奇安信CodeSafe

icon indicating a website link http://www.codesafe.cn/

Results 10 comments of 奇安信CodeSafe

sql注入

反射型xss 在NavigationTag.java文件中的doStartTag()中接收了请求中的参数进行拼凑后直接输出在页面上,导致了反射型xss漏洞 ![default](https://user-images.githubusercontent.com/39950310/52936854-7acfe000-3398-11e9-88e5-a3da98258390.png) line 46中调用了resolveUrl方法,接收请求中的参数并拼接在url上,最后在line 60输出在页面上。 不过在项目中并没有找到调用doStartTag()的地方

xxe

DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);

Double-Checked Locking

> Hi, thanks for the information. Could you please let us know as a better way of doing it submitting a patch. We'll be glad to integrate any improvement. >...

Never used variable 'stream2'

the same issus 1. never used variable 'c' https://github.com/intel/hyperscan/blob/d79973efb1fcf5ed338122882c1f896829767fb6/unit/hyperscan/stream_op.cpp#L592 2. never used variable 'c' https://github.com/intel/hyperscan/blob/d79973efb1fcf5ed338122882c1f896829767fb6/unit/hyperscan/stream_op.cpp#L752 3. never used variable 'c' https://github.com/intel/hyperscan/blob/d79973efb1fcf5ed338122882c1f896829767fb6/unit/hyperscan/stream_op.cpp#L789

Memory leak?

Thanks for your reply, maximecb! Yea, we are developing bug finding tool! Since we want to know the capabilities of this tool, we run this tool on some open source...

Useless assignment found by static analyzer?

@cjlin1 Hmm, you are right, it is not an issue that worth the effort to fix for now.

zip_slip

登陆的方式有很多,弱口令和爆破就是最为简单有效的方式之一。最为关键的是:需要登陆只是增加了攻击的难度和成本,并不意味着漏洞本身不存在。还是建议在程序中做安全校验 while(e.hasMoreElements()) { ZipEntry zipEntry = (ZipEntry)e.nextElement(); System.out.println(zipEntry.getName()); if(zipEntry.getName().indexOf("..") != -1 && !file.getCanonicalPath().startsWith(unZipAddress)){ System.out.println("失败!"); }else{ ... }

The return value of 'sscanf()' should be checked

the same issues 1. https://github.com/vmware/likewise-open/blob/d6511c1389f84e178520c844451885be360c2d9b/krb5/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c#L120 2. https://github.com/vmware/likewise-open/blob/d6511c1389f84e178520c844451885be360c2d9b/krb5/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c#L122

no limitation for "%s" while calling fscanf()

https://github.com/cisco/joy/blob/5dd5b71bc1fe71ff0d0cf1b6263e6f5449cd622d/src/procwatch.c#L724

Memory leak?

Hello, @anhadjaisingh ,thank you very much for your reply.After our further manual audit,this is a false alarm,thanks again for your detailed reply,we will repair and further improve ours ai robot!Wishing...