[
https://issues.apache.org/jira/browse/QPID-8553?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17384078#comment-17384078
]
ASF GitHub Bot commented on QPID-8553:
--------------------------------------
dakirily opened a new pull request #104:
URL: https://github.com/apache/qpid-broker-j/pull/104
The purpose of this PR is improvement of security features handling, which
may be overridden by sub-classes according to HP Fortify check (see
[QPID-8553](https://issues.apache.org/jira/browse/QPID-8553)).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
> [Broker-J] HP Fortify: Weak SecurityManager Check: Overridable Method
> ---------------------------------------------------------------------
>
> Key: QPID-8553
> URL: https://issues.apache.org/jira/browse/QPID-8553
> Project: Qpid
> Issue Type: Improvement
> Components: Broker-J
> Affects Versions: qpid-java-broker-8.0.5
> Reporter: Daniil Kirilyuk
> Priority: Minor
>
> HP Fortify complains that classes defining security may be overridden by
> sub-classes and thereby by-passing the security features:
> broker-plugins/access-control/src/main/org/apache/qpid/server/security/access/config/RuleBasedAccessControl.java
> Line 58 newToken() - Non-final methods that perform security checks may be
> overridden in ways that bypass security checks.
> Line 75 authorise() - Non-final methods that perform security checks may be
> overridden in ways that bypass security checks.
> broker-core/src/main/java/org/apache/qpid/server/model/BrokerImpl.java
> Line 1022 getConnectionMetaData() - Non-final methods that perform security
> checks may be overridden in ways that bypass security checks.
> Line 1046 getGroups() - Non-final methods that perform security checks may be
> overridden in ways that bypass security checks.
> broker-plugins/management-http/src/main/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java
> Line 79 doGet() - Non-final methods that perform security checks may be
> overridden in ways that bypass security checks.
> broker-plugins/amqp-0-8-protocol/org/apache/qpid/server/protocol/v0_8/AMQPConnection_0_8Impl.java
> Line 699 readerIdle() - Non-final methods that perform security checks may be
> overridden in ways that bypass security checks.
> Executes privileged action.
> broker-plugins/logging-logback/src/main/org/apache/qpid/server/logging/logback/ConnectionAndUserPredicate.java
> Line 43 evaluate() - Non-final methods that perform security checks may be
> overridden in ways that bypass security checks.
> broker-plugins/amqp-1-0-protocol/src/main/org/apache/qpid/server/protocol/v1_0/AMQPConnection_1_0Impl.java
> Line 444 receive() - Non-final methods that perform security checks may be
> overridden in ways that bypass security checks.
> Line 1269 readerIdle() - Non-final methods that perform security checks may
> be overridden in ways that bypass security checks.
> Line 1340 receivedComplete() - Non-final methods that perform security checks
> may be overridden in ways that bypass security checks.
> broker-plugins/amqp-0-8-protocol/src/main/org/apache/qpid/server/protocol/v0_8/BrokerDecoder.java
> Line 78 processAMQPFrames() - Non-final methods that perform security checks
> may be overridden in ways that bypass security checks.
> Executes privileged action.
> broker-core/src/main/java/org/apache/qpid/server/security/CompoundAccessControl.java
> Line 68 newToken() - Non-final methods that perform security checks may be
> overridden in ways that bypass security checks.
> broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerAssembler.java
> Line 72 received() - Non-final methods that perform security checks may be
> overridden in ways that bypass security checks.
> Executes privileged action.
> broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/AMQPConnection_0_10Impl.java
> Line 165 readerIdle() - Non-final methods that perform security checks may be
> overridden in ways that bypass security checks.
> Line 182 closed() - Non-final methods that perform security checks may be
> overridden in ways that bypass security checks.
> Executes privileged action.
> broker-plugins/management-amqp/src/main/java/org/apache/qpid/server/management/amqp/ProxyMessageSource.java
> Line 152 addConsumer() - Non-final methods that perform security checks may
> be overridden in ways that bypass security checks.
> broker-plugins/management-amqp/src/main/java/org/apache/qpid/server/management/amqp/ManagementAddressSpace.java
> Line 172 getProxyNode() - Non-final methods that perform security checks may
> be overridden in ways that bypass security checks.
> broker-plugins/logging-logback/src/main/java/org/apache/qpid/server/logging/logback/PrincipalLogEventFilter.java
> Line 43 decide() - Non-final methods that perform security checks may be
> overridden in ways that bypass security checks.
> broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/AMQChannel.java
> Line 303 receivedComplete() - Non-final methods that perform security checks
> may be overridden in ways that bypass security checks.
> broker-core/src/main/java/org/apache/qpid/server/queue/AbstractQueue.java
> Line 359 onOpen() - Non-final methods that perform security checks may be
> overridden in ways that bypass security checks.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
