Community
Participate
Working Groups
We are currently using aspectjweaver-1.6.9.jar and the veracode analysis found a bug in this class ClassLoaderWeavingAdaptor.java (Line 350): Type: External Control of File Name or Path Description: This call contains a path manipulation flaw. The argument to the function is a filename constructed using user-supplied input. If an attacker is allowed to specify all or part of the filename, it may be possible to gain unauthorized access to files on the server, including those outside the webroot, that would be normally be inaccessible to end users. The level of exposure depends on the effectiveness of input validation routines, if any is this a false positive ? Thanks.
I really need the line number in 1.8.4 rather than 1.6.9. I'm not sure if it is a real problem or not but so far these analysis issues aren't having that much success at finding any real bugs :)