fortify

来源： https://stackoverflow.com/questions/59303260/fortify-how-to-get-issuevulnarability-list-under-a-project-using-fortify-rest

来源： https://stackoverflow.com/questions/59303260/fortify-how-to-get-issuevulnarability-list-under-a-project-using-fortify-rest

来源： https://stackoverflow.com/questions/52547673/fortify-category-android-bad-practices-missing-google-play-services-updated

问题 I encounter a problem. we use Spring MVC framework in my Project,but Spring MVC default Controller is Singleton Model. I change Controller use @Scope("session") by session to avoid race Condition problem(everyone has own Controller). @Controller @Scope("session") public class AP0Controller extends BaseController { @Autowired GnRecService gnRecService; Integer seq = null;//Global variable @RequestMapping(value = "/agn/AP1W01A_004", method=RequestMethod.GET) public ModelAndView welcomeGrid(

问题 Does anybody know how to write a rule in HP Fortify SCA to check for an XML tag value in an XLM file? I have an XML like this with a regular expression and want to write a rule which checks whether the element matches a regex. <xml> <email>[a-z]@.com]</email> </xml> 回答1: This is done with an XML style ConfigurationRule. I'm not sure if you want to match the value against a regular expression, or determine that the value is itself a regular expression. But regardless I will provide the

问题 Does anybody know how to write a rule in HP Fortify SCA to check for an XML tag value in an XLM file? I have an XML like this with a regular expression and want to write a rule which checks whether the element matches a regex. <xml> <email>[a-z]@.com]</email> </xml> 回答1: This is done with an XML style ConfigurationRule. I'm not sure if you want to match the value against a regular expression, or determine that the value is itself a regular expression. But regardless I will provide the

问题 How can I exclude test directories in a Java Project from being scanned by Fortify sca. The directories are structured in the following way - /src/main/xyz/pqr /src/main/xyz/test/abc /src/test/xyz I want to exclude any files under folders named test from being scanned. I am not sure how to use the -exclude command line parameter to achieve this. 回答1: Use the following: -exclude "**/test/*" 回答2: use -exclude /src/main/xyz/test/** if you are using command prompt to run then backslash 回答3: As

问题 How can I exclude test directories in a Java Project from being scanned by Fortify sca. The directories are structured in the following way - /src/main/xyz/pqr /src/main/xyz/test/abc /src/test/xyz I want to exclude any files under folders named test from being scanned. I am not sure how to use the -exclude command line parameter to achieve this. 回答1: Use the following: -exclude "**/test/*" 回答2: use -exclude /src/main/xyz/test/** if you are using command prompt to run then backslash 回答3: As

问题 How can I exclude test directories in a Java Project from being scanned by Fortify sca. The directories are structured in the following way - /src/main/xyz/pqr /src/main/xyz/test/abc /src/test/xyz I want to exclude any files under folders named test from being scanned. I am not sure how to use the -exclude command line parameter to achieve this. 回答1: Use the following: -exclude "**/test/*" 回答2: use -exclude /src/main/xyz/test/** if you are using command prompt to run then backslash 回答3: As

问题 I created a default .Net Core 1.0.1 Class library and changed buildOptions in project.json to include debugType: "Full". I used the integrated VS 2015 Fortify Scan using 16.11 and I get the errors below. How should I scan dotnet core to avoid this problem? Project 'src\providesFileInPackage\providesFileInPackage.xproj' is not configured to output full debug information. SCA Analysis requires full debug symbols. Would you like to ignore project and continue? (Project Properties -> Build ->