Comments (2)
Hi Tomas
Thanks for getting in touch. I noticed a variation of this bug for a different code issue. I've tracked down and fixed the bug and will hopefully be releasing a fix via hotel wifi tonight :-)
Thanks
Nick
Sent from my BlackBerry. Please ignore typos and tolerate any brevity and acronyms.
From: Tomas Rzepka [mailto:[email protected]]
Sent: Monday, January 12, 2015 10:22 AM
To: nccgroup/VCG [email protected]
Subject: [VCG] False positive sun.misc.Unsafe (#1)
Hi,
When scanning Java code VCG seem to find sun.misc.Unsafe on every code line. Ex:
MEDIUM: Potentially Unsafe Code - sun.misc.Unsafe
Line: 22 - C:\Temp\apigw-test\CertifiedClientDetailsServiceImpl.java
This package allows direct access to memory locations, potentially resulting in C-style memory and buffer issues if not used carefully.
MEDIUM: Potentially Unsafe Code - sun.misc.Unsafe
Line: 42 - C:\Temp\apigw-test\CertifiedClientDetailsServiceImpl.java
This package allows direct access to memory locations, potentially resulting in C-style memory and buffer issues if not used carefully.
Line 22 contains: package org.apigw.authserver.svc.impl;
Line 42 contains: public class CertifiedClientDetailsServiceImpl implements CertifiedClientDetailsService {
Tried escaping dots (.) in javafunctions.conf but it didn't work.
—
Reply to this email directly or view it on GitHubhttps://github.com//issues/1.
Nick Dunn
Senior Security Consultant
NCC Group
Elder House Elder Gate
Milton Keynes, MK9 1LR
Telephone: +44 1844 210 300
Mobile: +44 7545 502548
Fax: +44 870 990 8423
Website: www.nccgroup.comhttp://www.nccgroup.com
Twitter: @NCCGroupplchttps://twitter.com/NCCGroupplc
Email: [email protected]:[email protected]
[https://www.nccgroup.com/media/192418/nccgrouplogo.jpg] http://www.nccgroup.com/
This email is sent for and on behalf of NCC Group. NCC Group is the trading name of NCC Services Limited (Registered in England CRN: 2802141). Registered Office: Manchester Technology Centre, Oxford Road, Manchester, M1 7EF. The ultimate holding company is NCC Group plc (Registered in England CRN: 4627044).
Confidentiality: This e-mail contains proprietary information, some or all of which may be confidential and/or legally privileged. It is for the intended recipient only. If an addressing or transmission error has misdirected this e-mail, please notify the author by replying to this e-mail and then delete the original. If you are not the intended recipient you may not use, disclose, distribute, copy, print or rely on any information contained in this e-mail. You must not inform any other person other than NCC Group or the sender of its existence.
For more information about NCC Group please visit www.nccgroup.comhttp://www.nccgroup.com
P Before you print think about the ENVIRONMENT
from vcg.
Seems to be working now. Great work! Thanks!
Regards,
Tomas
from vcg.
Related Issues (19)
- Rules for sonar HOT 3
- java script is not recognized by VCG
- some form of statements are not recognized in a bulk project
- #ThanksTicket
- CWE mapping HOT 1
- PHP results - questions for understanding the issues
- Console app does not exit - just hangs around HOT 1
- [BUG] "No config file found for bad functions" error on launch
- Missing License HOT 2
- How to build the application?
- Please provide a release version
- Unhandled Exception Error
- Linux usage HOT 3
- [Feature Request] Make mulithreaded
- VCG not analysing files with extension ".sql" HOT 2
- Getting wrong line numbers for the vulnerable lines in the report on scanning using command line . HOT 6
- VisualCodeGrepper on Linux HOT 2
- Copy path to clipboard
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from vcg.