[jira] [Updated] (KARAF-4199) Privacy Violation: Heap Inspection

2017-02-10 Thread Guillaume Nodet (JIRA) 

 [ 
https://issues.apache.org/jira/browse/KARAF-4199?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Guillaume Nodet updated KARAF-4199:
---
Fix Version/s: (was: 4.1.1)
   (was: 4.0.9)

> Privacy Violation: Heap Inspection
> --
>
> Key: KARAF-4199
> URL: https://issues.apache.org/jira/browse/KARAF-4199
> Project: Karaf
>  Issue Type: Bug
>Affects Versions: 4.0.3
>Reporter: Eduardo Aguinaga
>
> HP Fortify and SciTools Understand were used to perform an application 
> security scan on the karaf source code.
> The method interactive() in Main.java stores sensitive data in a String 
> object on line 127, making it impossible to reliably purge the data from 
> memory.
> Main.java, lines 120-137:
> {code}
> 120 public String[] interactive(String destination, String name, String 
> instruction, String[] prompt, boolean[] echo) {
> 121 String[] answers = new String[prompt.length];
> 122 try {
> 123 for (int i = 0; i < prompt.length; i++) {
> 124 if (echo[i]) {
> 125 answers[i] = console.readLine(prompt[i] + " ");
> 126 } else {
> 127 answers[i] = new String(console.readPassword(prompt[i] + 
> " "));
> 128 }
> 129 if (answers[i] == null) {
> 130 return null;
> 131 }
> 132 }
> 133 return answers;
> 134 } catch (IOError e) {
> 135 return null;
> 136 }
> 137 }
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Updated] (KARAF-4199) Privacy Violation: Heap Inspection

2017-01-27 Thread JIRA 

 [ 
https://issues.apache.org/jira/browse/KARAF-4199?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jean-Baptiste Onofré updated KARAF-4199:

Fix Version/s: 4.1.1
   4.0.9

> Privacy Violation: Heap Inspection
> --
>
> Key: KARAF-4199
> URL: https://issues.apache.org/jira/browse/KARAF-4199
> Project: Karaf
>  Issue Type: Bug
>Affects Versions: 4.0.3
>Reporter: Eduardo Aguinaga
> Fix For: 4.0.9, 4.1.1
>
>
> HP Fortify and SciTools Understand were used to perform an application 
> security scan on the karaf source code.
> The method interactive() in Main.java stores sensitive data in a String 
> object on line 127, making it impossible to reliably purge the data from 
> memory.
> Main.java, lines 120-137:
> {code}
> 120 public String[] interactive(String destination, String name, String 
> instruction, String[] prompt, boolean[] echo) {
> 121 String[] answers = new String[prompt.length];
> 122 try {
> 123 for (int i = 0; i < prompt.length; i++) {
> 124 if (echo[i]) {
> 125 answers[i] = console.readLine(prompt[i] + " ");
> 126 } else {
> 127 answers[i] = new String(console.readPassword(prompt[i] + 
> " "));
> 128 }
> 129 if (answers[i] == null) {
> 130 return null;
> 131 }
> 132 }
> 133 return answers;
> 134 } catch (IOError e) {
> 135 return null;
> 136 }
> 137 }
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (KARAF-4199) Privacy Violation: Heap Inspection

2016-10-20 Thread Guillaume Nodet (JIRA) 

 [ 
https://issues.apache.org/jira/browse/KARAF-4199?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Guillaume Nodet updated KARAF-4199:
---
Fix Version/s: (was: 4.0.8)
   (was: 4.1.0)

> Privacy Violation: Heap Inspection
> --
>
> Key: KARAF-4199
> URL: https://issues.apache.org/jira/browse/KARAF-4199
> Project: Karaf
>  Issue Type: Bug
>Affects Versions: 4.0.3
>Reporter: Eduardo Aguinaga
>
> HP Fortify and SciTools Understand were used to perform an application 
> security scan on the karaf source code.
> The method interactive() in Main.java stores sensitive data in a String 
> object on line 127, making it impossible to reliably purge the data from 
> memory.
> Main.java, lines 120-137:
> {code}
> 120 public String[] interactive(String destination, String name, String 
> instruction, String[] prompt, boolean[] echo) {
> 121 String[] answers = new String[prompt.length];
> 122 try {
> 123 for (int i = 0; i < prompt.length; i++) {
> 124 if (echo[i]) {
> 125 answers[i] = console.readLine(prompt[i] + " ");
> 126 } else {
> 127 answers[i] = new String(console.readPassword(prompt[i] + 
> " "));
> 128 }
> 129 if (answers[i] == null) {
> 130 return null;
> 131 }
> 132 }
> 133 return answers;
> 134 } catch (IOError e) {
> 135 return null;
> 136 }
> 137 }
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (KARAF-4199) Privacy Violation: Heap Inspection

2016-09-18 Thread JIRA 

 [ 
https://issues.apache.org/jira/browse/KARAF-4199?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jean-Baptiste Onofré updated KARAF-4199:

Fix Version/s: (was: 4.0.7)
   4.0.8

> Privacy Violation: Heap Inspection
> --
>
> Key: KARAF-4199
> URL: https://issues.apache.org/jira/browse/KARAF-4199
> Project: Karaf
>  Issue Type: Bug
>Affects Versions: 4.0.3
>Reporter: Eduardo Aguinaga
> Fix For: 4.1.0, 4.0.8
>
>
> HP Fortify and SciTools Understand were used to perform an application 
> security scan on the karaf source code.
> The method interactive() in Main.java stores sensitive data in a String 
> object on line 127, making it impossible to reliably purge the data from 
> memory.
> Main.java, lines 120-137:
> {code}
> 120 public String[] interactive(String destination, String name, String 
> instruction, String[] prompt, boolean[] echo) {
> 121 String[] answers = new String[prompt.length];
> 122 try {
> 123 for (int i = 0; i < prompt.length; i++) {
> 124 if (echo[i]) {
> 125 answers[i] = console.readLine(prompt[i] + " ");
> 126 } else {
> 127 answers[i] = new String(console.readPassword(prompt[i] + 
> " "));
> 128 }
> 129 if (answers[i] == null) {
> 130 return null;
> 131 }
> 132 }
> 133 return answers;
> 134 } catch (IOError e) {
> 135 return null;
> 136 }
> 137 }
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (KARAF-4199) Privacy Violation: Heap Inspection

2016-08-23 Thread JIRA 

 [ 
https://issues.apache.org/jira/browse/KARAF-4199?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jean-Baptiste Onofré updated KARAF-4199:

Fix Version/s: (was: 4.0.6)
   4.0.7

> Privacy Violation: Heap Inspection
> --
>
> Key: KARAF-4199
> URL: https://issues.apache.org/jira/browse/KARAF-4199
> Project: Karaf
>  Issue Type: Bug
>Affects Versions: 4.0.3
>Reporter: Eduardo Aguinaga
> Fix For: 4.1.0, 4.0.7
>
>
> HP Fortify and SciTools Understand were used to perform an application 
> security scan on the karaf source code.
> The method interactive() in Main.java stores sensitive data in a String 
> object on line 127, making it impossible to reliably purge the data from 
> memory.
> Main.java, lines 120-137:
> {code}
> 120 public String[] interactive(String destination, String name, String 
> instruction, String[] prompt, boolean[] echo) {
> 121 String[] answers = new String[prompt.length];
> 122 try {
> 123 for (int i = 0; i < prompt.length; i++) {
> 124 if (echo[i]) {
> 125 answers[i] = console.readLine(prompt[i] + " ");
> 126 } else {
> 127 answers[i] = new String(console.readPassword(prompt[i] + 
> " "));
> 128 }
> 129 if (answers[i] == null) {
> 130 return null;
> 131 }
> 132 }
> 133 return answers;
> 134 } catch (IOError e) {
> 135 return null;
> 136 }
> 137 }
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (KARAF-4199) Privacy Violation: Heap Inspection

2016-03-31 Thread JIRA 

 [ 
https://issues.apache.org/jira/browse/KARAF-4199?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jean-Baptiste Onofré updated KARAF-4199:

Assignee: (was: Jean-Baptiste Onofré)

> Privacy Violation: Heap Inspection
> --
>
> Key: KARAF-4199
> URL: https://issues.apache.org/jira/browse/KARAF-4199
> Project: Karaf
>  Issue Type: Bug
>Affects Versions: 4.0.3
>Reporter: Eduardo Aguinaga
> Fix For: 4.1.0, 4.0.6
>
>
> HP Fortify and SciTools Understand were used to perform an application 
> security scan on the karaf source code.
> The method interactive() in Main.java stores sensitive data in a String 
> object on line 127, making it impossible to reliably purge the data from 
> memory.
> Main.java, lines 120-137:
> {code}
> 120 public String[] interactive(String destination, String name, String 
> instruction, String[] prompt, boolean[] echo) {
> 121 String[] answers = new String[prompt.length];
> 122 try {
> 123 for (int i = 0; i < prompt.length; i++) {
> 124 if (echo[i]) {
> 125 answers[i] = console.readLine(prompt[i] + " ");
> 126 } else {
> 127 answers[i] = new String(console.readPassword(prompt[i] + 
> " "));
> 128 }
> 129 if (answers[i] == null) {
> 130 return null;
> 131 }
> 132 }
> 133 return answers;
> 134 } catch (IOError e) {
> 135 return null;
> 136 }
> 137 }
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (KARAF-4199) Privacy Violation: Heap Inspection

2016-03-31 Thread JIRA 

 [ 
https://issues.apache.org/jira/browse/KARAF-4199?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jean-Baptiste Onofré updated KARAF-4199:

Fix Version/s: 4.0.6
   4.1.0

> Privacy Violation: Heap Inspection
> --
>
> Key: KARAF-4199
> URL: https://issues.apache.org/jira/browse/KARAF-4199
> Project: Karaf
>  Issue Type: Bug
>Affects Versions: 4.0.3
>Reporter: Eduardo Aguinaga
>Assignee: Jean-Baptiste Onofré
> Fix For: 4.1.0, 4.0.6
>
>
> HP Fortify and SciTools Understand were used to perform an application 
> security scan on the karaf source code.
> The method interactive() in Main.java stores sensitive data in a String 
> object on line 127, making it impossible to reliably purge the data from 
> memory.
> Main.java, lines 120-137:
> {code}
> 120 public String[] interactive(String destination, String name, String 
> instruction, String[] prompt, boolean[] echo) {
> 121 String[] answers = new String[prompt.length];
> 122 try {
> 123 for (int i = 0; i < prompt.length; i++) {
> 124 if (echo[i]) {
> 125 answers[i] = console.readLine(prompt[i] + " ");
> 126 } else {
> 127 answers[i] = new String(console.readPassword(prompt[i] + 
> " "));
> 128 }
> 129 if (answers[i] == null) {
> 130 return null;
> 131 }
> 132 }
> 133 return answers;
> 134 } catch (IOError e) {
> 135 return null;
> 136 }
> 137 }
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (KARAF-4199) Privacy Violation: Heap Inspection

2015-12-15 Thread JIRA 

 [ 
https://issues.apache.org/jira/browse/KARAF-4199?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jean-Baptiste Onofré updated KARAF-4199:

Description: 
HP Fortify and SciTools Understand were used to perform an application security 
scan on the karaf source code.

The method interactive() in Main.java stores sensitive data in a String object 
on line 127, making it impossible to reliably purge the data from memory.

Main.java, lines 120-137:
{code}
120 public String[] interactive(String destination, String name, String 
instruction, String[] prompt, boolean[] echo) {
121 String[] answers = new String[prompt.length];
122 try {
123 for (int i = 0; i < prompt.length; i++) {
124 if (echo[i]) {
125 answers[i] = console.readLine(prompt[i] + " ");
126 } else {
127 answers[i] = new String(console.readPassword(prompt[i] + " 
"));
128 }
129 if (answers[i] == null) {
130 return null;
131 }
132 }
133 return answers;
134 } catch (IOError e) {
135 return null;
136 }
137 }
{code}

  was:
HP Fortify and SciTools Understand were used to perform an application security 
scan on the karaf source code.

The method interactive() in Main.java stores sensitive data in a String object 
on line 127, making it impossible to reliably purge the data from memory.

Main.java, lines 120-137:
120 public String[] interactive(String destination, String name, String 
instruction, String[] prompt, boolean[] echo) {
121 String[] answers = new String[prompt.length];
122 try {
123 for (int i = 0; i < prompt.length; i++) {
124 if (echo[i]) {
125 answers[i] = console.readLine(prompt[i] + " ");
126 } else {
127 answers[i] = new String(console.readPassword(prompt[i] + " 
"));
128 }
129 if (answers[i] == null) {
130 return null;
131 }
132 }
133 return answers;
134 } catch (IOError e) {
135 return null;
136 }
137 }


> Privacy Violation: Heap Inspection
> --
>
> Key: KARAF-4199
> URL: https://issues.apache.org/jira/browse/KARAF-4199
> Project: Karaf
>  Issue Type: Bug
>Affects Versions: 4.0.3
>Reporter: Eduardo Aguinaga
>
> HP Fortify and SciTools Understand were used to perform an application 
> security scan on the karaf source code.
> The method interactive() in Main.java stores sensitive data in a String 
> object on line 127, making it impossible to reliably purge the data from 
> memory.
> Main.java, lines 120-137:
> {code}
> 120 public String[] interactive(String destination, String name, String 
> instruction, String[] prompt, boolean[] echo) {
> 121 String[] answers = new String[prompt.length];
> 122 try {
> 123 for (int i = 0; i < prompt.length; i++) {
> 124 if (echo[i]) {
> 125 answers[i] = console.readLine(prompt[i] + " ");
> 126 } else {
> 127 answers[i] = new String(console.readPassword(prompt[i] + 
> " "));
> 128 }
> 129 if (answers[i] == null) {
> 130 return null;
> 131 }
> 132 }
> 133 return answers;
> 134 } catch (IOError e) {
> 135 return null;
> 136 }
> 137 }
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)