Josh Elser created ACCUMULO-4687: ------------------------------------ Summary: Address some static analysis feedback from Fortify Key: ACCUMULO-4687 URL: https://issues.apache.org/jira/browse/ACCUMULO-4687 Project: Accumulo Issue Type: Improvement Reporter: Josh Elser Assignee: Josh Elser Priority: Minor Fix For: 1.7.4, 1.8.2, 2.0.0
Fortify flagged some things in Accumulo (mostly against 1.7 and 1.8). Actually, it flagged a lot of things, but there were a few that I noticed which are minor but wouldn't hurt for us to fix. * The {{JarFile}} in {{Jar.java}} is never closed * {{BoundedRangeFileInputStream}} invokes a PrivilegedAction for some reason I can't fathom (been this way since code import -- I think it can be removed). * Numeric validate on the refresh cookie in the monitor * Use {{HttpOnly}} on the cookies we create to mark that we only expect them to be accessed by the browser * We put the request URI back into the page body in DefautlServlet if we can't load the requested element (putting user-controlled info in a http response -- generally bad news). We can just trim the data we write to the browser and log it instead. -- This message was sent by Atlassian JIRA (v6.4.14#64029)