Josh Elser created ACCUMULO-4687:
------------------------------------
Summary: Address some static analysis feedback from Fortify
Key: ACCUMULO-4687
URL: https://issues.apache.org/jira/browse/ACCUMULO-4687
Project: Accumulo
Issue Type: Improvement
Reporter: Josh Elser
Assignee: Josh Elser
Priority: Minor
Fix For: 1.7.4, 1.8.2, 2.0.0
Fortify flagged some things in Accumulo (mostly against 1.7 and 1.8). Actually,
it flagged a lot of things, but there were a few that I noticed which are minor
but wouldn't hurt for us to fix.
* The {{JarFile}} in {{Jar.java}} is never closed
* {{BoundedRangeFileInputStream}} invokes a PrivilegedAction for some reason I
can't fathom (been this way since code import -- I think it can be removed).
* Numeric validate on the refresh cookie in the monitor
* Use {{HttpOnly}} on the cookies we create to mark that we only expect them to
be accessed by the browser
* We put the request URI back into the page body in DefautlServlet if we can't
load the requested element (putting user-controlled info in a http response --
generally bad news). We can just trim the data we write to the browser and log
it instead.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
