Open GoogleCodeExporter opened 8 years ago
Hi,
I have reproduced the same problem symptoms even in Eclipse HELIOS.
Eclipse Versions used: Eclipse Helios, Eclipse Helios SR1, Eclipse Helios SR2.
All of them for Linux x64.
Am I missing something during plugin instalation? (As it is supposed to be
compatible with HELIOS).
I've also tried the plugin in JUNO as a first attempt, but no success.
Hope to get an answer since this seems to be an old issue.
Thanks in advance! :)
Original comment by morenois...@gmail.com
on 24 Mar 2013 at 2:01
please l want symbol table for compiler java
contact with me in
https://www.facebook.com/engolfat.ameen?ref=tn_tnmn
Original comment by olfatam...@gmail.com
on 18 May 2013 at 7:16
hi, can anyone please tell me how to apply that nullpointerbug patch ?
Thanks
Azizun
Original comment by azi...@gmail.com
on 7 Jun 2013 at 8:58
Hi Azizun,
normally you have to use a patch program (
http://en.wikipedia.org/wiki/Patch_(Unix) ). But take a look at the patch
itself. Checkout lapse+ source code. Load the eclipse project. Open
fuentes/lapsePlus/views/SourceView.java. Replace the lines starting with - and
add those with a + in front. That's all.
Regards, Bernhard
Original comment by berge...@googlemail.com
on 8 Jun 2013 at 5:53
Thanks Bernhard for the reply. Looks like to checkout the code I need SVN
client installed or is there a way to download source as Zip (like to avoid any
installation if i can) ? And once I load that project in eclipse and change
those lines, I need to build it to get new jar and then replace my current
lapse jar with this new jar - is that correct assumption ?
Thanks
Azizun
Original comment by azi...@gmail.com
on 11 Jun 2013 at 2:50
Hi Azizun,
I forked a copy of this repository today that can be found at github
(https://github.com/bergerbd/lapse-plus). This project looks orphaned.
Furthermore, I applied the patch and created an update site
(http://update.security-comprehension.org/lapsePlus). Just add it to your
available update sites and install lapse plus.
Regards,
Bernhard
Original comment by berge...@googlemail.com
on 12 Jun 2013 at 7:28
Hi Bernhard,
Hi all,
I'm also facing these annoying NPEs in lapse-plus 2.8.1 for Eclipse Helios.
And I'm very happy you provided your own fork trying to fix them. Thank you so
much!
However, it seems that your fix does not affect the NPE that occurs while
finding sinks in 'Vulnerability Sinks' view, at least in my environment. I get
some results and then at some point it crashes.
The stack trace from console log is as follows (is there a typo in
SinkView.isStringContant? ;-)):
java.lang.NullPointerException
at lapsePlus.views.SinkView.isStringContant(SinkView.java:810)
at lapsePlus.views.SinkView.isStringContant(SinkView.java:790)
at lapsePlus.views.SinkView$4.run(SinkView.java:721)
at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54)
Any help would be appreciated.
Btw: Why is there so little activity in such a wonderful project?
Br,
nyc2
Original comment by st.fren...@gmail.com
on 18 Jun 2013 at 5:15
Hi nyc2,
I have filed a bug and will take a look at it:
https://github.com/bergerbd/lapse-plus/issues/2 . Everyone who wants to
volunteer for lapse+ is welcome. ;-)
Bernhard
Original comment by berge...@googlemail.com
on 18 Jun 2013 at 5:26
Hi,
I have added some additional code to check for null. If I will find some time
I've to dig deeper into this problem. Nevertheless, you can try to update your
plugin from the mentioned update site. I've to learn more on release management
for eclipse plugins and hope it will work for you, too.
Bernhard
Original comment by berge...@googlemail.com
on 18 Jun 2013 at 6:18
Hi Bernhard,
Eclipse recognized and installed an update. However, the exception still
remains at the very same line and typo:
java.lang.NullPointerException
at lapsePlus.views.SinkView.isStringContant(SinkView.java:810)
at lapsePlus.views.SinkView.isStringContant(SinkView.java:790)
at lapsePlus.views.SinkView$4.run(SinkView.java:721)
at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54)
Did the rebuild properly work?
Br,
nyc2
Original comment by st.fren...@gmail.com
on 18 Jun 2013 at 7:55
Hi,
I had to understand eclipse feature and plugin versioning and there was another
bug. Now I tested the update mechanism and it works. Can you try to update the
feature? I hope it is going to work. If you have still the same problem (look
for the typo in the exception. i fixed the name, too) you have to deinstall all
old lapse+ versions. The current version is 2.8.3....
Regards, Bernhard
Original comment by berge...@googlemail.com
on 19 Jun 2013 at 10:38
Hi Bernhard,
The automatic update worked and the NPE disappeared, good work, thank you!
Are there any plans on your side to further enhance lapse+ and integrate new
features? E.g. lapse+ claims to be a security scanner for JEE applications but
doesn't support any JEE APIs like JPA or JSF at all (servlet API seems to be
the only exception).
To enhance lapse+ API support it's sufficient to add sink nodes to sinks.xml,
isn't it?
E.g.
<sink id="javax.persistence.EntityManager.createQuery(String)">
<paramCount>1</paramCount>
<vulnParam>0</vulnParam>
<category>SQL Injection</category>
</sink>
However, in order to support JSF vulnerability sources, it would be necessary
to parse XHTMLs in addition to Java sources as well?
Br,
nyc2
Original comment by st.fren...@gmail.com
on 20 Jun 2013 at 5:37
Hi,
I'm glad it's working for you. I filed a feature request here:
https://github.com/bergerbd/lapse-plus/issues/8 . And I will answer to it. ;)
Regards,
Bernhard
Original comment by berge...@googlemail.com
on 20 Jun 2013 at 7:01
Thanks Bernhard and all who are involved in this thread. I'm very glad to know
there are people interested in this project. I had lost all expectations after
some time with no answers since my post on Mar 23 in this thread. I'm willing
to find some time to get hands on this project!
Regards,
Isidro.
Original comment by morenois...@gmail.com
on 20 Jun 2013 at 12:29
Original issue reported on code.google.com by
berge...@googlemail.com
on 28 Jul 2011 at 4:43Attachments: