RE: [iText-questions] Warnings fortify generates on itext

[Paulo Soares]

They are not real problems.

> -----Original Message-----
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On 
> Behalf Of Carsten Hammer
> Sent: Sunday, June 26, 2005 5:21 PM
> To: itext-questions@lists.sourceforge.net
> Subject: [iText-questions] Warnings fortify generates on itext
> 
> Hi,
> for your information.
> These are some warnings fortify generates on itext:
> 
> ResourceInjection - Tainted data affecting resources entering 
> the system
> PdfPKCS7.java (4 Vulnerabilities)
> java.io.File.File(java.lang.String, java.lang.String): 511
> java.io.File.File(java.io.File, java.lang.String): 512
> java.io.File.File(java.io.File, java.lang.String): 513
> java.io.FileInputStream.FileInputStream(java.io.File): 516
> RandomAccessFileOrArray.java (1 Vulnerability)
> java.io.File.File(java.lang.String): 73
> SimplePatternParser.java (1 Vulnerability)
> java.io.FileInputStream.FileInputStream(java.lang.String): 271
> XmlToHtml.java (1 Vulnerability)
> java.io.FileInputStream.FileInputStream(java.lang.String): 123
> XmlToPdf.java (1 Vulnerability)
> java.io.FileInputStream.FileInputStream(java.lang.String): 123
> XmlToRtf.java (1 Vulnerability)
> java.io.FileInputStream.FileInputStream(java.lang.String): 123
> BuildTutorial.java (10 Vulnerabilities)
> java.io.File.File(java.lang.String): 44
> java.io.File.File(java.lang.String): 45
> java.io.File.File(java.io.File, java.lang.String): 46
> java.io.File.File(java.io.File, java.lang.String): 47
> java.io.File.File(java.lang.String, java.lang.String): 50
> java.io.File.File(java.io.File, java.lang.String): 83
> java.io.File.File(java.io.File, java.lang.String): 94
> java.io.File.File(java.io.File, java.lang.String): 95
> java.io.FileInputStream.FileInputStream(java.io.File): 127
> java.io.FileInputStream.FileInputStream(java.io.File): 144
> 
> InformationLeakage  - Tainted data escaping the system
> concat_pdf.java (1 Vulnerability)
> java.io.PrintStream.println(java.lang.String): 65
> encrypt_pdf.java (2 Vulnerabilities)
> java.io.PrintStream.println(java.lang.String): 83
> java.io.PrintStream.println(java.lang.String): 85
> split_pdf.java (1 Vulnerability)
> java.io.PrintStream.println(java.lang.String): 91
> 
> UncheckedReturnValue  - Failure to check informative return value
> BmpImage.java (4 Vulnerabilities)
> java.io.InputStream.read(byte, int, int): 318
> java.io.InputStream.read(byte, int, int): 407
> java.io.InputStream.read(byte, int, int): 434
> java.io.InputStream.read(byte, int, int): 520
> 
> However most of it does not seem to be real problems.
> Because of problems with fortify itself (!!:)) it might be 
> partially not 
> analysed.
> 
> Best regards,
> Carsten
> 
> 
> 
> -------------------------------------------------------
> SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
> from IBM. Find simple to follow Roadmaps, straightforward articles,
> informative Webcasts and more! Get everything you need to get up to
> speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
> _______________________________________________
> iText-questions mailing list
> iText-questions@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/itext-questions
> 


-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=click
_______________________________________________
iText-questions mailing list
iText-questions@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/itext-questions