False positive sun.misc.Unsafe about vcg HOT 2 CLOSED

Hi Tomas

Thanks for getting in touch. I noticed a variation of this bug for a different code issue. I've tracked down and fixed the bug and will hopefully be releasing a fix via hotel wifi tonight :-)

Thanks
Nick

Sent from my BlackBerry. Please ignore typos and tolerate any brevity and acronyms.

From: Tomas Rzepka [mailto:[email protected]]
Sent: Monday, January 12, 2015 10:22 AM
To: nccgroup/VCG [email protected]
Subject: [VCG] False positive sun.misc.Unsafe (#1)

Hi,

When scanning Java code VCG seem to find sun.misc.Unsafe on every code line. Ex:
MEDIUM: Potentially Unsafe Code - sun.misc.Unsafe
Line: 22 - C:\Temp\apigw-test\CertifiedClientDetailsServiceImpl.java
This package allows direct access to memory locations, potentially resulting in C-style memory and buffer issues if not used carefully.

MEDIUM: Potentially Unsafe Code - sun.misc.Unsafe
Line: 42 - C:\Temp\apigw-test\CertifiedClientDetailsServiceImpl.java
This package allows direct access to memory locations, potentially resulting in C-style memory and buffer issues if not used carefully.

Line 22 contains: package org.apigw.authserver.svc.impl;
Line 42 contains: public class CertifiedClientDetailsServiceImpl implements CertifiedClientDetailsService {

Tried escaping dots (.) in javafunctions.conf but it didn't work.

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/1.

Nick Dunn
Senior Security Consultant
NCC Group
Elder House Elder Gate
Milton Keynes, MK9 1LR

Telephone: +44 1844 210 300
Mobile: +44 7545 502548
Fax: +44 870 990 8423
Website: www.nccgroup.comhttp://www.nccgroup.com
Twitter: @NCCGroupplchttps://twitter.com/NCCGroupplc
Email: [email protected]:[email protected]
[https://www.nccgroup.com/media/192418/nccgrouplogo.jpg] http://www.nccgroup.com/

This email is sent for and on behalf of NCC Group. NCC Group is the trading name of NCC Services Limited (Registered in England CRN: 2802141). Registered Office: Manchester Technology Centre, Oxford Road, Manchester, M1 7EF. The ultimate holding company is NCC Group plc (Registered in England CRN: 4627044).

Confidentiality: This e-mail contains proprietary information, some or all of which may be confidential and/or legally privileged. It is for the intended recipient only. If an addressing or transmission error has misdirected this e-mail, please notify the author by replying to this e-mail and then delete the original. If you are not the intended recipient you may not use, disclose, distribute, copy, print or rely on any information contained in this e-mail. You must not inform any other person other than NCC Group or the sender of its existence.

For more information about NCC Group please visit www.nccgroup.comhttp://www.nccgroup.com

P Before you print think about the ENVIRONMENT

from vcg.

Seems to be working now. Great work! Thanks!

Regards,
Tomas

from vcg.