Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added missing BugCode for SECXXEVAL abbrev #728

Merged
merged 1 commit into from
Feb 29, 2024
Merged

Added missing BugCode for SECXXEVAL abbrev #728

merged 1 commit into from
Feb 29, 2024

Conversation

gtoison
Copy link
Contributor

@gtoison gtoison commented Feb 28, 2024

As noted in #727 and spotbugs/sonar-findbugs#983 the detector introduced in #681 declared a new bug code abbreviation but did not provide.
This is causing a crash when the detector reports a bug.

This should fix #727 and spotbugs/sonar-findbugs#983

@gtoison gtoison mentioned this pull request Feb 28, 2024
Open
@h3xstream
Copy link
Member

Good catch. I will try to add a test that does sanity checks on the metadata file to prevent this.

@h3xstream h3xstream merged commit bf12d51 into find-sec-bugs:master Feb 29, 2024
2 checks passed
@gtoison
Copy link
Contributor Author

gtoison commented Feb 29, 2024

Thanks for merging!
I'm making a test in the sonar-findbugs project and it seems to be the only missing abbreviation.
Note that I also found a problematic case (missing category) in one of the sb-contrib bug patterns.

@schloemer-bas schloemer-bas mentioned this pull request Apr 5, 2024
Open
@Bi0icL
Copy link

Bi0icL commented Apr 26, 2024

I'm facing the same trouble, is there anything I can do to temporarily alleviate it?

@gtoison
Copy link
Contributor Author

gtoison commented Apr 26, 2024

findsecbugs shouldn't crash when trying to report the problem but most likely this is a real finding an you can solve it by disabling XXE on your xml processing classes as explained here: https://github.com/find-sec-bugs/find-sec-bugs/pull/681/files#diff-a686f21490e05e3796410ae562a7a8bbc9802a995afee23da568c5d0fe4ff2e4

@Vampire Vampire mentioned this pull request May 13, 2024
Open
This was referenced Jun 5, 2024
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

findsecbugs-plugin: missing bug code for keySECXXEVAL
3 participants
@gtoison @h3xstream @Bi0icL