-
Story
-
Resolution: Won't Do
-
Medium
-
None
-
None
The following Veracode flaws need to be addressed in SLI Core sli-common:
Cryptographic Issues (Use of a Broken or Risky Cryptographic Algorithm (CWE ID 327)(1 flaw)):
sli-common-*.jar org/.../sli/CheckSumHelper.java 40
**Directory Traversal (External Control of File Name or Path (CWE ID 73)(7 flaws)):
sli-common-*.jar org/.../sli/CheckSumHelper.java 35
sli-common-* org/.../sli/MessageWriter.java 77
sli-common-*.jar org/.../sli/SvcLogicLoader.java 60
sli-common-*.jar org/.../sli/SvcLogicLoader.java 171
sli-common-*.jar org/.../sli/SvcLogicParser.java 453
sli-common-*.jar org/.../sli/SvcLogicParser.java 485
sli-common-*.jar .../SvcLogicStoreFactory.java 38
Encapsulation (Deserialization of Untrusted Data (CWE ID502)(2 flaws)):
sli-common-*.jar .../sli/SvcLogicDblibStore.java 152
sli-common-*.jar org/.../sli/SvcLogicJdbcStore.java 404
Information Leakage (Improper Restriction of XML External Entity Reference (CWE ID 611)(1 flaw)):
sli-common-*.jar org/.../sli/SvcLogicParser.java 320
Insufficient Input Validation (Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') (CWE ID 470)(2 flaws)):
sli-provider-*.jar org/.../PrintYangToProp.java 1343
sli-common-*.jar org/.../sli/SvcLogicJdbcStore.java 240