Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6990106

FindBugs scan - Malicious code vulnerability Warnings in com.sun.java.util.jar.pack.*

    Details

    • Subcomponent:
    • Resolved In Build:
      b126
    • CPU:
      x86
    • OS:
      linux
    • Verification:
      Not verified

      Description

      Findbugs report on jdk7 b112 shows Malicious code vulnerability Warnings in com.sun.java.util.jar.pack.*

      Full report is here:
      http://sqeweb.sfbay.sun.com/jsn/users/bsitu/StaticAnalysis/results/findbugs1.3.9/jdk7-b112-jre.html#Warnings_MALICIOUS_CODE

      Detail:
      EI com.sun.java.util.jar.pack.Attribute$Layout.getCallables() may expose internal representation by returning Attribute$Layout.elems


      Bug type EI_EXPOSE_REP (click for details)
      In class com.sun.java.util.jar.pack.Attribute$Layout
      In method com.sun.java.util.jar.pack.Attribute$Layout.getCallables()
      Field com.sun.java.util.jar.pack.Attribute$Layout.elems
      At Attribute.java:[line 609]
      EI com.sun.java.util.jar.pack.Attribute$Layout.getEntryPoint() may expose internal representation by returning Attribute$Layout.elems


      Bug type EI_EXPOSE_REP (click for details)
      In class com.sun.java.util.jar.pack.Attribute$Layout
      In method com.sun.java.util.jar.pack.Attribute$Layout.getEntryPoint()
      Field com.sun.java.util.jar.pack.Attribute$Layout.elems
      At Attribute.java:[line 617]

        Issue Links

          Activity

          Hide
          ksrini Kumar Srinivasan added a comment -
          BT2:EVALUATION

          Good idea to fix it per findbugs suggestion return a copy of the array elems in
          Attribute.java

          While fixing this several other findbugs warnings, netbeans warnings, generification and refactoring was done.
          Show
          ksrini Kumar Srinivasan added a comment - BT2:EVALUATION Good idea to fix it per findbugs suggestion return a copy of the array elems in Attribute.java While fixing this several other findbugs warnings, netbeans warnings, generification and refactoring was done.
          Show
          jprtbugupd JPRT Bug Updates (Inactive) added a comment - BT2:EVALUATION http://hg.openjdk.java.net/jdk7/build/jdk/rev/6d3fb387da8e

            People

            • Assignee:
              ksrini Kumar Srinivasan
              Reporter:
              bsitu Bill Situ
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Imported:
                Indexed: