原创 Fortify分析翻譯5
13. Poor error handling:Overly broad catch(Structural):13.1.AcceptApplicat
原创 Beanshell翻譯11
1.Undefined Variables 沒有定義的變量You can test to see if a variable is defined using the special value void. For example: 你可
原创 Beanshell翻譯12
1.Files and Directories 文件和目錄 The following commands work with files, dire
原创 Fortify分析翻譯1
一。分析方法概述: 1. 以下爲Fortify工具歸納的幾種項目代碼漏洞類型: 1.1. Analyzers: Data Flow數據流分析 原文:Follows the propagatio
原创 Fortify分析翻譯6
16. Code correctness:Erroneous String compare(Structural): 16.1.源文件:BizApplicationApprovalBackingBean.
原创 Fortify分析翻譯4
10.System Information Leak(Data Flow): 10.1.BizApplicationApprovalBackingBean.java. logger.error("BizApplicationAp
原创 Fortify分析翻譯8
22.Process Control(Data Flow): 22.1.源文件:AgentServlet.java. 代碼:obj = this.getClass().getClassLoader()
原创 Fortify分析翻譯10
25.Denial of service(Data Flow): 25.1.源文件:Metronome.java 代碼:sleep(thisTime); 25.2.原文:An attacker could
原创 Fortify分析翻譯3
7. Poor style:Confusing naming(Structural):7.1.BPCodeConstants.java private static final String RA
原创 Fortify分析翻譯7
19.Missing XML validation(Control Flow): 19.1.源文件:QueryPrivilegeConfig.java. 代碼:db = dbf.newDocumentBu
原创 Beanshell翻譯7
1.The 'this' reference 'this'引用 As in most languages, an executing method in BeanShell has its own "lo
原创 Fortify分析翻譯9
24.Http response splitting(Data Flow):24.1.源文件:WorkPageDispatcher.java.代碼:rep.sendRedirect(url);24.2.原
原创 Beanshell翻譯1
1.bsh.Interpreter: 說明:The BeanShell scrīpt interpreter. An instance of Interpreter can be used to sour
原创 Beanshell翻譯8
1.scrīpting Interfaces 腳本接口 One of the most powerful features of BeanShell is the ability to scrīpt Ja
原创 Beanshell翻譯2
Introduction 介紹 This document is about BeanShell. BeanShell is a small, free, embeddable Java source i