wkshare opened a new issue #3684: security scan of skywalking source URL: https://github.com/apache/skywalking/issues/3684 Please answer these questions before submitting your issue. - Why do you submit this issue? - [X] Question or discussion - [ ] Bug - [ ] Requirement - [ ] Feature or performance improvement ___ ### Question We tried to scan skywalking and get some results: example: ``` Method getInputStream at line 69 of skywalking-master/oap-server/server-receiver-plugin/zipkin-receiverplugin/ src/main/java/org/apache/skywalking/oap/server/receiver/zipkin/handler/SpanProcessor.java gets user input from element getInputStream . This element’s value flows through the code without being validated, and is eventually used in a loop condition in convert at line 48 of skywalking-master/oap-server/server-receiverplugin/ zipkin-receiverplugin/ src/main/java/org/apache/skywalking/oap/server/receiver/zipkin/handler/SpanProcessor.java. This constitutes an Unchecked Input for Loop Condition. ``` 我们正在评测使用Skywalking。 由于公司安全部门的一些要求,对于如上的一些问题,是否会考虑对代码做一些修正? 我们可以来提这些PR
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
