Eduardo Aguinaga created KARAF-4205:
---------------------------------------
Summary: Privacy Violation
Key: KARAF-4205
URL: https://issues.apache.org/jira/browse/KARAF-4205
Project: Karaf
Issue Type: Bug
Affects Versions: 4.0.3
Reporter: Eduardo Aguinaga
HP Fortify SCA and SciTools Understand were used to perform an application
security analysis of the karaf source code.
The method find() in GogoParser.java mishandles confidential information, which
can compromise user privacy and is often illegal.
File:
shell/core/src/main/java/org/apache/karaf/shell/support/parsing/GogoParser.java
Line: 332
GogoParser.java, lines 329-333:
329 while (level != 0) {
330 if (eof()) {
331 throw new RuntimeException("Eof found in the middle of a compound
for '"
332 + target + deeper + "', begins at " + context(start));
333 }
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
