[jira] [Updated] (KARAF-4199) Privacy Violation: Heap Inspection
[ https://issues.apache.org/jira/browse/KARAF-4199?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Guillaume Nodet updated KARAF-4199: --- Fix Version/s: (was: 4.1.1) (was: 4.0.9) > Privacy Violation: Heap Inspection > -- > > Key: KARAF-4199 > URL: https://issues.apache.org/jira/browse/KARAF-4199 > Project: Karaf > Issue Type: Bug >Affects Versions: 4.0.3 >Reporter: Eduardo Aguinaga > > HP Fortify and SciTools Understand were used to perform an application > security scan on the karaf source code. > The method interactive() in Main.java stores sensitive data in a String > object on line 127, making it impossible to reliably purge the data from > memory. > Main.java, lines 120-137: > {code} > 120 public String[] interactive(String destination, String name, String > instruction, String[] prompt, boolean[] echo) { > 121 String[] answers = new String[prompt.length]; > 122 try { > 123 for (int i = 0; i < prompt.length; i++) { > 124 if (echo[i]) { > 125 answers[i] = console.readLine(prompt[i] + " "); > 126 } else { > 127 answers[i] = new String(console.readPassword(prompt[i] + > " ")); > 128 } > 129 if (answers[i] == null) { > 130 return null; > 131 } > 132 } > 133 return answers; > 134 } catch (IOError e) { > 135 return null; > 136 } > 137 } > {code} -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Updated] (KARAF-4199) Privacy Violation: Heap Inspection
[ https://issues.apache.org/jira/browse/KARAF-4199?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jean-Baptiste Onofré updated KARAF-4199: Fix Version/s: 4.1.1 4.0.9 > Privacy Violation: Heap Inspection > -- > > Key: KARAF-4199 > URL: https://issues.apache.org/jira/browse/KARAF-4199 > Project: Karaf > Issue Type: Bug >Affects Versions: 4.0.3 >Reporter: Eduardo Aguinaga > Fix For: 4.0.9, 4.1.1 > > > HP Fortify and SciTools Understand were used to perform an application > security scan on the karaf source code. > The method interactive() in Main.java stores sensitive data in a String > object on line 127, making it impossible to reliably purge the data from > memory. > Main.java, lines 120-137: > {code} > 120 public String[] interactive(String destination, String name, String > instruction, String[] prompt, boolean[] echo) { > 121 String[] answers = new String[prompt.length]; > 122 try { > 123 for (int i = 0; i < prompt.length; i++) { > 124 if (echo[i]) { > 125 answers[i] = console.readLine(prompt[i] + " "); > 126 } else { > 127 answers[i] = new String(console.readPassword(prompt[i] + > " ")); > 128 } > 129 if (answers[i] == null) { > 130 return null; > 131 } > 132 } > 133 return answers; > 134 } catch (IOError e) { > 135 return null; > 136 } > 137 } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (KARAF-4199) Privacy Violation: Heap Inspection
[ https://issues.apache.org/jira/browse/KARAF-4199?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Guillaume Nodet updated KARAF-4199: --- Fix Version/s: (was: 4.0.8) (was: 4.1.0) > Privacy Violation: Heap Inspection > -- > > Key: KARAF-4199 > URL: https://issues.apache.org/jira/browse/KARAF-4199 > Project: Karaf > Issue Type: Bug >Affects Versions: 4.0.3 >Reporter: Eduardo Aguinaga > > HP Fortify and SciTools Understand were used to perform an application > security scan on the karaf source code. > The method interactive() in Main.java stores sensitive data in a String > object on line 127, making it impossible to reliably purge the data from > memory. > Main.java, lines 120-137: > {code} > 120 public String[] interactive(String destination, String name, String > instruction, String[] prompt, boolean[] echo) { > 121 String[] answers = new String[prompt.length]; > 122 try { > 123 for (int i = 0; i < prompt.length; i++) { > 124 if (echo[i]) { > 125 answers[i] = console.readLine(prompt[i] + " "); > 126 } else { > 127 answers[i] = new String(console.readPassword(prompt[i] + > " ")); > 128 } > 129 if (answers[i] == null) { > 130 return null; > 131 } > 132 } > 133 return answers; > 134 } catch (IOError e) { > 135 return null; > 136 } > 137 } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (KARAF-4199) Privacy Violation: Heap Inspection
[ https://issues.apache.org/jira/browse/KARAF-4199?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jean-Baptiste Onofré updated KARAF-4199: Fix Version/s: (was: 4.0.7) 4.0.8 > Privacy Violation: Heap Inspection > -- > > Key: KARAF-4199 > URL: https://issues.apache.org/jira/browse/KARAF-4199 > Project: Karaf > Issue Type: Bug >Affects Versions: 4.0.3 >Reporter: Eduardo Aguinaga > Fix For: 4.1.0, 4.0.8 > > > HP Fortify and SciTools Understand were used to perform an application > security scan on the karaf source code. > The method interactive() in Main.java stores sensitive data in a String > object on line 127, making it impossible to reliably purge the data from > memory. > Main.java, lines 120-137: > {code} > 120 public String[] interactive(String destination, String name, String > instruction, String[] prompt, boolean[] echo) { > 121 String[] answers = new String[prompt.length]; > 122 try { > 123 for (int i = 0; i < prompt.length; i++) { > 124 if (echo[i]) { > 125 answers[i] = console.readLine(prompt[i] + " "); > 126 } else { > 127 answers[i] = new String(console.readPassword(prompt[i] + > " ")); > 128 } > 129 if (answers[i] == null) { > 130 return null; > 131 } > 132 } > 133 return answers; > 134 } catch (IOError e) { > 135 return null; > 136 } > 137 } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (KARAF-4199) Privacy Violation: Heap Inspection
[ https://issues.apache.org/jira/browse/KARAF-4199?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jean-Baptiste Onofré updated KARAF-4199: Fix Version/s: (was: 4.0.6) 4.0.7 > Privacy Violation: Heap Inspection > -- > > Key: KARAF-4199 > URL: https://issues.apache.org/jira/browse/KARAF-4199 > Project: Karaf > Issue Type: Bug >Affects Versions: 4.0.3 >Reporter: Eduardo Aguinaga > Fix For: 4.1.0, 4.0.7 > > > HP Fortify and SciTools Understand were used to perform an application > security scan on the karaf source code. > The method interactive() in Main.java stores sensitive data in a String > object on line 127, making it impossible to reliably purge the data from > memory. > Main.java, lines 120-137: > {code} > 120 public String[] interactive(String destination, String name, String > instruction, String[] prompt, boolean[] echo) { > 121 String[] answers = new String[prompt.length]; > 122 try { > 123 for (int i = 0; i < prompt.length; i++) { > 124 if (echo[i]) { > 125 answers[i] = console.readLine(prompt[i] + " "); > 126 } else { > 127 answers[i] = new String(console.readPassword(prompt[i] + > " ")); > 128 } > 129 if (answers[i] == null) { > 130 return null; > 131 } > 132 } > 133 return answers; > 134 } catch (IOError e) { > 135 return null; > 136 } > 137 } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (KARAF-4199) Privacy Violation: Heap Inspection
[ https://issues.apache.org/jira/browse/KARAF-4199?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jean-Baptiste Onofré updated KARAF-4199: Assignee: (was: Jean-Baptiste Onofré) > Privacy Violation: Heap Inspection > -- > > Key: KARAF-4199 > URL: https://issues.apache.org/jira/browse/KARAF-4199 > Project: Karaf > Issue Type: Bug >Affects Versions: 4.0.3 >Reporter: Eduardo Aguinaga > Fix For: 4.1.0, 4.0.6 > > > HP Fortify and SciTools Understand were used to perform an application > security scan on the karaf source code. > The method interactive() in Main.java stores sensitive data in a String > object on line 127, making it impossible to reliably purge the data from > memory. > Main.java, lines 120-137: > {code} > 120 public String[] interactive(String destination, String name, String > instruction, String[] prompt, boolean[] echo) { > 121 String[] answers = new String[prompt.length]; > 122 try { > 123 for (int i = 0; i < prompt.length; i++) { > 124 if (echo[i]) { > 125 answers[i] = console.readLine(prompt[i] + " "); > 126 } else { > 127 answers[i] = new String(console.readPassword(prompt[i] + > " ")); > 128 } > 129 if (answers[i] == null) { > 130 return null; > 131 } > 132 } > 133 return answers; > 134 } catch (IOError e) { > 135 return null; > 136 } > 137 } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (KARAF-4199) Privacy Violation: Heap Inspection
[ https://issues.apache.org/jira/browse/KARAF-4199?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jean-Baptiste Onofré updated KARAF-4199: Fix Version/s: 4.0.6 4.1.0 > Privacy Violation: Heap Inspection > -- > > Key: KARAF-4199 > URL: https://issues.apache.org/jira/browse/KARAF-4199 > Project: Karaf > Issue Type: Bug >Affects Versions: 4.0.3 >Reporter: Eduardo Aguinaga >Assignee: Jean-Baptiste Onofré > Fix For: 4.1.0, 4.0.6 > > > HP Fortify and SciTools Understand were used to perform an application > security scan on the karaf source code. > The method interactive() in Main.java stores sensitive data in a String > object on line 127, making it impossible to reliably purge the data from > memory. > Main.java, lines 120-137: > {code} > 120 public String[] interactive(String destination, String name, String > instruction, String[] prompt, boolean[] echo) { > 121 String[] answers = new String[prompt.length]; > 122 try { > 123 for (int i = 0; i < prompt.length; i++) { > 124 if (echo[i]) { > 125 answers[i] = console.readLine(prompt[i] + " "); > 126 } else { > 127 answers[i] = new String(console.readPassword(prompt[i] + > " ")); > 128 } > 129 if (answers[i] == null) { > 130 return null; > 131 } > 132 } > 133 return answers; > 134 } catch (IOError e) { > 135 return null; > 136 } > 137 } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (KARAF-4199) Privacy Violation: Heap Inspection
[ https://issues.apache.org/jira/browse/KARAF-4199?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jean-Baptiste Onofré updated KARAF-4199: Description: HP Fortify and SciTools Understand were used to perform an application security scan on the karaf source code. The method interactive() in Main.java stores sensitive data in a String object on line 127, making it impossible to reliably purge the data from memory. Main.java, lines 120-137: {code} 120 public String[] interactive(String destination, String name, String instruction, String[] prompt, boolean[] echo) { 121 String[] answers = new String[prompt.length]; 122 try { 123 for (int i = 0; i < prompt.length; i++) { 124 if (echo[i]) { 125 answers[i] = console.readLine(prompt[i] + " "); 126 } else { 127 answers[i] = new String(console.readPassword(prompt[i] + " ")); 128 } 129 if (answers[i] == null) { 130 return null; 131 } 132 } 133 return answers; 134 } catch (IOError e) { 135 return null; 136 } 137 } {code} was: HP Fortify and SciTools Understand were used to perform an application security scan on the karaf source code. The method interactive() in Main.java stores sensitive data in a String object on line 127, making it impossible to reliably purge the data from memory. Main.java, lines 120-137: 120 public String[] interactive(String destination, String name, String instruction, String[] prompt, boolean[] echo) { 121 String[] answers = new String[prompt.length]; 122 try { 123 for (int i = 0; i < prompt.length; i++) { 124 if (echo[i]) { 125 answers[i] = console.readLine(prompt[i] + " "); 126 } else { 127 answers[i] = new String(console.readPassword(prompt[i] + " ")); 128 } 129 if (answers[i] == null) { 130 return null; 131 } 132 } 133 return answers; 134 } catch (IOError e) { 135 return null; 136 } 137 } > Privacy Violation: Heap Inspection > -- > > Key: KARAF-4199 > URL: https://issues.apache.org/jira/browse/KARAF-4199 > Project: Karaf > Issue Type: Bug >Affects Versions: 4.0.3 >Reporter: Eduardo Aguinaga > > HP Fortify and SciTools Understand were used to perform an application > security scan on the karaf source code. > The method interactive() in Main.java stores sensitive data in a String > object on line 127, making it impossible to reliably purge the data from > memory. > Main.java, lines 120-137: > {code} > 120 public String[] interactive(String destination, String name, String > instruction, String[] prompt, boolean[] echo) { > 121 String[] answers = new String[prompt.length]; > 122 try { > 123 for (int i = 0; i < prompt.length; i++) { > 124 if (echo[i]) { > 125 answers[i] = console.readLine(prompt[i] + " "); > 126 } else { > 127 answers[i] = new String(console.readPassword(prompt[i] + > " ")); > 128 } > 129 if (answers[i] == null) { > 130 return null; > 131 } > 132 } > 133 return answers; > 134 } catch (IOError e) { > 135 return null; > 136 } > 137 } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)