奇安信CodeSafe

icon indicating a website link http://www.codesafe.cn/

Results 348 issues of 奇安信CodeSafe

There is a vulnerability in Apache Camel 2.17.4 ,upgrade recommended

https://github.com/SAP/apibusinesshub-integration-recipes/blob/b7ce201a1b72bec580e63af571399440f02f8b01/Recipes/for/cmis-integration-adapter/Project-Source/camel-cmis/pom.xml#L77 CVE-2017-3159 CVE-2017-12633 CVE-2017-12634 CVE-2016-8749 CVE-2016-9571 Recommended upgrade version: 3.4.0

Unused variable

https://github.com/microsoft/spring-data-cosmosdb/blob/54a45fd5d7584009c567c3d8ad83f254b73464fb/src/test/java/com/microsoft/azure/spring/data/cosmosdb/performance/service/SdkService.java#L66 Unused variable

Need to check whether the variable is nil

According to line 89, `resq` may be `nil`, and `resp.Body` in line 96 will cause a crash. By reading the previous code, `resq` cannot be `nil`, so we can remove...

good first issue

Django Bad Practices: Pickle Serialized Sessions

Hi, This is Qihoo360 CodeSafe Team, we found a Django Bad Practices: Pickle Serialized Sessions issue, see neurovault/settings.py At line 219 ![image](https://user-images.githubusercontent.com/39950310/50632389-a3d01900-0f82-11e9-9e75-d7112760cbee.png) If cookie-based sessions are used and SECRET_KEY is...

Unreleased Resource: Streams

https://github.com/mozilla/gcp-ingestion/blob/9ed815afe17d17715aae9b4c1cd91517dcdd6d76/ingestion-beam/src/main/java/com/mozilla/telemetry/decoder/GeoCityLookup.java#L103 The program can potentially fail to release a system resource.

never used variable

src/Tokenizer.cpp in line 260 never used variable 'c'

Wrong fuel_url param

https://github.com/daylightstudio/FUEL-CMS/blob/b24104b1152601e0c2f834b87c36e954e90912e8/fuel/modules/fuel/views/_blocks/module_create_edit_actions.php#L53 `fuel_url`'s second param is $query_string, when it is true, $url contains user's query string. May cause a reflected XSS.

json_decode is dangerous

This json_decode will cause code injection. Such as `json_decode("1;echo 1;"))` https://github.com/daylightstudio/FUEL-CMS/blob/b24104b1152601e0c2f834b87c36e954e90912e8/fuel/modules/fuel/helpers/compatibility_helper.php#L44 Here json_decode data from COOKIE: https://github.com/daylightstudio/FUEL-CMS/blob/b24104b1152601e0c2f834b87c36e954e90912e8/fuel/modules/fuel/controllers/Module.php#L2173

Double-Checked Locking

3 comment

https://github.com/apache/royale-compiler/blob/6f75df78d08d3c4a7f81a8d25d96b978972ee480/compiler/src/main/java/org/apache/royale/compiler/internal/scopes/ASScopeCache.java#L224-L232 Double-Checked Locking is widely cited and used as an efficient method for implementing lazy initialization in a multithreaded environment. Unfortunately, it will not work reliably in a platform independent...

There is a vulnerability in node-fetch 3.2.8,upgrade recommended

https://github.com/google/zx/blob/53fd6dbf521ad0a41c1e7b1ae20f06bfa48a3697/package.json#L62 CVE-2022-2596 Recommended upgrade version:3.2.10