奇安信CodeSafe

icon indicating a website link http://www.codesafe.cn/

Results 348 issues of 奇安信CodeSafe

There is a vulnerability in elasticsearch 6.8.13,upgrade recommended

https://github.com/didi/ES-Fastloader/blob/dc00f9bd4367449dafdaffe992aa024505867d8e/plugin/pom.xml#L17-L19 CVE-2020-7018 CVE-2019-7614 CVE-2020-7019 CVE-2020-7020 Recommended upgrade version:6.8.13

Insecure SSL: Server Identity Verification Disabled

https://github.com/vmware/admiral/blob/3fffce42aa17edf34e13fc71ebdd0d472ee9bc13/closures/closure-drivers/src/main/resources/com/vmware/admiral/closures/drivers/client/docker/image/photon-closure-runner_java/app/com/vmware/admiral/closure/runner/SSLRunnerConnectionFactory.java#L123-L125 Server identity verification is disabled when making SSL connections.In some libraries that use SSL connections, the server certificate is not verified by default. This is equivalent to trusting all...

unused variable

https://github.com/NLPchina/nlp-lang/blob/a501d574fdac7b0be76b2d6465a549db73597d6e/src/main/java/org/nlpcn/commons/lang/pinyin/PinyinFormatter.java#L27

Unreleased Resource: Streams

https://github.com/NLPchina/nlp-lang/blob/a501d574fdac7b0be76b2d6465a549db73597d6e/src/main/java/org/nlpcn/commons/lang/util/IOUtil.java#L41 The program can potentially fail to release a system resource.

Unused Field

https://github.com/bilibili/DanmakuFlameMaster/blob/e2846461a09e33720a049f628f09c653f55531f0/DanmakuFlameMaster/src/main/java/master/flame/danmaku/ui/widget/DanmakuView.java#L66 This field is never used.

XML External Entity Injection

https://github.com/bilibili/DanmakuFlameMaster/blob/e2846461a09e33720a049f628f09c653f55531f0/Sample/src/main/java/com/sample/BiliDanmukuParser.java#L62-L65 Using XML parsers configured to not prevent nor limit external entities resolution can expose the parser to an XML External Entities attack

byte数组转String时未指定编码

https://github.com/bilibili/DanmakuFlameMaster/blob/e2846461a09e33720a049f628f09c653f55531f0/DanmakuFlameMaster/src/main/java/master/flame/danmaku/danmaku/util/IOUtils.java#L14 在将字节数组的数据转换为String时如果未设定转换编码,可能会导致数据丢失。

Unreleased Resource: Streams

1 comment

https://github.com/Meituan-Dianping/octo-rpc/blob/f451295b8c8017f7fbcd9e5093b45790f16eb803/dorado/dorado-common/src/main/java/com/meituan/dorado/common/util/VersionUtil.java#L57 The program can potentially fail to release a system resource.

Double-Checked Locking

https://github.com/Meituan-Dianping/octo-rpc/blob/f451295b8c8017f7fbcd9e5093b45790f16eb803/dorado/dorado-registry/dorado-registry-zookeeper/src/main/java/com/meituan/dorado/registry/zookeeper/curator/ZookeeperManager.java#L36-L41 Double-Checked Locking is widely cited and used as an efficient method for implementing lazy initialization in a multithreaded environment. Unfortunately, it will not work reliably in a platform independent...

Function 'is_power_of_two()', which defined in an anonymous namespace, is never used

https://github.com/intel/clDNN/blob/70b1a9dbe708495c2711f1e7e71d741d7b3156df/src/layout_optimizer.cpp#L54