Eduardo Aguinaga created KARAF-4211:
---------------------------------------
Summary: Portability Flaw: Locale Dependent Comparison
Key: KARAF-4211
URL: https://issues.apache.org/jira/browse/KARAF-4211
Project: Karaf
Issue Type: Bug
Affects Versions: 4.0.3
Reporter: Eduardo Aguinaga
HP Fortify SCA and SciTools Understand were used to perform an application
security analysis on the karaf source code.
The call to compareTo() on line 109 causes portability problems because it has
different locales which may lead to unexpected output. This may also circumvent
custom validation routines.
File:
features/command/src/main/java/org/apache/karaf/features/command/ListFeaturesCommand.java
Line: 109
ListFeaturesCommand.java, lines 107-111:
107 class FeatureComparator implements Comparator<Feature> {
108 public int compare(Feature o1, Feature o2) {
109 return o1.getName().toLowerCase().compareTo(
o2.getName().toLowerCase() );
110 }
111 }
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
