- 博客(22)
- 收藏
- 关注
翻译 Fortify分析翻译1
一。分析方法概述: 1. 以下为Fortify工具归纳的几种项目代码漏洞类型: 1.1. Analyzers: Data Flow数据流分析 原文:Follows the propagation of tainted data starting from a Source (function that introduces any input source to the progra
2008-09-02 20:51:00
9983
翻译 Fortify分析翻译3
7. Poor style:Confusing naming(Structural):7.1.BPCodeConstants.java private static final String RATING_BP_CODE = "WF001"; public static String RATING_BP_CODE() {}7.2.The class contains a fiel
2008-09-02 20:50:00
2003
翻译 Fortify分析翻译2
4. Poor error handling:Empty ctach block(structual): 4.1.BizElementMapping.java } catch (BizException e) {} 4.2.Ignoring an exception can cause the program to overlook unexpected states and condi
2008-09-02 20:50:00
1470
翻译 Fortify分析翻译4
10.System Information Leak(Data Flow): 10.1.BizApplicationApprovalBackingBean.java. logger.error("BizApplicationApprovaBB 出错:" + e.getMessage()); 10.2.Revealing system data or debugging informati
2008-09-02 20:49:00
2853
翻译 Fortify分析翻译5
13. Poor error handling:Overly broad catch(Structural):13.1.AcceptApplicationBackingBean.javacatch(Exception e){13.2.原文:The catch block handles a broad swath of exceptions, potentially trapping dissi
2008-09-02 20:48:00
1419
翻译 Fortify分析翻译6
16. Code correctness:Erroneous String compare(Structural): 16.1.源文件:BizApplicationApprovalBackingBean.java 代码: if ((briefBizTaskVO.getDeptCode() != null) && (briefBizTaskVO.getDeptCode() != "")) { 1
2008-09-02 20:47:00
2398
翻译 Fortify分析翻译8
22.Process Control(Data Flow): 22.1.源文件:AgentServlet.java. 代码:obj = this.getClass().getClassLoader().loadClass(servletName).newInstance(); 22.2.原文:Loading libraries from an untrusted source or in
2008-09-02 20:46:00
2416
翻译 Fortify分析翻译7
19.Missing XML validation(Control Flow): 19.1.源文件:QueryPrivilegeConfig.java. 代码:db = dbf.newDocumentBuilder(); 19.2.原文:Failure to enable validation when parsing XML gives an attacker the opportunity
2008-09-02 20:46:00
2108
翻译 Fortify分析翻译9
24.Http response splitting(Data Flow):24.1.源文件:WorkPageDispatcher.java.代码:rep.sendRedirect(url);24.2.原文:Including unvalidated data in an HTTP response header can enable cache-poisoning, cross-site sc
2008-09-02 20:45:00
1580
翻译 Fortify分析翻译10
25.Denial of service(Data Flow): 25.1.源文件:Metronome.java 代码:sleep(thisTime); 25.2.原文:An attacker could cause the program to crash or otherwise become unavailable to legitimate users. 翻译:攻击者可以使程序崩溃,否则
2008-09-02 20:42:00
3165
翻译 Beanshell翻译1
1.bsh.Interpreter: 说明:The BeanShell scrīpt interpreter. An instance of Interpreter can be used to source scrīpts and evaluate statements or expressions. Beanshell脚本解释者。一个解释的实例可以用作发起脚本或者计算申明或者表达式。 Her
2008-09-02 20:37:00
1075
2
翻译 Beanshell翻译2
Introduction 介绍 This document is about BeanShell. BeanShell is a small, free, embeddable Java source interpreter with object scrīpting language features, written in Java. BeanShell executes standard
2008-09-02 20:36:00
835
翻译 Beanshell翻译4
1.Basic Syntax 基本语法 BeanShell is, foremost, a Java interpreter. So you probably already know most of what you need to start scrīpting with BeanShell. This section describes specifically what portion
2008-09-02 20:35:00
741
翻译 Beanshell翻译3
1.Quick Start 快速开始 Welcome to BeanShell. This is a crash course to get you going. Well leave out many important options and details. Please see the rest of the users guide for more information. 欢迎来
2008-09-02 20:35:00
736
翻译 Beanshell翻译5
1.In BeanShell you may access JavaBean properties as if they were fields: 在Beanshell中你可以访问JavaBean中的属性: button = new java.awt.Button(); button.label = "my button"; // Equivalent to等价于: b.setLabel("my
2008-09-02 20:34:00
815
翻译 Beanshell翻译6
1.Document Friendly Entities 友好的文档 BeanShell supports special overloaded text forms of all common operators to make it easier to embed BeanShell scrīpts inside other kinds of documents (e.g XML). Bea
2008-09-02 20:33:00
813
翻译 Beanshell翻译8
1.scrīpting Interfaces 脚本接口 One of the most powerful features of BeanShell is the ability to scrīpt Java interfaces. This feature allows you to write scrīpts that serve as event handlers, listeners,
2008-09-02 20:29:00
601
翻译 Beanshell翻译7
1.The this reference this引用 As in most languages, an executing method in BeanShell has its own "local" scope that holds argument (parameter) variables and locally declared variables. For example,
2008-09-02 20:29:00
656
翻译 Beanshell翻译9
1.Interface Types and Casting 接口和类型转换 It is legal, but not usually necessary to perform an explicit cast of a BeanShell scrīpted object to an interface type. For example: 这是合法的,但是通常不需要,将Beanshell脚本对象
2008-09-02 20:27:00
658
翻译 Beanshell翻译10
1.Special Variables and Values 特殊的变量和值In addition to the scope modifiers: this, super, global, BeanShell supports a number of pre.defined system variables, "magic" values, and methods. 为了增加作用域的使
2008-09-02 20:26:00
702
翻译 Beanshell翻译11
1.Undefined Variables 没有定义的变量You can test to see if a variable is defined using the special value void. For example: 你可以看一下,当一个变量用特殊的值void来进行定义的时候,例如:if ( foobar == void ) // undefined 没有定义You can ret
2008-09-02 20:25:00
581
翻译 Beanshell翻译12
1.Files and Directories 文件和目录 The following commands work with files, directories, and the working directory: 下面的命令和文件,目录,工作目录一起工作: cd(), pwd(), dir(), rm(), mv(), cat() Unix Style file commands. Uni
2008-09-02 20:21:00
666
空空如也
空空如也
TA创建的收藏夹 TA关注的收藏夹
TA关注的人