[
https://issues.apache.org/jira/browse/ACCUMULO-2720?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13978993#comment-13978993
]
Christopher Tubbs commented on ACCUMULO-2720:
---------------------------------------------
This bug is fixed at FindBugs rank 5 checks, but comes back at rank 7. I'm not
really sure it can be removed entirely, until the monitor is seriously
refactored and we get rid of all the server-side refresh stuff.
> [FindBugs] HTTP response splitting vulnerabilities in the OperationServlet
> --------------------------------------------------------------------------
>
> Key: ACCUMULO-2720
> URL: https://issues.apache.org/jira/browse/ACCUMULO-2720
> Project: Accumulo
> Issue Type: Sub-task
> Components: monitor
> Reporter: Christopher Tubbs
> Assignee: Christopher Tubbs
> Labels: findbugs
> Fix For: 1.6.0
>
>
> FindBugs rank 5 bugs found [HTTP response
> splitting|https://en.wikipedia.org/wiki/HTTP_response_splitting]
> vulnerabilities in OperationServlet. FindBugs explicitly notes that it does
> only minimal checking for these bugs, so if it finds them, there are almost
> certainly more that it did not find. This ticket will fix those it found. Any
> others will have to be found by another, more comprehensive tool.
> This takes us up through rank 6 findbugs validation in the build.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
