Menu
▾
▴
[Vtd-xml-developers] vtd-xml-2.11 - Veracode Security Scan Flaw (Code Quality)
|
From: Batistil, R. <Rul...@ex...> - 2015-03-25 19:13:39
|
Hi, Nowadays software security has a high degree of importance among other things. Though this library is very good, this also need to code pass industry standard security checks. The vtd-xml-2.11.jar failed on Veracode security scan as these 4 classes below contain a main method use only for testing or debugging. 1. ContextBuffer.java - com/ximpleware/ 2. intHash.java - com/ximpleware/ 3. parser.java - com/ximpleware/xpath/ 4. Yylex.java - com/ximpleware/xpath/ Note that java main method is an entry point and is very vulnerable to be exploited by unscrupulous individuals. Test classes and methods should be handle Junit components of equivalent. I suggest to make this library acceptable to a wider audience in the software business, the stable release library should be free from testing and debugging codes. To the developers of the library, please remove the main method out from these 4 classes. I`m looking forward for a new library release without this security flaw. Thanks, Rulix ---------------- Rulix Batistil Lead Software Engineer Experian Decision Analytics [cid:image001.gif@01D0670B.771E9AE0]<http://www.experian.com/> 2 Bloor St Suite 3501 Toronto, ON, M4W 1A8 Tel - 416-840-1470 Ext 422 |
