logo       
Google Custom Search
    AddThis Social Bookmark Button
<prev   next>
-->

Re: fix for sqlinjection false positive involving nops: msg#00063

Subject: Re: fix for sqlinjection false positive involving nops 
On Tue, 16 Jan 2007, Matt wrote:

> Currently, the SqlInjection detector will flag an unsafe append if a
> previous instruction isn't an LDC or a GETSTATIC. I had a false positive
> where there was a NOP instruction, which while not LDC or GET STATIC, does
> not imply a vulnerability. I added a method to iterate backwards until a
> non-NOP was found or a null was found.

Just wanted to make sure this didn't get forgotten :)

If there's any issues with the patch I need to address before it gets
applied, please let me know.

Thanks!

--
tangled strands of DNA explain the way that I behave.
http://www.clock.org/~matt
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Possible Bug in DE_MIGHT_IGNORE, Rudolph, Jason
Next by Date:  Re: Re: fix for sqlinjection false positive involving nops, Bill Pugh
Previous by Thread:  fix for sqlinjection false positive involving nops, Matt
Next by Thread:  Re: Re: fix for sqlinjection false positive involving nops, Bill Pugh
Indexes:  [Date] [Thread] [Top] [All Lists]

    ^^^ ADDITIONAL NAVIGATION ^^^

  
Google Custom Search

Recently Viewed:
mail.spam.rbl.s...    php.seagull.gen...    culture.religio...    qnx.openqnx.dev...    gnome.love/2006...    bug-tracking.re...    user-groups.lin...    yellowdog.gener...    handhelds.ipaq....    kde.announce/20...    java.mx4j.devel...    xfree86.expert/...    recreation.cars...    text.xml.expat....    web.zope.zope3/...    version-control...    db.carob.cvs/20...    freebsd.perform...    ecos.cvs/2003-0...    linux.hotplug.d...    systemtap/2006-...    os.freebsd.secu...   
Home | blog view | USPTO Patent Archive (NEW!) | advertise | OSDir is an inevitable website. super tiny logo