Philippe Arteau
Philippe Arteau
I get `[error] (javasrc2cpg / Compile / compileIncremental) Compilation failed` when compiling the project. ``` > sbt -java-home "C:\Program Files\Java\jdk-11.0.15" stage [info] welcome to sbt 1.6.2 (Oracle Corporation Java 11.0.15)...
When we see "Analysis processing failed", where should we look to investigate what failed?  The ouput of the CodeQL action is saying ``` Processing sarif files: ["reports/test.sarif"] Uploading results...
Hi, I'm a new NAXSI user. I have notice that the following request is blocked by NAXSI. ```http GET / HTTP/1.1 Host: localhost:7777 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64;...
The Dojo "filecontentreplace" signature is very close to match the official compress lib: **Signature** `"filecontentreplace" : [ "/dojo.version=\\{major:([0-9]+),minor:([0-9]+),patch:([0-9]+)/$1.$2.$3/"],` [[Ref]](https://github.com/bekk/retire.js/blob/900f81fc8fb2ede10c51ac9034914531f91beb87/repository/jsrepository.json#L221) **Content from the *compress lib*** `h.version={major:1,minor:10,patch:1` [[Ref]](http://ajax.googleapis.com/ajax/libs/dojo/1.10.1/dojo/dojo.js) I suggest removing the...
API that received XML as input - [ ] Validator https://docs.oracle.com/javaee/7/api/javax/validation/Validator.html - [x] SchemaFactory https://docs.oracle.com/javase/7/docs/api/javax/xml/validation/SchemaFactory.html #682 More example here : https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet
Taken from https://github.com/find-sec-bugs/find-sec-bugs/issues/332#issuecomment-674015645 ## Problem FSB on different version of JDK don't report the same issue. As an exemple, `BenchmarkTest00051.java` from OWASP Benchmark is not reporting an issue on Java...
## Environment Travis-CI on the main repository. ## Problem I received an alert from Travis-CI that the build was failing. It was however related to the build failing on my...
# Case 1: View name "injection" Here is an endpoint that is expecting to display some information to a template. A malicious user could display alternate template (low risk). The...
## Description Add supports for [`org.apache.commons.lang.SerializationUtils`](https://commons.apache.org/proper/commons-lang/apidocs/org/apache/commons/lang3/SerializationUtils.html) deserialize() methods. It is wrapping deserialization with `readObject()`. It could be integrated to the existing [ObjectDeserializationDetector](https://github.com/find-sec-bugs/find-sec-bugs/blob/master/findsecbugs-plugin/src/main/java/com/h3xstream/findsecbugs/serial/ObjectDeserializationDetector.java). A new description (and bug pattern id) should...