Reason why findsecbugs report the vulnerabilities in the code segment of the imported library

Question

Reason why findsecbugs report the vulnerabilities in the code segment of the imported library

128 views Asked by j0ck At 12 November 2020 at 01:35

As shown in the picture below, line 18 shows that a hard-coded vulnerability was scanned.

But it does not report the issue when I import this flagged module in other files. And strangely, it also reports this problem when I remove the flagged module.

Please help me fix this.

Original Q&A

There are 1 answers

**h3xStream** · Answer 1 · 2021-08-03T06:20:11+00:00

h3xStream On 03 August 2021 at 06:20

The issue was investigate here: https://github.com/find-sec-bugs/find-sec-bugs/issues/617#issuecomment-741505146

The original poster (@j0ck) found the issue. It was code weaving altering the bytecode and probably modifying the source line metadata.

TechQA.

Reason why findsecbugs report the vulnerabilities in the code segment of the imported library

There are 1 answers

Related Questions in JAVA

Related Questions in SPOTBUGS

Related Questions in FIND-SEC-BUGS

Popular Questions

Popular Tags

Trending Questions