N1ckDunn
commented
9 years ago Hi Tomas
Thanks for getting in touch. I noticed a variation of this bug for a different code issue. I've tracked down and fixed the bug and will hopefully be releasing a fix via hotel wifi tonight :-)
Thanks Nick
Sent from my BlackBerry. Please ignore typos and tolerate any brevity and acronyms.
From: Tomas Rzepka [mailto:notifications@github.com] Sent: Monday, January 12, 2015 10:22 AM To: nccgroup/VCG VCG@noreply.github.com Subject: [VCG] False positive sun.misc.Unsafe (#1)
Hi,
When scanning Java code VCG seem to find sun.misc.Unsafe on every code line. Ex: MEDIUM: Potentially Unsafe Code - sun.misc.Unsafe Line: 22 - C:\Temp\apigw-test\CertifiedClientDetailsServiceImpl.java This package allows direct access to memory locations, potentially resulting in C-style memory and buffer issues if not used carefully.
MEDIUM: Potentially Unsafe Code - sun.misc.Unsafe Line: 42 - C:\Temp\apigw-test\CertifiedClientDetailsServiceImpl.java This package allows direct access to memory locations, potentially resulting in C-style memory and buffer issues if not used carefully.
Line 22 contains: package org.apigw.authserver.svc.impl; Line 42 contains: public class CertifiedClientDetailsServiceImpl implements CertifiedClientDetailsService {
Tried escaping dots (.) in javafunctions.conf but it didn't work.
— Reply to this email directly or view it on GitHubhttps://github.com/nccgroup/VCG/issues/1.
Nick Dunn Senior Security Consultant NCC Group Elder House Elder Gate Milton Keynes, MK9 1LR
Telephone: +44 1844 210 300 Mobile: +44 7545 502548 Fax: +44 870 990 8423 Website: www.nccgroup.comhttp://www.nccgroup.com Twitter: @NCCGroupplchttps://twitter.com/NCCGroupplc Email: Nick.Dunn@nccgroup.commailto:Nick.Dunn@nccgroup.com [https://www.nccgroup.com/media/192418/nccgrouplogo.jpg] http://www.nccgroup.com/
This email is sent for and on behalf of NCC Group. NCC Group is the trading name of NCC Services Limited (Registered in England CRN: 2802141). Registered Office: Manchester Technology Centre, Oxford Road, Manchester, M1 7EF. The ultimate holding company is NCC Group plc (Registered in England CRN: 4627044).
Confidentiality: This e-mail contains proprietary information, some or all of which may be confidential and/or legally privileged. It is for the intended recipient only. If an addressing or transmission error has misdirected this e-mail, please notify the author by replying to this e-mail and then delete the original. If you are not the intended recipient you may not use, disclose, distribute, copy, print or rely on any information contained in this e-mail. You must not inform any other person other than NCC Group or the sender of its existence.
For more information about NCC Group please visit www.nccgroup.comhttp://www.nccgroup.com
P Before you print think about the ENVIRONMENT
1njected
Hi,
When scanning Java code VCG seem to find sun.misc.Unsafe on every code line. Ex: MEDIUM: Potentially Unsafe Code - sun.misc.Unsafe Line: 22 - C:\Temp\apigw-test\CertifiedClientDetailsServiceImpl.java This package allows direct access to memory locations, potentially resulting in C-style memory and buffer issues if not used carefully.
MEDIUM: Potentially Unsafe Code - sun.misc.Unsafe Line: 42 - C:\Temp\apigw-test\CertifiedClientDetailsServiceImpl.java This package allows direct access to memory locations, potentially resulting in C-style memory and buffer issues if not used carefully.
Line 22 contains: package org.apigw.authserver.svc.impl; Line 42 contains: public class CertifiedClientDetailsServiceImpl implements CertifiedClientDetailsService {
Tried escaping dots (.) in javafunctions.conf but it didn't work.