Comments (3)
stevespringett
commented on June 7, 2024
Can you provide a pull request or an example XML file that uses this missing rule?
from zap-sonar-plugin.
jukkaharkki
commented on June 7, 2024
Just added this to rules.xml. Description take from that discussion over 30002
<rule> <key>30002</key> <name>Check for proper format string handling in back end c code</name> <description> <![CDATA[<h3>Solution :</h3> <p>Many of the back end interfaces use a secondary programming language, often compiled, to interface to a variety of system functions. C and C++ are two of the more popular "traditional" languages that are used. The Format String exploit occurs when the submitted data of an input string is evaluated as a command by the application. In this way, the attacker could execute code, read the stack, or cause a segmentation fault in the running application, causing new behaviors that could compromise the security or the stability of the system.</p> <h3>References:</h3> <ul> <li>No Reference.</li> </ul>]]> </description> <severity>MAJOR</severity> <status>READY</status> <tag>security</tag> <tag>zaproxy</tag> </rule>
from zap-sonar-plugin.
stevespringett
commented on June 7, 2024
Thanks @jukkaharkki
Fix has been committed.
from zap-sonar-plugin.
Related Issues (20)
- Upload multiple ZAP Reports HOT 1
- No HTML-Report found. Please check property sonar.zaproxy.htmlReportPath HOT 3
- DepShield Deprecation Notice
- Error during SonarQube Scanner execution
- zap-sonar-plugin
- Zap plugin not working with Java 11 and SonarCube 8.3 HOT 3
- Problem with newer SonarQube versions HOT 1
- Use JUnit 5
- Update zap rules HOT 5
- [DepShield] (CVSS 5.3) Vulnerability due to usage of kind-of:3.2.2
- [DepShield] (CVSS 7.5) Vulnerability due to usage of debug:2.6.9
- [DepShield] (CVSS 7.5) Vulnerability due to usage of express:4.17.1
- [DepShield] (CVSS 5.3) Vulnerability due to usage of kind-of:5.1.0
- [DepShield] (CVSS 7.5) Vulnerability due to usage of http-proxy:1.18.1
- [DepShield] (CVSS 5.3) Vulnerability due to usage of kind-of:4.0.0
- Java error when adding report HTML Azure Devops CI HOT 2
- the plugin doesn't support multibranch HOT 2
- DepShield encountered errors while building your project
- [DepShield] (CVSS 7.2) Vulnerability due to usage of lodash:4.17.20
- HTML report does not show on SonarQube HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from zap-sonar-plugin.