Fortify Security Report

Fortify Security Report2013. 10. 21

Autoeer

On 2013. 10. 21, a source code review was performed over the SummerBoard code base. 41 files, 4,156 LOC (Executable) were

scanned and reviewed for defects that could lead to potential security vulnerabilities. A total of 90 reviewed findings were

uncovered during the analysis.

The Issues Category section provides Fortify recommendations for addressing issues at a generic level. The recommendations for

specific fixes can be extrapolated from those generic recommendations by the development group.

Executive SummaryIssues Overview

Issues by Fortify Priority Order

Low 61Critical 17High 10Medium 2

Recommendations and Conclusions

Fortify Security Report

Copyright 2010 Fortify Software Inc. Page 2 of 32

Code location: D:/00./Fortify_/20131021/SummerBoard

Number of Files: 41

Lines of Code: 4156

Build Label: <No Build Label>

Scan time: 02:15

SCA Engine version: 5.11.0.0055

Machine Name: AES-N500253605

Username running scan: 5002536

Results Certification Partially Valid

Details:

Results Signature:

SCA Analysis Results has Valid signature

Rules Signature:

rules/externalmetadata.xml is not signed

Attack Surface:

Private Information:

null.null.null

System Information:

null.null.null

javax.servlet.ServletContext.getRealPath

Current Enabled Filter Set:

Security Auditor View

Filter Set Details:

Folder Filters:

If [fortify priority order] contains critical Then set folder to Critical

If [fortify priority order] contains high Then set folder to High

If [fortify priority order] contains medium Then set folder to Medium

If [fortify priority order] contains low Then set folder to Low

Project SummaryCode Base Summary

Scan Information

Results Certification

Attack Surface

Filter Set Summary



Audit guide not enabled

Audit Guide Summary



The scan found 90 issues.

Results OutlineOverall number of results

Vulnerability Examples by Category

Category: Path Manipulation (8 Issues)

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.0 4.5 5.0 5.5 6.0 6.5 7.0 7.5 8.0

Number of Issues

<Unaudited>

Not an Issue

Reliability Issue

Bad Practice

Suspicious

Exploitable

Ana

lysi

s

Abstract: .

Explanation:Path manipulation .

1. .

2. .

, .

1: HTTP . "../../tomcat/conf/server.xml" .

String rName = request.getParameter("reportName");

File rFile = new File("/usr/local/apfr/reports/" + rName);

...

rFile.delete();

2: . , .txt .

fis = new FileInputStream(cfg.getProperty("sub")+".txt");

amt = fis.read(arr);

out.println(arr);

Recommendations:Path manipulation . , . .

. . . . .

Tips:1. Custom Rules Editor cleanse .

2. . . , . .

3. . Struts Struts 2 . , HP Fortify Secure Coding Rulepacks HP Fortify Static Code Analyzer . Context-Sensitive Ranking( ) . HP Fortify , Fortify Security Research Group .

BoardController.java, line 271 (Path Manipulation)

Fortify Priority: Critical Folder CriticalKingdom: Input Validation and Representation



Abstract: BoardController.java 271 File() . .Source: BoardController.java:257

org.springframework.web.multipart.MultipartRequest.getFile()255 String uploadPath=request.getContextPath()+"/files/";

256 String orgFileName = request.getParameter("orgFile");

257 MultipartFile newFile = request.getFile("newFile");

258 String newFileName = newFile.getOriginalFilename();

259

Sink: BoardController.java:271 java.io.File.File()269 }

270 // create new upload file

271 File newUploadFile = new File(uploadPath +newFileName);

272 try {

273 newFile.transferTo(newUploadFile);


Fortify Priority: Critical Folder CriticalKingdom: Input Validation and RepresentationAbstract: BoardController.java 266 File() . .Source: BoardController.java:256 javax.servlet.ServletRequest.getParameter()254 public ModelAndView boardModifyProc(@ModelAttribute("BoardModel") BoardModel

boardModel, MultipartHttpServletRequest request){

255 String uploadPath=request.getContextPath()+"/files/";




Sink: BoardController.java:266 java.io.File.File()264 if(orgFileName != null || !orgFileName.equals("")){

265 // remove uploaded file

266 File removeFile = new File(uploadPath + orgFileName);

267 removeFile.delete();

268 //


Fortify Priority: Critical Folder CriticalKingdom: Input Validation and RepresentationAbstract: BoardController.java 188 File() . .Source: BoardController.java:185

org.springframework.web.multipart.MultipartRequest.getFile()183 String uploadPath = session.getServletContext().getRealPath("/")+"files/";

184 System.out.println("uploadPath: "+uploadPath);

185 MultipartFile file = request.getFile("file");

186 if ( file != null ) {

187 String fileName = file.getOriginalFilename();

Sink: BoardController.java:188 java.io.File.File()186 if ( file != null ) {


188 File uploadFile = new File(uploadPath+ fileName);

189 // when file exists as same name

190 if(uploadFile.exists()){


Fortify Priority: High Folder HighKingdom: Input Validation and RepresentationAbstract: BoardController.java 318 File() . .Source: BoardController.java:185








Sink: BoardController.java:318 java.io.File.File()316 // if: when the article has upload file - remove that

317 if(board.getFileName() != null){

318 File removeFile = new File(uploadPath + board.getFileName());


320 }


Fortify Priority: High Folder HighKingdom: Input Validation and RepresentationAbstract: BoardController.java 318 File() . .Source: BoardModel.java:80 setFileName(0)78 return fileName;

79 }

80 public void setFileName(String fileName) {

81 this.fileName = fileName;

82 }





320 }


Fortify Priority: High Folder HighKingdom: Input Validation and RepresentationAbstract: BoardController.java 318 File() . .Source: BoardController.java:257

org.springframework.web.multipart.MultipartRequest.getFile()255 String uploadPath=request.getContextPath()+"/files/";




259





320 }


Fortify Priority: High Folder HighKingdom: Input Validation and RepresentationAbstract: BoardController.java 318 File() . .Source: BoardController.java:256 javax.servlet.ServletRequest.getParameter()254 public ModelAndView boardModifyProc(@ModelAttribute("BoardModel") BoardModel

boardModel, MultipartHttpServletRequest request){

255 String uploadPath=request.getContextPath()+"/files/";










320 }


Fortify Priority: Critical Folder CriticalKingdom: Input Validation and RepresentationAbstract: BoardController.java 192 File() . .Source: BoardController.java:185






Sink: BoardController.java:192 java.io.File.File()190 if(uploadFile.exists()){

191 fileName = new Date().getTime() + fileName;

192 uploadFile = new File(uploadPath + fileName);

193 }

194 // save upload file to uploadPath



Category: Race Condition: Singleton Member Field (8 Issues)

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.0 4.5 5.0 5.5 6.0 6.5 7.0 7.5 8.0

Number of Issues

<Unaudited>

Not an Issue

Reliability Issue

Bad Practice

Suspicious

Exploitable

Ana

lysi

s

Abstract:Servlet .

Explanation: Servlet Servlet . Servlet , .

Servlet . , Servlet (race condition) .

1: Servlet , .

public class GuestBook extends HttpServlet {

String name;

protected void doPost (HttpServletRequest req,

HttpServletResponse res) {

name = req.getParameter("name");

...

out.println(name + ", thanks for visiting!");

}

}

, Servlet .

1:assign "Dick" to name

2:assign "Jane" to name

1:print "Jane, thanks for visiting!"

2:print "Jane, thanks for visiting!"

.

Recommendations:Servlet . , static final .

Servlet . , Servlet "" .

2: .

public class GuestBook extends HttpServlet {

protected void doPost (HttpServletRequest req,


GBRequestHandler handler = new GBRequestHandler();

handler.handle(req, res);

}

}

public class GBRequestHandler {

String name;



public void handle(HttpServletRequest req,


name = req.getParameter("name");

...

out.println(name + ", thanks for visiting!");

}

}

Servlet .

LoginController.java, line 41 (Race Condition: Singleton Member Field)

Fortify Priority: Critical Folder CriticalKingdom: Time and StateAbstract: LoginController context . .Sink: LoginController.java:41 AssignmentStatement()39 String userPw = loginModel.getUserPw();

40

41 context = new ClassPathXmlApplicationContext("/config/applicationContext.xml");

42 LoginService loginService = (LoginService) context.getBean("loginService");

43 LoginSessionModel loginCheckResult = loginService.checkUserId(userId,userPw);

BoardController.java, line 69 (Race Condition: Singleton Member Field)

Fortify Priority: Critical Folder CriticalKingdom: Time and StateAbstract: BoardController endArticleNum . .Sink: BoardController.java:69 AssignmentStatement()67 // expression article variables value

68 startArticleNum = (currentPage - 1) * showArticleLimit + 1;

69 endArticleNum = startArticleNum + showArticleLimit -1;

70 //

71


Fortify Priority: Critical Folder CriticalKingdom: Time and StateAbstract: BoardController currentPage . .Sink: BoardController.java:55 AssignmentStatement()53 currentPage = 1;

54 } else {

55 currentPage = Integer.parseInt(request.getParameter("page"));

56 }

57


Fortify Priority: Critical Folder CriticalKingdom: Time and StateAbstract: BoardController totalNum . .Sink: BoardController.java:76 AssignmentStatement()74 if(type != null && keyword != null){

75 boardList = boardService.searchArticle(type, keyword, startArticleNum, endArticleNum);

76 totalNum = boardService.getSearchTotalNum(type, keyword);

77 } else {

78 boardList = boardService.getBoardList(startArticleNum, endArticleNum);


Fortify Priority: Critical Folder Critical



Kingdom: Time and StateAbstract: BoardController currentPage . .Sink: BoardController.java:53 AssignmentStatement()51 // set variables from request parameter

52 if(request.getParameter("page") == null ||request.getParameter("page").trim().isEmpty() ||request.getParameter("page").equals("0")) {

53 currentPage = 1;

54 } else {

55 currentPage = Integer.parseInt(request.getParameter("page"));

MemberController.java, line 35 (Race Condition: Singleton Member Field)

Fortify Priority: Critical Folder CriticalKingdom: Time and StateAbstract: MemberController context . .Sink: MemberController.java:35 AssignmentStatement()33 }

34

35 context = new ClassPathXmlApplicationContext("/config/applicationContext.xml");

36 MemberService memberService = (MemberService) context.getBean("memberService");

37 MemberModel checkMemberModel = memberService.findByUserId(memberModel.getUserId());


Fortify Priority: Critical Folder CriticalKingdom: Time and StateAbstract: BoardController totalNum . .Sink: BoardController.java:79 AssignmentStatement()77 } else {

78 boardList = boardService.getBoardList(startArticleNum, endArticleNum);

79 totalNum = boardService.getTotalNum();

80 }

81 StringBuffer pageHtml = getPageHtml(currentPage, totalNum, showArticleLimit,showPageLimit, type, keyword);


Fortify Priority: Critical Folder CriticalKingdom: Time and StateAbstract: BoardController startArticleNum . .Sink: BoardController.java:68 AssignmentStatement()66

67 // expression article variables value

68 startArticleNum = (currentPage - 1) * showArticleLimit + 1;

69 endArticleNum = startArticleNum + showArticleLimit -1;

70 //



Category: Cross-Site Scripting: Reflected (3 Issues)

0.00 0.25 0.50 0.75 1.00 1.25 1.50 1.75 2.00 2.25 2.50 2.75 3.00

Number of Issues

<Unaudited>

Not an Issue

Reliability Issue

Bad Practice

Suspicious

Exploitable

Ana

lysi

s

Abstract: .

Explanation:XSS(Cross-site scripting) .

1. . Reflected XSS , Persisted(Stored ) XSS .

2. .

JavaScript HTML, Flash . XSS , .

1: JSP HTTP ID eid .

<% String eid = request.getParameter("eid"); %>

...

Employee ID: <%= eid %>

eid . eid , HTTP .

. URL ? URL URL . . Reflected XSS .

2: JSP ID .

<%...

Statement stmt = conn.createStatement();

ResultSet rs = stmt.executeQuery("select * from emp where id="+eid);

if (rs != null) {

rs.next();

String name = rs.getString("name");

}

%>

Employee Name: <%= name %>

1 name . name . name . . Persistent( Stored) XSS . XSS "" . JavaScript .

, XSS HTTP . XSS .

- 1 HTTP HTTP . XSS . . URL . URL URL . , .

- 2, . . Persistent XSS . . . .

- .

. Struts Struts 2 . , HP Fortify Static Code Analyzer . Context-Sensitive Ranking( ) . HP Fortify ,Fortify Security Research Group .

Recommendations:XSS .



XSS . ( ) . XSS .

SQL injection . XSS . XSS . . . , XSS .

XSS HTTP . , 0-9 . . HTML .

. . . HTML HTML . SEI(Software Engineering Institute) CERT(R) Coordination Center [1].

Block-level element ( ):

- "<" .

- "&" .

- ">" "<" .

.

- .

- .

- .

- "&" .

, URL . URL .

- , URL .

- "&" CGI .

- ASCII (, ISO-8859-1 128 ) URL .

- "%" HTTP . , "%" "%68%65%6C%6C%6F" "hello" .

<SCRIPT> </SCRIPT>:

- , , .

:

- (!) (") .

:

- UTF-7 '<' '+ADw-' . ( , UTF-7) .

XSS . , . . .

, . ISO 8859-1 HTML [2].

Cross-Site Scripting HTTP Cross-Site Scripting . . , . .

Tips:1. HP Fortify Secure Coding Rulepacks XSS . , DATABASE .

2. URL XSS , ( Internet Explorer 6 7 ) JavaScript DOM(Document Object Model) . Fortify Secure CodingRulepacks Cross-Site Scripting URL . URL Fortify Cross-Site Scripting: Poor Validation .

3. Fortify RTA adds protection against this category.

list.jsp, line 14 (Cross-Site Scripting: Reflected)

Fortify Priority: Critical Folder CriticalKingdom: Input Validation and RepresentationAbstract: list.jsp _jspService() 14 .Source: list.jsp:14 javax.servlet.ServletRequest.getParameter()12 <!--

13 function selectedOptionCheck(){

14 $("#type > option[value=<%=request.getParameter("type")%>]").attr("selected", "true");

15 }

16

Sink: list.jsp:14 javax.servlet.jsp.JspWriter.print()12 <!--

13 function selectedOptionCheck(){



14 $("#type > option[value=<%=request.getParameter("type")%>]").attr("selected", "true");

15 }

16

view.jsp, line 12 (Cross-Site Scripting: Reflected)

Fortify Priority: Critical Folder CriticalKingdom: Input Validation and RepresentationAbstract: view.jsp _jspService() 12 .Source: view.jsp:12 javax.servlet.ServletRequest.getParameter()10 <script type="text/javascript">

11 function errCodeCheck(){

12 var errCode = <%=request.getParameter("errCode")%>;

13 if(errCode != null || errCode != ""){

14 switch (errCode) {

Sink: view.jsp:12 javax.servlet.jsp.JspWriter.print()10 <script type="text/javascript">

11 function errCodeCheck(){

12 var errCode = <%=request.getParameter("errCode")%>;

13 if(errCode != null || errCode != ""){

14 switch (errCode) {

list.jsp, line 44 (Cross-Site Scripting: Reflected)

Fortify Priority: Critical Folder CriticalKingdom: Input Validation and RepresentationAbstract: list.jsp _jspService() 44 .Source: list.jsp:44 javax.servlet.ServletRequest.getParameter()42 <option value="writer">?????±???</option>

43 </select>

44 <input type="text" id="keyword" name="keyword"value="<%if(request.getParameter("keyword") != null){out.print(request.getParameter("keyword")); } else { out.print(""); }%>" />

45 <input type="submit" value="?²????" />

46 </form>

Sink: list.jsp:44 javax.servlet.jsp.JspWriter.print()42 <option value="writer">?????±???</option>

43 </select>

44 <input type="text" id="keyword" name="keyword"value="<%if(request.getParameter("keyword") != null){out.print(request.getParameter("keyword")); } else { out.print(""); }%>" />

45 <input type="submit" value="?²????" />

46 </form>



Category: Insecure Randomness (2 Issues)

0.00 0.25 0.50 0.75 1.00 1.25 1.50 1.75 2.00

Number of Issues

<Unaudited>

Not an Issue

Reliability Issue

Bad Practice

Suspicious

Exploitable

Ana

lysi

s

Abstract: (Standard pseudo-random number) .

Explanation:Insecure randomness .

. (PRNG) (seed) .

PRNG PRNG PRNG. PRNG . PRNG . . PRNG PRNG , .

: PRNG URL .

...

function genReceiptURL (baseURL){

var randNum = Math.random();

var receiptURL = baseURL + randNum + ".html";

return receiptURL;

}

...

Math.random() "" . Math.random() PRNG . PRNG .

Recommendations: , PRNG . PRNG . ( .)

JavaScript Mozilla API window.crypto.random() . Mozilla Firefox . PRNG . JavaScript PRNG .

jquery-1.7.1.js, line 3861 (Insecure Randomness)

Fortify Priority: High Folder HighKingdom: Security FeaturesAbstract: (Standard pseudo-random number) .Sink: jquery-1.7.1.js:3861 FunctionPointerCall()3859

3860 var chunker =/((?:$(?:\([^()]+$|[^()]+)+\)|\[(?:\[[^\[\]]*\]|['"][^'"]*['"]|[^\[\]'"]+)+\]|\\.|[^>+~,(\[\\]+)+|[>+~])(\s*,\s*)?((?:.|\r|\n)*)/g,

3861 expando = "sizcache" + (Math.random() + '').replace('.', ''),

3862 done = 0,

3863 toString = Object.prototype.toString,

jquery-1.7.1.js, line 1631 (Insecure Randomness)

Fortify Priority: High Folder HighKingdom: Security FeaturesAbstract: (Standard pseudo-random number) .Sink: jquery-1.7.1.js:1631 FunctionPointerCall()



1629 // Unique for each copy of jQuery on the page

1630 // Non-digits removed to match rinlinejQuery

1631 expando: "jQuery" + ( jQuery.fn.jquery + Math.random() ).replace( /\D/g, "" ),

1632

1633 // The following elements throw uncatchable exceptions if you



Category: Password Management: Password in Configuration File (2 Issues)

0.00 0.25 0.50 0.75 1.00 1.25 1.50 1.75 2.00

Number of Issues

<Unaudited>

Not an Issue

Reliability Issue

Bad Practice

Suspicious

Exploitable

Ana

lysi

s

Abstract: .

Explanation: . . password management .

Recommendations: . . (deobfuscation) .

. , WebSphere Application Server 4.x XOR . WebSphere . .

Tips:1. HP Fortify Static Code Analyzer . , .

2. .

dbconn.properties, line 4 (Password Management: Password in Configuration File)

Fortify Priority: High Folder HighKingdom: EnvironmentAbstract: .Sink: dbconn.properties:4 jdbc.password()4 jdbc.password =******

dbconn.properties, line 4 (Password Management: Password in Configuration File)

Fortify Priority: High Folder HighKingdom: EnvironmentAbstract: .Sink: dbconn.properties:4 jdbc.password()4 jdbc.password =******



Category: Privacy Violation: Autocomplete (2 Issues)

0.00 0.25 0.50 0.75 1.00 1.25 1.50 1.75 2.00

Number of Issues

<Unaudited>

Not an Issue

Reliability Issue

Bad Practice

Suspicious

Exploitable

Ana

lysi

s

Abstract: .

Explanation: , .

Recommendations: . . " " .

1: HTML form autocomplete off .

<form method="post" autocomplete="off">

Address: <input name="address" />

Password: <input name="password" type="password" />

</form>

2: autocomplete off .

<form method="post">

Address: <input name="address" />

Password: <input name="password" type="password" autocomplete="off"/>

</form>

autocomplete on . , .

join.jsp, line 52 (Privacy Violation: Autocomplete)

Fortify Priority: High Folder HighKingdom: Security FeaturesAbstract: join.jsp 52 .Sink: join.jsp:52 null()50 <span class="error"><form:errors path="MemberModel.userId" /></span><br />

51 <label for="userPw" class="label01">?¹??°??²???¸ :</label>

52 <input type="password" id="userPw" name="userPw" class="loginInput"/>

53 <span class="error"><form:errors path="MemberModel.userPw" /></span><br />

54 <label for="userPwCheck" class="label01">?¹??°??²???¸?????¸ : </label>

join.jsp, line 55 (Privacy Violation: Autocomplete)

Fortify Priority: High Folder HighKingdom: Security FeaturesAbstract: join.jsp 55 .Sink: join.jsp:55 null()53 <span class="error"><form:errors path="MemberModel.userPw" /></span><br />

54 <label for="userPwCheck" class="label01">?¹??°??²???¸?????¸ : </label>

55 <input type="password" id="userPwCheck" name="userPwCheck" class="loginInput"/><br />



56 <label for="userName" class="label01" >????????´??? : </label>

57 <input type="text" id="userName" name="userName" class="loginInput"/>



Category: SQL Injection: iBatis Data Map (2 Issues)

0.00 0.25 0.50 0.75 1.00 1.25 1.50 1.75 2.00

Number of Issues

<Unaudited>

Not an Issue

Reliability Issue

Bad Practice

Suspicious

Exploitable

Ana

lysi

s

Abstract: SQL SQL SQL .

Explanation:SQL injection .

1. .

2. SQL .

iBatis Data Map SQL iBatis Data Map # .

<select id="getItems" parameterClass="MyClass" resultClass="items">

SELECT * FROM items WHERE owner = #userName#

</select>

# iBatis userName . , iBatis $ SQL SQL injection .

1: SQL . .


SELECT * FROM items WHERE owner = #userName# AND itemname = '$itemName$'

</select>

, itemName . wiley itemName "name' OR 'a'='a" .

SELECT * FROM items

WHERE owner = 'wiley'

AND itemname = 'name' OR 'a'='a';

OR 'a'='a' where true .

SELECT * FROM items;

. items .

2: 1 . wiley itemName "name'; DELETE FROM items; --" .

SELECT * FROM items


AND itemname = 'name';

DELETE FROM items;

--'

Microsoft(R) SQL Server 2000 SQL . SQL Oracle .



(--) . SQL [4]. , . 1 . "name'); DELETE FROM items; SELECT * FROM items WHERE 'a'='a" SQL .

SELECT * FROM items


AND itemname = 'name';

DELETE FROM items;

SELECT * FROM items WHERE 'a'='a';

SQL injection () () . , SQL . SQL injection . , .

- .

- .

- (stored procedure) .

SQL SQL injection .

SQL injection (stored procedure) . (Stored procedure) SQL injection . (Stored procedure) SQL SQL injection . SQL (Stored procedure) . , (Stored procedure) SQL injection .

Recommendations:SQL injection SQL . SQL , . SQL SQL injection . SQL SQL , . , . SQL .

SQL .


SELECT * FROM items WHERE owner = #userName# AND itemname = #itemName#

</select>

WHERE , SQL . . SQL injection . , SQL . SQL .

board.xml, line 45 (SQL Injection: iBatis Data Map)

Fortify Priority: Critical Folder CriticalKingdom: Input Validation and RepresentationAbstract: board.xml 45 SQL . SQL SQL .Sink: board.xml:45 null()43 where $type$ like '%$keyword$%'

44 </select>

45 <select id="searchArticle" parameterClass="java.util.HashMap"resultClass="BoardModel">

46 select

47 b.idx, b.writer, b.subject,

board.xml, line 39 (SQL Injection: iBatis Data Map)

Fortify Priority: Critical Folder CriticalKingdom: Input Validation and RepresentationAbstract: board.xml 39 SQL . SQL SQL .Sink: board.xml:39 null()37 from jmboard

38 </select>

39 <select id="getSearchTotalNum" resultClass="int">

40 select

41 count(idx)



Code base location: D:/00./Fortify_/20131021/SummerBoard

Files Scanned:

.settings/org.eclipse.wst.common.project.facet.core.xmlxml345 bytes2013. 9. 14 1:27:14

WebContent/WEB-INF/board/join.jspjsp2.7 KB2013. 9. 16 7:34:00

WebContent/WEB-INF/board/list.jspjsp2.8 KB2013. 9. 23 1:44:32

WebContent/WEB-INF/board/login.jspjsp2.1 KB2013. 9. 14 1:48:00

WebContent/WEB-INF/board/modify.jspjsp2.1 KB2012. 1. 2 2:26:58

WebContent/WEB-INF/board/view.jspjsp4 KB2013. 10. 2 12:44:22

WebContent/WEB-INF/board/write.jspjsp2 KB2012. 1. 3 5:41:58

WebContent/WEB-INF/dispatcher-servlet.xmlxml2 KB2012. 1. 3 4:50:00

WebContent/WEB-INF/web.xmlxml1.4 KB2011. 12. 28 2:04:02

WebContent/index.htmlhtml174 bytes2013. 9. 14 1:45:48

WebContent/js/jquery-1.7.1.jsjavascript242.4 KB2011. 12. 22 4:27:26

build/classes/config/applicationContext.xmlxml2.2 KB2013. 10. 2 12:32:02

build/classes/config/dbconn.propertiesjava_properties131 bytes2013. 9. 16 7:58:12

build/classes/config/smboard_schema.sqltsql1.3 KB2013. 10. 2 12:27:52

build/classes/config/sqlMapConfig.xmlxml861 bytes2013. 9. 16 7:58:12

build/classes/config/validation.propertiesjava_properties53 bytes2011. 12. 28 4:07:48

src/config/applicationContext.xmlxml2.2 KB2013. 10. 2 12:32:02

src/config/dbconn.propertiesjava_properties131 bytes2013. 9. 16 7:58:12

src/config/smboard_schema.sqltsql1.3 KB2013. 10. 2 12:27:52

src/config/sqlMapConfig.xmlxml861 bytes2013. 9. 16 7:58:12

src/config/validation.propertiesjava_properties53 bytes2011. 12. 28 4:07:48

src/net/nice19/smboard/board/controller/BoardController.javajava12.7 KB2013. 10. 2 1:11:00

src/net/nice19/smboard/board/controller/TestCode.javajava78 bytes2013. 10. 1 4:23:54

src/net/nice19/smboard/board/dao/BoardDao.javajava1.3 KB2012. 1. 2 9:25:00

src/net/nice19/smboard/board/model/BoardCommentModel.javajava1 KB2011. 12. 30 1:34:28

src/net/nice19/smboard/board/model/BoardModel.javajava1.7 KB2012. 1. 2 1:53:16

src/net/nice19/smboard/board/service/BoardService.javajava3.2 KB2012. 1. 2 9:40:40

src/net/nice19/smboard/ibatis/board.xmlxml4.6 KB2013. 9. 23 1:38:16

src/net/nice19/smboard/ibatis/login.xmlxml775 bytes2013. 10. 2 11:49:40

src/net/nice19/smboard/ibatis/member.xmlxml1 KB2013. 9. 16 8:04:08

src/net/nice19/smboard/interceptor/SessionInterceptor.javajava1.2 KB2012. 1. 3 3:59:44

src/net/nice19/smboard/login/controller/LoginController.javajava2.6 KB2013. 9. 23 12:58:44

src/net/nice19/smboard/login/dao/LoginDao.javajava255 bytes2013. 9. 23 1:00:32

src/net/nice19/smboard/login/model/LoginSessionModel.javajava918 bytes2013. 9. 23 1:00:32

src/net/nice19/smboard/login/service/LoginService.javajava911 bytes2013. 9. 23 1:03:22

src/net/nice19/smboard/login/service/LoginValidator.javajava842 bytes2011. 12. 29 9:24:56

src/net/nice19/smboard/member/controller/MemberController.javajava2 KB2012. 1. 2 11:47:24

src/net/nice19/smboard/member/dao/MemberDao.javajava220 bytes2011. 12. 28 6:14:28

src/net/nice19/smboard/member/model/MemberModel.javajava812 bytes2011. 12. 28 9:39:50

src/net/nice19/smboard/member/service/MemberService.javajava948 bytes2011. 12. 29 9:12:52

src/net/nice19/smboard/member/service/MemberValidatior.javajava923 bytes2011. 12. 29 9:25:08

Classpath:

D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\commons-dbcp-1.4.jar

Detailed Project SummaryFiles Scanned

Reference Elements



D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\commons-fileupload-1.2.2.jar

D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\commons-io-2.0.1.jar

D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\commons-logging-1.1.1.jar

D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\commons-pool-1.5.6.jar

D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\ibatis-2.3.4.726.jar

D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\jstl-api-1.2.jar

D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\jstl-impl-1.2.jar

D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\mysql-connector-java-5.1.5-bin.jar

D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\ojdbc14.jar

D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\org.springframework.aop-3.1.0.RELEASE.jar

D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\org.springframework.asm-3.1.0.RELEASE.jar

D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\org.springframework.aspects-3.1.0.RELEASE.jar

D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\org.springframework.beans-3.1.0.RELEASE.jar

D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\org.springframework.context-3.1.0.RELEASE.jar

D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\org.springframework.context.support-3.1.0.RELEASE.jar

D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\org.springframework.core-3.1.0.RELEASE.jar

D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\org.springframework.expression-3.1.0.RELEASE.jar

D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\org.springframework.instrument-3.1.0.RELEASE.jar

D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\org.springframework.instrument.tomcat-3.1.0.RELEASE.jar

D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\org.springframework.jdbc-3.1.0.RELEASE.jar

D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\org.springframework.jms-3.1.0.RELEASE.jar

D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\org.springframework.orm-3.1.0.RELEASE.jar

D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\org.springframework.oxm-3.1.0.RELEASE.jar

D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\org.springframework.test-3.1.0.RELEASE.jar

D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\org.springframework.transaction-3.1.0.RELEASE.jar

D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\org.springframework.web-3.1.0.RELEASE.jar

D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\org.springframework.web.portlet-3.1.0.RELEASE.jar

D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\org.springframework.web.servlet-3.1.0.RELEASE.jar

D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\org.springframework.web.struts-3.1.0.RELEASE.jar

Libdirs:

No libdirs specified during translation

Valid Rulepacks:

Name: Fortify , , ABAP

Version: 2013.1.1.0008

ID: A68E453E-17CF-4CC6-B038-EC15275EF284

SKU: RUL13100

Name: Fortify , , ActionScript 3.0

Version: 2013.1.1.0008

ID: 97FE26F7-DE80-427E-A4DD-BDB2A18A04E5

SKU: RUL13101

Name: Fortify , , Android

Version: 2013.1.1.0008

Rulepacks



ID: 72BA22A1-FB05-48AA-A677-32EE9DE8EE7D

SKU: RUL13102

Name: Fortify , ,

Version: 2013.1.1.0008

ID: ECF9D5C7-4380-470E-9184-8CC664A627C9

SKU: RUL13080

Name: Fortify , , ColdFusion 5.0

Version: 2013.1.1.0008

ID: 4818C291-33D7-4DA2-9117-63AD83E8B23C

SKU: RUL13032

Name: Fortify , , C/C++

Version: 2013.1.1.0008

ID: C33370BD-4810-478F-B244-168C6C26EFA6

SKU: RUL13015

Name: Fortify , , .NET

Version: 2013.1.1.0008

ID: 647E5ECD-4BFB-44C6-B86B-6678E98D8EA8

SKU: RUL13016

Name: Fortify , , Java

Version: 2013.1.1.0008

ID: 90642FEA-0043-4416-9032-F0A4F0DF56A6

SKU: RUL13017

Name: Fortify , , JavaScript

Version: 2013.1.1.0008

ID: F910862E-08FC-4118-B0E8-8D2257AC0059

SKU: RUL13065

Name: Fortify , , Objective-C

Version: 2013.1.1.0008

ID: A4AE1E41-4DA2-483A-B2C1-883F7235B4CC

SKU: RUL13110

Name: Fortify , , PHP

Version: 2013.1.1.0008

ID: 70667216-191A-40C6-8564-15DFB99CBAE3

SKU: RUL13064

Name: Fortify , , Python

Version: 2013.1.1.0008

ID: D774151B-AB2A-4DF1-8F16-341AD4334CB9

SKU: RUL13085

Name: Fortify , , SQL

Version: 2013.1.1.0008

ID: B615B96E-C718-4324-9808-A35BC9DF1289



SKU: RUL13018

Name: Fortify , , Classic ASP, VBScript VB6

Version: 2013.1.1.0008

ID: C79E2DDD-9C19-4E0E-B16E-5BD549967D8B

SKU: RUL13066

Name: Fortify , ,

Version: 2013.1.1.0008

ID: 02670170-E5E6-4A7F-AD4C-7481EBC812BA

SKU: RUL13019

Name: Fortify , ,

Version: 2013.1.1.0008

ID: A93E6268-C89C-42F4-9E08-EB128F790196

SKU: RUL13075

Name: Fortify , , C/C++

Version: 2013.1.1.0008

ID: 329C9994-07BC-424F-AE27-E3864B8E18C7

SKU: RUL13020

Name: Fortify , , .NET

Version: 2013.1.1.0008

ID: 7B7AF804-D719-479E-9FAA-48DE36280BEA

SKU: RUL13033

Name: Fortify , , Java

Version: 2013.1.1.0008

ID: E3538DF4-9298-40DF-A5B5-933DC2BE79EB

SKU: RUL13021

Name: Fortify , , JSP

Version: 2013.1.1.0008

ID: CE6CB10E-32A9-4B7C-B1C4-C0A71B34B0FA

SKU: RUL13034

Name: Fortify , , SQL

Version: 2013.1.1.0008

ID: 52664466-6BDF-4022-98F5-7FC6CA8EEE89

SKU: RUL13035

WinForms.CollectionMutationMonitor.Label=WinFormsDataSource

WinForms.ExtractEventHandlers=true

WinForms.TransformChangeNotificationPattern=true

WinForms.TransformDataBindings=true

WinForms.TransformMessageLoops=true

awt.toolkit=sun.awt.windows.WToolkit

Properties



com.fortify.AuthenticationKey=C:\Users\Administrator\AppData\Local/Fortify/config/tools

com.fortify.Core=D:\Program Files\Fortify Software\HP Fortify v3.40\Core

com.fortify.InstallRoot=D:\Program Files\Fortify Software\HP Fortify v3.40

com.fortify.InstallationUserName=5002536

com.fortify.SCAExecutablePath=D:\Program Files\Fortify Software\HP Fortify v3.40\bin\sourceanalyzer.exe

com.fortify.TotalPhysicalMemory=4226146304

com.fortify.VS.RequireASPPrecompilation=true

com.fortify.WorkingDirectory=C:\Users\Administrator\AppData\Local/Fortify

com.fortify.locale=en

com.fortify.sca.AddImpliedMethods=true

com.fortify.sca.AllocationWebServiceURL=https://per-use.fortify.com/services/GasAllocationService

com.fortify.sca.AntCompilerClass=com.fortify.dev.ant.SCACompiler

com.fortify.sca.BuildID=SummerBoard

com.fortify.sca.BundleControlflowIssues=true

com.fortify.sca.CollectPerformanceData=true

com.fortify.sca.CustomRulesDir=D:\Program Files\Fortify Software\HP Fortify v3.40\Core\config\customrules

com.fortify.sca.DaemonCompilers=com.fortify.sca.util.compilers.GppCompiler,com.fortify.sca.util.compilers.GccCompiler,com.f

ortify.sca.util.compilers.AppleGppCompiler,com.fortify.sca.util.compilers.AppleGccCompiler,com.fortify.sca.util.compilers.Micr

osoftCompiler,com.fortify.sca.util.compilers.MicrosoftLinker,com.fortify.sca.util.compilers.LdCompiler,com.fortify.sca.util.com

pilers.ArUtil,com.fortify.sca.util.compilers.SunCCompiler,com.fortify.sca.util.compilers.SunCppCompiler,com.fortify.sca.util.co

mpilers.IntelCompiler,com.fortify.sca.util.compilers.ExternalCppAdapter,com.fortify.sca.util.compilers.ClangCompiler

com.fortify.sca.DeadCodeFilter=true

com.fortify.sca.DeadCodeIgnoreTrivialPredicates=true

com.fortify.sca.DefaultAnalyzers=semantic:dataflow:controlflow:nullptr:configuration:content:structural:buffer

com.fortify.sca.DefaultFileTypes=java,jsp,jspx,tag,tagx,sql,cfm,php,ctp,pks,pkh,pkb,xml,config,properties,dll,exe,inc,asp,vbscript

,js,ini,bas,cls,vbs,frm,ctl,html,htm,xsd,wsdd,xmi,py,cfml,cfc,abap,xhtml,cpx,xcfg,jsff,as,mxml

com.fortify.sca.DefaultJarsDirs=default_jars

com.fortify.sca.DefaultRulesDir=D:\Program Files\Fortify Software\HP Fortify v3.40\Core\config\rules

com.fortify.sca.DisableDeadCodeElimination=false

com.fortify.sca.DisableFunctionPointers=false

com.fortify.sca.DisableGlobals=false

com.fortify.sca.DisplayProgress=true

com.fortify.sca.FVDLAllowUnifiedVulnerability=true

com.fortify.sca.FVDLDisableDescriptions=false

com.fortify.sca.FVDLDisableProgramData=false

com.fortify.sca.FVDLDisableSnippets=false

com.fortify.sca.FVDLStylesheet=D:\Program Files\Fortify Software\HP Fortify v3.40\Core/resources/sca/fvdl2html.xsl

com.fortify.sca.IndirectCallGraphBuilders=com.fortify.sca.analyzer.callgraph.WinFormsAdHocFunctionBuilder,com.fortify.sca.a

nalyzer.callgraph.VirtualCGBuilder,com.fortify.sca.analyzer.callgraph.J2EEIndirectCGBuilder,com.fortify.sca.analyzer.callgraph

.JNICGBuilder,com.fortify.sca.analyzer.callgraph.StoredProcedureResolver,com.fortify.sca.analyzer.callgraph.JavaWSCGBuilder

,com.fortify.sca.analyzer.callgraph.StrutsCGBuilder,com.fortify.sca.analyzer.callgraph.DotNetWSCGBuilder,com.fortify.sca.anal

yzer.callgraph.SqlServerSPResolver,com.fortify.sca.analyzer.callgraph.ASPCGBuilder,com.fortify.sca.analyzer.callgraph.Scripte

dCGBuilder,com.fortify.sca.analyzer.callgraph.NewJspCustomTagCGBuilder,com.fortify.sca.analyzer.callgraph.DotNetCABCG

Builder,com.fortify.sca.analyzer.callgraph.StateInjectionCGBuilder,com.fortify.sca.analyzer.callgraph.SqlServerSPResolver2

com.fortify.sca.JVMArgs=-Dcom.sun.management.jmxremote=true -XX:SoftRefLRUPolicyMSPerMB=100 -Xss1M -Xmx600M

-Xms300M -server

com.fortify.sca.JdkVersion=1.4

com.fortify.sca.LowSeverityCutoff=1.0

com.fortify.sca.MachineOutputMode=

com.fortify.sca.NoNestedOutTagOutput=org.apache.taglibs.standard.tag.rt.core.RemoveTag,org.apache.taglibs.standard.tag.rt.cor

e.SetTag



com.fortify.sca.PID=2952

com.fortify.sca.PidFile=C:\Users\ADMINI~1\AppData\Local\Temp\PID6469815142888690840.tmp

com.fortify.sca.PrintPerformanceDataAfterScan=false

com.fortify.sca.ProjectRoot=C:\Users\Administrator\AppData\Local/Fortify

com.fortify.sca.Renderer=fpr

com.fortify.sca.ResultsFile=C:\Users\Administrator\AppData\Local/Fortify\AWB-3.40\SummerBoard\SummerBoard.fpr

com.fortify.sca.SolverTimeout=15

com.fortify.sca.SqlLanguage=TSQL

com.fortify.sca.SuppressLowSeverity=true

com.fortify.sca.Tank=D:\Program Files\Fortify Software\HP Fortify v3.40\Core\config\tank.dat#493480#1#D:\Program

Files\Fortify Software\HP Fortify v3.40\Core\config\tank.a08804#804606#1#D:\Program Files\Fortify Software\HP Fortify

v3.40\Core\config\tank.b08804#214783#1#

com.fortify.sca.UnicodeInputFile=true

com.fortify.sca.analyzer.controlflow.EnableLivenessOptimization=false

com.fortify.sca.analyzer.controlflow.EnableMachineFiltering=false

com.fortify.sca.analyzer.controlflow.EnableRefRuleOptimization=false

com.fortify.sca.analyzer.controlflow.EnableTimeOut=true

com.fortify.sca.compilers.ant=com.fortify.sca.util.compilers.AntAdapter

com.fortify.sca.compilers.ar=com.fortify.sca.util.compilers.ArUtil

com.fortify.sca.compilers.armcc=com.fortify.sca.util.compilers.ArmCcCompiler

com.fortify.sca.compilers.armcpp=com.fortify.sca.util.compilers.ArmCppCompiler

com.fortify.sca.compilers.c++=com.fortify.sca.util.compilers.GppCompiler

com.fortify.sca.compilers.cc=com.fortify.sca.util.compilers.GccCompiler

com.fortify.sca.compilers.cl=com.fortify.sca.util.compilers.MicrosoftCompiler

com.fortify.sca.compilers.clearmake=com.fortify.sca.util.compilers.TouchlessCompiler

com.fortify.sca.compilers.devenv=com.fortify.sca.util.compilers.DevenvNetAdapter

com.fortify.sca.compilers.fortify=com.fortify.sca.util.compilers.FortifyCompiler

com.fortify.sca.compilers.g++=com.fortify.sca.util.compilers.GppCompiler

com.fortify.sca.compilers.g++-*=com.fortify.sca.util.compilers.GppCompiler

com.fortify.sca.compilers.g++2*=com.fortify.sca.util.compilers.GppCompiler



com.fortify.sca.compilers.gcc=com.fortify.sca.util.compilers.GccCompiler

com.fortify.sca.compilers.gcc-*=com.fortify.sca.util.compilers.GccCompiler

com.fortify.sca.compilers.gcc2*=com.fortify.sca.util.compilers.GccCompiler



com.fortify.sca.compilers.gmake=com.fortify.sca.util.compilers.TouchlessCompiler

com.fortify.sca.compilers.icc=com.fortify.sca.util.compilers.IntelCompiler

com.fortify.sca.compilers.icpc=com.fortify.sca.util.compilers.IntelCompiler

com.fortify.sca.compilers.jam=com.fortify.sca.util.compilers.TouchlessCompiler

com.fortify.sca.compilers.javac=com.fortify.sca.util.compilers.JavacCompiler

com.fortify.sca.compilers.ld=com.fortify.sca.util.compilers.LdCompiler

com.fortify.sca.compilers.link=com.fortify.sca.util.compilers.MicrosoftLinker

com.fortify.sca.compilers.make=com.fortify.sca.util.compilers.TouchlessCompiler

com.fortify.sca.compilers.msbuild=com.fortify.sca.util.compilers.MSBuildAdapter

com.fortify.sca.compilers.msdev=com.fortify.sca.util.compilers.DevenvAdapter

com.fortify.sca.compilers.nmake=com.fortify.sca.util.compilers.TouchlessCompiler

com.fortify.sca.compilers.tcc=com.fortify.sca.util.compilers.ArmCcCompiler

com.fortify.sca.compilers.tcpp=com.fortify.sca.util.compilers.ArmCppCompiler

com.fortify.sca.compilers.touchless=com.fortify.sca.util.compilers.FortifyCompiler



com.fortify.sca.cpfe.command=D:\Program Files\Fortify Software\HP Fortify v3.40\Core/private-bin/sca/cpfe.exe

com.fortify.sca.cpfe.file.option=--gen_c_file_name

com.fortify.sca.cpfe.options=--remove_unneeded_entities --suppress_vtbl -tused

com.fortify.sca.cpfe.options=--remove_unneeded_entities --suppress_vtbl -tused

com.fortify.sca.env.exesearchpath=C:\Windows\system32;C:\Windows\;D:\Program Files\Fortify Software\HP Fortify

v3.40\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;

C:\Windows\Softcamp\SDS;C:\Windows\Softcamp\SDK;C:\Windows\Softcamp\VSD;C:\Program Files (x86)\Windows

Imaging\;D:\oracle\product\instantclient10_1;D:\Program Files (x86)\IBM\Rational AppScan\

com.fortify.sca.fileextensions.ABAP=ABAP

com.fortify.sca.fileextensions.abap=ABAP

com.fortify.sca.fileextensions.as=ACTIONSCRIPT

com.fortify.sca.fileextensions.asp=ASP

com.fortify.sca.fileextensions.bas=VB6

com.fortify.sca.fileextensions.cfc=CFML

com.fortify.sca.fileextensions.cfm=CFML

com.fortify.sca.fileextensions.cfml=CFML

com.fortify.sca.fileextensions.cls=VB6

com.fortify.sca.fileextensions.config=XML

com.fortify.sca.fileextensions.cpx=XML

com.fortify.sca.fileextensions.cs=CSHARP

com.fortify.sca.fileextensions.ctl=VB6

com.fortify.sca.fileextensions.ctp=PHP

com.fortify.sca.fileextensions.dll=MSIL

com.fortify.sca.fileextensions.exe=MSIL

com.fortify.sca.fileextensions.faces=JSPX

com.fortify.sca.fileextensions.frm=VB6

com.fortify.sca.fileextensions.htm=HTML

com.fortify.sca.fileextensions.html=HTML

com.fortify.sca.fileextensions.ini=JAVA_PROPERTIES

com.fortify.sca.fileextensions.java=JAVA

com.fortify.sca.fileextensions.js=JAVASCRIPT

com.fortify.sca.fileextensions.jsff=JSPX

com.fortify.sca.fileextensions.jsp=JSP

com.fortify.sca.fileextensions.jspx=JSPX

com.fortify.sca.fileextensions.mdl=MSIL

com.fortify.sca.fileextensions.mod=MSIL

com.fortify.sca.fileextensions.mxml=MXML

com.fortify.sca.fileextensions.php=PHP

com.fortify.sca.fileextensions.pkb=PLSQL

com.fortify.sca.fileextensions.pkh=PLSQL

com.fortify.sca.fileextensions.pks=PLSQL

com.fortify.sca.fileextensions.properties=JAVA_PROPERTIES

com.fortify.sca.fileextensions.py=PYTHON

com.fortify.sca.fileextensions.sql=SQL

com.fortify.sca.fileextensions.tag=JSP

com.fortify.sca.fileextensions.tagx=JSP

com.fortify.sca.fileextensions.vb=VB

com.fortify.sca.fileextensions.vbs=VB6

com.fortify.sca.fileextensions.vbscript=VBSCRIPT

com.fortify.sca.fileextensions.wsdd=XML

com.fortify.sca.fileextensions.xcfg=XML



com.fortify.sca.fileextensions.xhtml=JSPX

com.fortify.sca.fileextensions.xmi=XML

com.fortify.sca.fileextensions.xml=XML

com.fortify.sca.fileextensions.xsd=XML

com.fortify.sca.jsp.UseNativeParser=true

com.sun.management.jmxremote=true

dotnet.install.dir=C:\Windows\Microsoft.NET\Framework

dotnet.v30.referenceAssemblies=C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0

dotnet.v35.referenceAssemblies=C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5

file.encoding=MS949

file.encoding.pkg=sun.io

file.separator=\

java.awt.graphicsenv=sun.awt.Win32GraphicsEnvironment

java.awt.printerjob=sun.awt.windows.WPrinterJob

java.class.path=D:\Program Files\Fortify Software\HP Fortify v3.40\Core\lib\exe\sca-exe.jar

java.class.version=50.0

java.endorsed.dirs=D:\Program Files\Fortify Software\HP Fortify v3.40\jre\lib\endorsed

java.ext.dirs=D:\Program Files\Fortify Software\HP Fortify v3.40\jre\lib\ext;C:\Windows\Sun\Java\lib\ext

java.home=D:\Program Files\Fortify Software\HP Fortify v3.40\jre

java.io.tmpdir=C:\Users\ADMINI~1\AppData\Local\Temp\

java.library.path=D:\Program Files\Fortify Software\HP Fortify

v3.40\jre\bin;.;C:\Windows\Sun\Java\bin;C:\Windows\system32;C:\Windows;C:\Windows\;D:\Program Files\Fortify

Software\HP Fortify

v3.40\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;

C:\Windows\Softcamp\SDS;C:\Windows\Softcamp\SDK;C:\Windows\Softcamp\VSD;C:\Program Files (x86)\Windows

Imaging\;D:\oracle\product\instantclient10_1;D:\Program Files (x86)\IBM\Rational AppScan\

java.rmi.server.randomIDs=true

java.runtime.name=Java(TM) SE Runtime Environment

java.runtime.version=1.6.0_24-b07

java.specification.name=Java Platform API Specification

java.specification.vendor=Sun Microsystems Inc.

java.specification.version=1.6

java.vendor=Sun Microsystems Inc.

java.vendor.url=http://java.sun.com/

java.vendor.url.bug=http://java.sun.com/cgi-bin/bugreport.cgi

java.version=1.6.0_24

java.vm.info=mixed mode

java.vm.name=Java HotSpot(TM) Server VM

java.vm.specification.name=Java Virtual Machine Specification

java.vm.specification.vendor=Sun Microsystems Inc.

java.vm.specification.version=1.0

java.vm.vendor=Sun Microsystems Inc.

java.vm.version=19.1-b02

line.separator=

max.file.path.length=255

os.arch=x86

os.name=Windows 7

os.version=6.1

path.separator=;

stderr.isatty=false



stdout.isatty=false

sun.arch.data.model=32

sun.boot.class.path=D:\Program Files\Fortify Software\HP Fortify v3.40\jre\lib\resources.jar;D:\Program Files\Fortify

Software\HP Fortify v3.40\jre\lib\rt.jar;D:\Program Files\Fortify Software\HP Fortify v3.40\jre\lib\sunrsasign.jar;D:\Program

Files\Fortify Software\HP Fortify v3.40\jre\lib\jsse.jar;D:\Program Files\Fortify Software\HP Fortify

v3.40\jre\lib\jce.jar;D:\Program Files\Fortify Software\HP Fortify v3.40\jre\lib\charsets.jar;D:\Program Files\Fortify Software\HP

Fortify v3.40\jre\lib\modules\jdk.boot.jar;D:\Program Files\Fortify Software\HP Fortify v3.40\jre\classes

sun.boot.library.path=D:\Program Files\Fortify Software\HP Fortify v3.40\jre\bin

sun.cpu.endian=little

sun.cpu.isalist=pentium_pro+mmx pentium_pro pentium+mmx pentium i486 i386 i86

sun.desktop=windows

sun.io.unicode.encoding=UnicodeLittle

sun.java.launcher=SUN_STANDARD

sun.jnu.encoding=MS949

sun.management.compiler=HotSpot Tiered Compilers

sun.os.patch.level=Service Pack 1

user.country=KR

user.dir=C:\Windows\system32

user.home=C:\Users\Administrator

user.language=ko

user.name=5002536

user.timezone=Asia/Seoul

user.variant=

win32.LocalAppdata=C:\Users\Administrator\AppData\Local

-scan

-pid-file

C:\Users\ADMINI~1\AppData\Local\Temp\PID6469815142888690840.tmp

-b

SummerBoard

-machine-output

-format

fpr

-f

C:\Users\Administrator\AppData\Local/Fortify\AWB-3.40\SummerBoard\SummerBoard.fpr

[10002] Unable to parse T-SQL at D:\00.\Fortify_\20131021\SummerBoard\src\config\smboard_schema.sql:24:28.

[10002] Unable to parse T-SQL at D:\00.\Fortify_\20131021\SummerBoard\build\classes\config\smboard_schema.sql:4:17.







[212] Encountered an exception while trying to read rule pack D:\Program Files\Fortify Software\HP Fortify

v3.40\Core\config\customrules\externalmetadata.xml

[212] Encountered an exception while trying to read rule pack D:\Program Files\Fortify Software\HP Fortify

v3.40\Core\config\customrules\externalmetadata.xml

Commandline Arguments

Warnings



Issue Count by CategoryIssues by Category

Trust Boundary Violation 19Hidden Field 9Path Manipulation 8Race Condition: Singleton Member Field 8Cross-Site Request Forgery 7JavaScript Hijacking: Vulnerable Framework 6Poor Logging Practice: Use of a System Output Stream 4System Information Leak 4Cross-Site Scripting: Reflected 3Missing Check against Null 3Password Management: Password in Comment 3Insecure Randomness 2Often Misused: File Upload 2Password Management: Password in Configuration File 2Poor Error Handling: Overly Broad Catch 2Privacy Violation: Autocomplete 2Redundant Null Check 2SQL Injection: iBatis Data Map 2J2EE Misconfiguration: Excessive Session Timeout 1J2EE Misconfiguration: Missing Error Handling 1



<none>

<none>: (90, 100%)

Issue Breakdown by AnalysisIssues by Analysis

Documents

Fortify Security Report