs/api/java/io/File.html>java.io.File</a> <a href=http://www.docjar.com/html/api/java/io/File.java.html><img src=/j.gif alt=' border=0>(java.io.File Source code of java.io.File, java.lang.String Source code of java.lang.String): 83
java.io.File Source code of java.io.File.html>java.io.File Source code of java.io.File java.io.File Source code of java.io.File.java.html>Source code of <a href=http://www.docjar.com/docs/api/java/io/File.html>java.io.File</a> <a href=http://www.docjar.com/html/api/java/io/File.java.html><img src=/j.gif alt=' border=0>(java.io.File Source code of java.io.File, java.lang.String Source code of java.lang.String): 94
java.io.File Source code of java.io.File.html>java.io.File Source code of java.io.File java.io.File Source code of java.io.File.java.html>Source code of <a href=http://www.docjar.com/docs/api/java/io/File.html>java.io.File</a> <a href=http://www.docjar.com/html/api/java/io/File.java.html><img src=/j.gif alt=' border=0>(java.io.File Source code of java.io.File, java.lang.String Source code of java.lang.String): 95
java.io.File Source code of java.io.FileInputStream.html>java.io.File Source code of java.io.FileInputStream java.io.File Source code of java.io.FileInputStream.java.html>Source code of <a href=http://www.docjar.com/docs/api/java/io/File.html>java.io.File</a> <a href=http://www.docjar.com/html/api/java/io/File.java.html><img src=/j.gif alt=InputStream' border=0>(java.io.File Source code of java.io.File): 127
java.io.File Source code of java.io.FileInputStream.html>java.io.File Source code of java.io.FileInputStream java.io.File Source code of java.io.FileInputStream.java.html>Source code of <a href=http://www.docjar.com/docs/api/java/io/File.html>java.io.File</a> <a href=http://www.docjar.com/html/api/java/io/File.java.html><img src=/j.gif alt=InputStream' border=0>(java.io.File Source code of java.io.File): 144

InformationLeakage  - Tainted data escaping the system
concat_pdf.java (1 Vulnerability)
java.io.PrintStream Source code of java.io.PrintStream(java.lang.String Source code of java.lang.String): 65
encrypt_pdf.java (2 Vulnerabilities)
java.io.PrintStream Source code of java.io.PrintStream(java.lang.String Source code of java.lang.String): 83
java.io.PrintStream Source code of java.io.PrintStream(java.lang.String Source code of java.lang.String): 85
split_pdf.java (1 Vulnerability)
java.io.PrintStream Source code of java.io.PrintStream(java.lang.String Source code of java.lang.String): 91

UncheckedReturnValue  - Failure to check informative return value
BmpImage.java (4 Vulnerabilities)
java.io.InputStream Source code of java.io.InputStream(byte, int, int): 318
java.io.InputStream Source code of java.io.InputStream(byte, int, int): 407
java.io.InputStream Source code of java.io.InputStream(byte, int, int): 434
java.io.InputStream Source code of java.io.InputStream(byte, int, int): 520

However most of it does not seem to be real problems.
Because of problems with fortify itself (!!:)) it might be partially not
analysed.

Best regards,
Carsten



-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- --
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
__ ____ ____ ____ ____ ____ ____ ____ ____ ____
iText-questions mailing list
iText-questions@(protected)
https://lists.sourceforge.net/lists/listinfo/itext-questions
©2008 junlu.com - Jax Systems, LLC, U.S.A.