[
https://issues.apache.org/jira/browse/KARAF-4211?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jean-Baptiste Onofré updated KARAF-4211:
----------------------------------------
Fix Version/s: (was: 4.0.8)
4.0.9
> Portability Flaw: Locale Dependent Comparison
> ---------------------------------------------
>
> Key: KARAF-4211
> URL: https://issues.apache.org/jira/browse/KARAF-4211
> Project: Karaf
> Issue Type: Bug
> Affects Versions: 4.0.3
> Reporter: Eduardo Aguinaga
> Fix For: 4.1.0, 4.0.9
>
>
> HP Fortify SCA and SciTools Understand were used to perform an application
> security analysis on the karaf source code.
> The call to compareTo() on line 109 causes portability problems because it
> has different locales which may lead to unexpected output. This may also
> circumvent custom validation routines.
> File:
> features/command/src/main/java/org/apache/karaf/features/command/ListFeaturesCommand.java
> Line: 109
> ListFeaturesCommand.java, lines 107-111:
> 107 class FeatureComparator implements Comparator<Feature> {
> 108 public int compare(Feature o1, Feature o2) {
> 109 return o1.getName().toLowerCase().compareTo(
> o2.getName().toLowerCase() );
> 110 }
> 111 }
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
