On 2013. 10. 21, a source code review was performed over the SummerBoard code base. 41 files, 4,156 LOC (Executable) were
scanned and reviewed for defects that could lead to potential security vulnerabilities. A total of 90 reviewed findings were
uncovered during the analysis.
The Issues Category section provides Fortify recommendations for addressing issues at a generic level. The recommendations for
specific fixes can be extrapolated from those generic recommendations by the development group.
Executive SummaryIssues Overview
Issues by Fortify Priority Order
Low 61Critical 17High 10Medium 2
Recommendations and Conclusions
Fortify Security Report
Copyright 2010 Fortify Software Inc. Page 2 of 32
Code location: D:/00./Fortify_/20131021/SummerBoard
Number of Files: 41
Lines of Code: 4156
Build Label: <No Build Label>
Scan time: 02:15
SCA Engine version: 5.11.0.0055
Machine Name: AES-N500253605
Username running scan: 5002536
Results Certification Partially Valid
Details:
Results Signature:
SCA Analysis Results has Valid signature
Rules Signature:
rules/externalmetadata.xml is not signed
Attack Surface:
Private Information:
null.null.null
System Information:
null.null.null
javax.servlet.ServletContext.getRealPath
Current Enabled Filter Set:
Security Auditor View
Filter Set Details:
Folder Filters:
If [fortify priority order] contains critical Then set folder to Critical
If [fortify priority order] contains high Then set folder to High
If [fortify priority order] contains medium Then set folder to Medium
If [fortify priority order] contains low Then set folder to Low
Project SummaryCode Base Summary
Scan Information
Results Certification
Attack Surface
Filter Set Summary
Fortify Security Report
Copyright 2010 Fortify Software Inc. Page 3 of 32
Audit guide not enabled
Audit Guide Summary
Fortify Security Report
Copyright 2010 Fortify Software Inc. Page 4 of 32
The scan found 90 issues.
Results OutlineOverall number of results
Vulnerability Examples by Category
Category: Path Manipulation (8 Issues)
0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.0 4.5 5.0 5.5 6.0 6.5 7.0 7.5 8.0
Number of Issues
<Unaudited>
Not an Issue
Reliability Issue
Bad Practice
Suspicious
Exploitable
Ana
lysi
s
Abstract: .
Explanation:Path manipulation .
1. .
2. .
, .
1: HTTP . "../../tomcat/conf/server.xml" .
String rName = request.getParameter("reportName");
File rFile = new File("/usr/local/apfr/reports/" + rName);
...
rFile.delete();
2: . , .txt .
fis = new FileInputStream(cfg.getProperty("sub")+".txt");
amt = fis.read(arr);
out.println(arr);
Recommendations:Path manipulation . , . .
. . . . .
Tips:1. Custom Rules Editor cleanse .
2. . . , . .
3. . Struts Struts 2 . , HP Fortify Secure Coding Rulepacks HP Fortify Static Code Analyzer . Context-Sensitive Ranking( ) . HP Fortify , Fortify Security Research Group .
BoardController.java, line 271 (Path Manipulation)
Fortify Priority: Critical Folder CriticalKingdom: Input Validation and Representation
Fortify Security Report
Copyright 2010 Fortify Software Inc. Page 5 of 32
Abstract: BoardController.java 271 File() . .Source: BoardController.java:257
org.springframework.web.multipart.MultipartRequest.getFile()255 String uploadPath=request.getContextPath()+"/files/";
256 String orgFileName = request.getParameter("orgFile");
257 MultipartFile newFile = request.getFile("newFile");
258 String newFileName = newFile.getOriginalFilename();
259
Sink: BoardController.java:271 java.io.File.File()269 }
270 // create new upload file
271 File newUploadFile = new File(uploadPath +newFileName);
272 try {
273 newFile.transferTo(newUploadFile);
BoardController.java, line 266 (Path Manipulation)
Fortify Priority: Critical Folder CriticalKingdom: Input Validation and RepresentationAbstract: BoardController.java 266 File() . .Source: BoardController.java:256 javax.servlet.ServletRequest.getParameter()254 public ModelAndView boardModifyProc(@ModelAttribute("BoardModel") BoardModel
boardModel, MultipartHttpServletRequest request){
255 String uploadPath=request.getContextPath()+"/files/";
256 String orgFileName = request.getParameter("orgFile");
257 MultipartFile newFile = request.getFile("newFile");
258 String newFileName = newFile.getOriginalFilename();
Sink: BoardController.java:266 java.io.File.File()264 if(orgFileName != null || !orgFileName.equals("")){
265 // remove uploaded file
266 File removeFile = new File(uploadPath + orgFileName);
267 removeFile.delete();
268 //
BoardController.java, line 188 (Path Manipulation)
Fortify Priority: Critical Folder CriticalKingdom: Input Validation and RepresentationAbstract: BoardController.java 188 File() . .Source: BoardController.java:185
org.springframework.web.multipart.MultipartRequest.getFile()183 String uploadPath = session.getServletContext().getRealPath("/")+"files/";
184 System.out.println("uploadPath: "+uploadPath);
185 MultipartFile file = request.getFile("file");
186 if ( file != null ) {
187 String fileName = file.getOriginalFilename();
Sink: BoardController.java:188 java.io.File.File()186 if ( file != null ) {
187 String fileName = file.getOriginalFilename();
188 File uploadFile = new File(uploadPath+ fileName);
189 // when file exists as same name
190 if(uploadFile.exists()){
BoardController.java, line 318 (Path Manipulation)
Fortify Priority: High Folder HighKingdom: Input Validation and RepresentationAbstract: BoardController.java 318 File() . .Source: BoardController.java:185
org.springframework.web.multipart.MultipartRequest.getFile()183 String uploadPath = session.getServletContext().getRealPath("/")+"files/";
184 System.out.println("uploadPath: "+uploadPath);
Fortify Security Report
Copyright 2010 Fortify Software Inc. Page 6 of 32
185 MultipartFile file = request.getFile("file");
186 if ( file != null ) {
187 String fileName = file.getOriginalFilename();
Sink: BoardController.java:318 java.io.File.File()316 // if: when the article has upload file - remove that
317 if(board.getFileName() != null){
318 File removeFile = new File(uploadPath + board.getFileName());
319 removeFile.delete();
320 }
BoardController.java, line 318 (Path Manipulation)
Fortify Priority: High Folder HighKingdom: Input Validation and RepresentationAbstract: BoardController.java 318 File() . .Source: BoardModel.java:80 setFileName(0)78 return fileName;
79 }
80 public void setFileName(String fileName) {
81 this.fileName = fileName;
82 }
Sink: BoardController.java:318 java.io.File.File()316 // if: when the article has upload file - remove that
317 if(board.getFileName() != null){
318 File removeFile = new File(uploadPath + board.getFileName());
319 removeFile.delete();
320 }
BoardController.java, line 318 (Path Manipulation)
Fortify Priority: High Folder HighKingdom: Input Validation and RepresentationAbstract: BoardController.java 318 File() . .Source: BoardController.java:257
org.springframework.web.multipart.MultipartRequest.getFile()255 String uploadPath=request.getContextPath()+"/files/";
256 String orgFileName = request.getParameter("orgFile");
257 MultipartFile newFile = request.getFile("newFile");
258 String newFileName = newFile.getOriginalFilename();
259
Sink: BoardController.java:318 java.io.File.File()316 // if: when the article has upload file - remove that
317 if(board.getFileName() != null){
318 File removeFile = new File(uploadPath + board.getFileName());
319 removeFile.delete();
320 }
BoardController.java, line 318 (Path Manipulation)
Fortify Priority: High Folder HighKingdom: Input Validation and RepresentationAbstract: BoardController.java 318 File() . .Source: BoardController.java:256 javax.servlet.ServletRequest.getParameter()254 public ModelAndView boardModifyProc(@ModelAttribute("BoardModel") BoardModel
boardModel, MultipartHttpServletRequest request){
255 String uploadPath=request.getContextPath()+"/files/";
256 String orgFileName = request.getParameter("orgFile");
257 MultipartFile newFile = request.getFile("newFile");
258 String newFileName = newFile.getOriginalFilename();
Sink: BoardController.java:318 java.io.File.File()316 // if: when the article has upload file - remove that
317 if(board.getFileName() != null){
Fortify Security Report
Copyright 2010 Fortify Software Inc. Page 7 of 32
318 File removeFile = new File(uploadPath + board.getFileName());
319 removeFile.delete();
320 }
BoardController.java, line 192 (Path Manipulation)
Fortify Priority: Critical Folder CriticalKingdom: Input Validation and RepresentationAbstract: BoardController.java 192 File() . .Source: BoardController.java:185
org.springframework.web.multipart.MultipartRequest.getFile()183 String uploadPath = session.getServletContext().getRealPath("/")+"files/";
184 System.out.println("uploadPath: "+uploadPath);
185 MultipartFile file = request.getFile("file");
186 if ( file != null ) {
187 String fileName = file.getOriginalFilename();
Sink: BoardController.java:192 java.io.File.File()190 if(uploadFile.exists()){
191 fileName = new Date().getTime() + fileName;
192 uploadFile = new File(uploadPath + fileName);
193 }
194 // save upload file to uploadPath
Fortify Security Report
Copyright 2010 Fortify Software Inc. Page 8 of 32
Category: Race Condition: Singleton Member Field (8 Issues)
0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.0 4.5 5.0 5.5 6.0 6.5 7.0 7.5 8.0
Number of Issues
<Unaudited>
Not an Issue
Reliability Issue
Bad Practice
Suspicious
Exploitable
Ana
lysi
s
Abstract:Servlet .
Explanation: Servlet Servlet . Servlet , .
Servlet . , Servlet (race condition) .
1: Servlet , .
public class GuestBook extends HttpServlet {
String name;
protected void doPost (HttpServletRequest req,
HttpServletResponse res) {
name = req.getParameter("name");
...
out.println(name + ", thanks for visiting!");
}
}
, Servlet .
1:assign "Dick" to name
2:assign "Jane" to name
1:print "Jane, thanks for visiting!"
2:print "Jane, thanks for visiting!"
.
Recommendations:Servlet . , static final .
Servlet . , Servlet "" .
2: .
public class GuestBook extends HttpServlet {
protected void doPost (HttpServletRequest req,
HttpServletResponse res) {
GBRequestHandler handler = new GBRequestHandler();
handler.handle(req, res);
}
}
public class GBRequestHandler {
String name;
Fortify Security Report
Copyright 2010 Fortify Software Inc. Page 9 of 32
public void handle(HttpServletRequest req,
HttpServletResponse res) {
name = req.getParameter("name");
...
out.println(name + ", thanks for visiting!");
}
}
Servlet .
LoginController.java, line 41 (Race Condition: Singleton Member Field)
Fortify Priority: Critical Folder CriticalKingdom: Time and StateAbstract: LoginController context . .Sink: LoginController.java:41 AssignmentStatement()39 String userPw = loginModel.getUserPw();
40
41 context = new ClassPathXmlApplicationContext("/config/applicationContext.xml");
42 LoginService loginService = (LoginService) context.getBean("loginService");
43 LoginSessionModel loginCheckResult = loginService.checkUserId(userId,userPw);
BoardController.java, line 69 (Race Condition: Singleton Member Field)
Fortify Priority: Critical Folder CriticalKingdom: Time and StateAbstract: BoardController endArticleNum . .Sink: BoardController.java:69 AssignmentStatement()67 // expression article variables value
68 startArticleNum = (currentPage - 1) * showArticleLimit + 1;
69 endArticleNum = startArticleNum + showArticleLimit -1;
70 //
71
BoardController.java, line 55 (Race Condition: Singleton Member Field)
Fortify Priority: Critical Folder CriticalKingdom: Time and StateAbstract: BoardController currentPage . .Sink: BoardController.java:55 AssignmentStatement()53 currentPage = 1;
54 } else {
55 currentPage = Integer.parseInt(request.getParameter("page"));
56 }
57
BoardController.java, line 76 (Race Condition: Singleton Member Field)
Fortify Priority: Critical Folder CriticalKingdom: Time and StateAbstract: BoardController totalNum . .Sink: BoardController.java:76 AssignmentStatement()74 if(type != null && keyword != null){
75 boardList = boardService.searchArticle(type, keyword, startArticleNum, endArticleNum);
76 totalNum = boardService.getSearchTotalNum(type, keyword);
77 } else {
78 boardList = boardService.getBoardList(startArticleNum, endArticleNum);
BoardController.java, line 53 (Race Condition: Singleton Member Field)
Fortify Priority: Critical Folder Critical
Fortify Security Report
Copyright 2010 Fortify Software Inc. Page 10 of 32
Kingdom: Time and StateAbstract: BoardController currentPage . .Sink: BoardController.java:53 AssignmentStatement()51 // set variables from request parameter
52 if(request.getParameter("page") == null ||request.getParameter("page").trim().isEmpty() ||request.getParameter("page").equals("0")) {
53 currentPage = 1;
54 } else {
55 currentPage = Integer.parseInt(request.getParameter("page"));
MemberController.java, line 35 (Race Condition: Singleton Member Field)
Fortify Priority: Critical Folder CriticalKingdom: Time and StateAbstract: MemberController context . .Sink: MemberController.java:35 AssignmentStatement()33 }
34
35 context = new ClassPathXmlApplicationContext("/config/applicationContext.xml");
36 MemberService memberService = (MemberService) context.getBean("memberService");
37 MemberModel checkMemberModel = memberService.findByUserId(memberModel.getUserId());
BoardController.java, line 79 (Race Condition: Singleton Member Field)
Fortify Priority: Critical Folder CriticalKingdom: Time and StateAbstract: BoardController totalNum . .Sink: BoardController.java:79 AssignmentStatement()77 } else {
78 boardList = boardService.getBoardList(startArticleNum, endArticleNum);
79 totalNum = boardService.getTotalNum();
80 }
81 StringBuffer pageHtml = getPageHtml(currentPage, totalNum, showArticleLimit,showPageLimit, type, keyword);
BoardController.java, line 68 (Race Condition: Singleton Member Field)
Fortify Priority: Critical Folder CriticalKingdom: Time and StateAbstract: BoardController startArticleNum . .Sink: BoardController.java:68 AssignmentStatement()66
67 // expression article variables value
68 startArticleNum = (currentPage - 1) * showArticleLimit + 1;
69 endArticleNum = startArticleNum + showArticleLimit -1;
70 //
Fortify Security Report
Copyright 2010 Fortify Software Inc. Page 11 of 32
Category: Cross-Site Scripting: Reflected (3 Issues)
0.00 0.25 0.50 0.75 1.00 1.25 1.50 1.75 2.00 2.25 2.50 2.75 3.00
Number of Issues
<Unaudited>
Not an Issue
Reliability Issue
Bad Practice
Suspicious
Exploitable
Ana
lysi
s
Abstract: .
Explanation:XSS(Cross-site scripting) .
1. . Reflected XSS , Persisted(Stored ) XSS .
2. .
JavaScript HTML, Flash . XSS , .
1: JSP HTTP ID eid .
<% String eid = request.getParameter("eid"); %>
...
Employee ID: <%= eid %>
eid . eid , HTTP .
. URL ? URL URL . . Reflected XSS .
2: JSP ID .
<%...
Statement stmt = conn.createStatement();
ResultSet rs = stmt.executeQuery("select * from emp where id="+eid);
if (rs != null) {
rs.next();
String name = rs.getString("name");
}
%>
Employee Name: <%= name %>
1 name . name . name . . Persistent( Stored) XSS . XSS "" . JavaScript .
, XSS HTTP . XSS .
- 1 HTTP HTTP . XSS . . URL . URL URL . , .
- 2, . . Persistent XSS . . . .
- .
. Struts Struts 2 . , HP Fortify Static Code Analyzer . Context-Sensitive Ranking( ) . HP Fortify ,Fortify Security Research Group .
Recommendations:XSS .
Fortify Security Report
Copyright 2010 Fortify Software Inc. Page 12 of 32
XSS . ( ) . XSS .
SQL injection . XSS . XSS . . . , XSS .
XSS HTTP . , 0-9 . . HTML .
. . . HTML HTML . SEI(Software Engineering Institute) CERT(R) Coordination Center [1].
Block-level element ( ):
- "<" .
- "&" .
- ">" "<" .
.
- .
- .
- .
- "&" .
, URL . URL .
- , URL .
- "&" CGI .
- ASCII (, ISO-8859-1 128 ) URL .
- "%" HTTP . , "%" "%68%65%6C%6C%6F" "hello" .
<SCRIPT> </SCRIPT>:
- , , .
:
- (!) (") .
:
- UTF-7 '<' '+ADw-' . ( , UTF-7) .
XSS . , . . .
, . ISO 8859-1 HTML [2].
Cross-Site Scripting HTTP Cross-Site Scripting . . , . .
Tips:1. HP Fortify Secure Coding Rulepacks XSS . , DATABASE .
2. URL XSS , ( Internet Explorer 6 7 ) JavaScript DOM(Document Object Model) . Fortify Secure CodingRulepacks Cross-Site Scripting URL . URL Fortify Cross-Site Scripting: Poor Validation .
3. Fortify RTA adds protection against this category.
list.jsp, line 14 (Cross-Site Scripting: Reflected)
Fortify Priority: Critical Folder CriticalKingdom: Input Validation and RepresentationAbstract: list.jsp _jspService() 14 .Source: list.jsp:14 javax.servlet.ServletRequest.getParameter()12 <!--
13 function selectedOptionCheck(){
14 $("#type > option[value=<%=request.getParameter("type")%>]").attr("selected", "true");
15 }
16
Sink: list.jsp:14 javax.servlet.jsp.JspWriter.print()12 <!--
13 function selectedOptionCheck(){
Fortify Security Report
Copyright 2010 Fortify Software Inc. Page 13 of 32
14 $("#type > option[value=<%=request.getParameter("type")%>]").attr("selected", "true");
15 }
16
view.jsp, line 12 (Cross-Site Scripting: Reflected)
Fortify Priority: Critical Folder CriticalKingdom: Input Validation and RepresentationAbstract: view.jsp _jspService() 12 .Source: view.jsp:12 javax.servlet.ServletRequest.getParameter()10 <script type="text/javascript">
11 function errCodeCheck(){
12 var errCode = <%=request.getParameter("errCode")%>;
13 if(errCode != null || errCode != ""){
14 switch (errCode) {
Sink: view.jsp:12 javax.servlet.jsp.JspWriter.print()10 <script type="text/javascript">
11 function errCodeCheck(){
12 var errCode = <%=request.getParameter("errCode")%>;
13 if(errCode != null || errCode != ""){
14 switch (errCode) {
list.jsp, line 44 (Cross-Site Scripting: Reflected)
Fortify Priority: Critical Folder CriticalKingdom: Input Validation and RepresentationAbstract: list.jsp _jspService() 44 .Source: list.jsp:44 javax.servlet.ServletRequest.getParameter()42 <option value="writer">?????±???</option>
43 </select>
44 <input type="text" id="keyword" name="keyword"value="<%if(request.getParameter("keyword") != null){out.print(request.getParameter("keyword")); } else { out.print(""); }%>" />
45 <input type="submit" value="?²????" />
46 </form>
Sink: list.jsp:44 javax.servlet.jsp.JspWriter.print()42 <option value="writer">?????±???</option>
43 </select>
44 <input type="text" id="keyword" name="keyword"value="<%if(request.getParameter("keyword") != null){out.print(request.getParameter("keyword")); } else { out.print(""); }%>" />
45 <input type="submit" value="?²????" />
46 </form>
Fortify Security Report
Copyright 2010 Fortify Software Inc. Page 14 of 32
Category: Insecure Randomness (2 Issues)
0.00 0.25 0.50 0.75 1.00 1.25 1.50 1.75 2.00
Number of Issues
<Unaudited>
Not an Issue
Reliability Issue
Bad Practice
Suspicious
Exploitable
Ana
lysi
s
Abstract: (Standard pseudo-random number) .
Explanation:Insecure randomness .
. (PRNG) (seed) .
PRNG PRNG PRNG. PRNG . PRNG . . PRNG PRNG , .
: PRNG URL .
...
function genReceiptURL (baseURL){
var randNum = Math.random();
var receiptURL = baseURL + randNum + ".html";
return receiptURL;
}
...
Math.random() "" . Math.random() PRNG . PRNG .
Recommendations: , PRNG . PRNG . ( .)
JavaScript Mozilla API window.crypto.random() . Mozilla Firefox . PRNG . JavaScript PRNG .
jquery-1.7.1.js, line 3861 (Insecure Randomness)
Fortify Priority: High Folder HighKingdom: Security FeaturesAbstract: (Standard pseudo-random number) .Sink: jquery-1.7.1.js:3861 FunctionPointerCall()3859
3860 var chunker =/((?:\((?:\([^()]+\)|[^()]+)+\)|\[(?:\[[^\[\]]*\]|['"][^'"]*['"]|[^\[\]'"]+)+\]|\\.|[^>+~,(\[\\]+)+|[>+~])(\s*,\s*)?((?:.|\r|\n)*)/g,
3861 expando = "sizcache" + (Math.random() + '').replace('.', ''),
3862 done = 0,
3863 toString = Object.prototype.toString,
jquery-1.7.1.js, line 1631 (Insecure Randomness)
Fortify Priority: High Folder HighKingdom: Security FeaturesAbstract: (Standard pseudo-random number) .Sink: jquery-1.7.1.js:1631 FunctionPointerCall()
Fortify Security Report
Copyright 2010 Fortify Software Inc. Page 15 of 32
1629 // Unique for each copy of jQuery on the page
1630 // Non-digits removed to match rinlinejQuery
1631 expando: "jQuery" + ( jQuery.fn.jquery + Math.random() ).replace( /\D/g, "" ),
1632
1633 // The following elements throw uncatchable exceptions if you
Fortify Security Report
Copyright 2010 Fortify Software Inc. Page 16 of 32
Category: Password Management: Password in Configuration File (2 Issues)
0.00 0.25 0.50 0.75 1.00 1.25 1.50 1.75 2.00
Number of Issues
<Unaudited>
Not an Issue
Reliability Issue
Bad Practice
Suspicious
Exploitable
Ana
lysi
s
Abstract: .
Explanation: . . password management .
Recommendations: . . (deobfuscation) .
. , WebSphere Application Server 4.x XOR . WebSphere . .
Tips:1. HP Fortify Static Code Analyzer . , .
2. .
dbconn.properties, line 4 (Password Management: Password in Configuration File)
Fortify Priority: High Folder HighKingdom: EnvironmentAbstract: .Sink: dbconn.properties:4 jdbc.password()4 jdbc.password =******
dbconn.properties, line 4 (Password Management: Password in Configuration File)
Fortify Priority: High Folder HighKingdom: EnvironmentAbstract: .Sink: dbconn.properties:4 jdbc.password()4 jdbc.password =******
Fortify Security Report
Copyright 2010 Fortify Software Inc. Page 17 of 32
Category: Privacy Violation: Autocomplete (2 Issues)
0.00 0.25 0.50 0.75 1.00 1.25 1.50 1.75 2.00
Number of Issues
<Unaudited>
Not an Issue
Reliability Issue
Bad Practice
Suspicious
Exploitable
Ana
lysi
s
Abstract: .
Explanation: , .
Recommendations: . . " " .
1: HTML form autocomplete off .
<form method="post" autocomplete="off">
Address: <input name="address" />
Password: <input name="password" type="password" />
</form>
2: autocomplete off .
<form method="post">
Address: <input name="address" />
Password: <input name="password" type="password" autocomplete="off"/>
</form>
autocomplete on . , .
join.jsp, line 52 (Privacy Violation: Autocomplete)
Fortify Priority: High Folder HighKingdom: Security FeaturesAbstract: join.jsp 52 .Sink: join.jsp:52 null()50 <span class="error"><form:errors path="MemberModel.userId" /></span><br />
51 <label for="userPw" class="label01">?¹??°??²???¸ :</label>
52 <input type="password" id="userPw" name="userPw" class="loginInput"/>
53 <span class="error"><form:errors path="MemberModel.userPw" /></span><br />
54 <label for="userPwCheck" class="label01">?¹??°??²???¸?????¸ : </label>
join.jsp, line 55 (Privacy Violation: Autocomplete)
Fortify Priority: High Folder HighKingdom: Security FeaturesAbstract: join.jsp 55 .Sink: join.jsp:55 null()53 <span class="error"><form:errors path="MemberModel.userPw" /></span><br />
54 <label for="userPwCheck" class="label01">?¹??°??²???¸?????¸ : </label>
55 <input type="password" id="userPwCheck" name="userPwCheck" class="loginInput"/><br />
Fortify Security Report
Copyright 2010 Fortify Software Inc. Page 18 of 32
56 <label for="userName" class="label01" >????????´??? : </label>
57 <input type="text" id="userName" name="userName" class="loginInput"/>
Fortify Security Report
Copyright 2010 Fortify Software Inc. Page 19 of 32
Category: SQL Injection: iBatis Data Map (2 Issues)
0.00 0.25 0.50 0.75 1.00 1.25 1.50 1.75 2.00
Number of Issues
<Unaudited>
Not an Issue
Reliability Issue
Bad Practice
Suspicious
Exploitable
Ana
lysi
s
Abstract: SQL SQL SQL .
Explanation:SQL injection .
1. .
2. SQL .
iBatis Data Map SQL iBatis Data Map # .
<select id="getItems" parameterClass="MyClass" resultClass="items">
SELECT * FROM items WHERE owner = #userName#
</select>
# iBatis userName . , iBatis $ SQL SQL injection .
1: SQL . .
<select id="getItems" parameterClass="MyClass" resultClass="items">
SELECT * FROM items WHERE owner = #userName# AND itemname = '$itemName$'
</select>
, itemName . wiley itemName "name' OR 'a'='a" .
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name' OR 'a'='a';
OR 'a'='a' where true .
SELECT * FROM items;
. items .
2: 1 . wiley itemName "name'; DELETE FROM items; --" .
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name';
DELETE FROM items;
--'
Microsoft(R) SQL Server 2000 SQL . SQL Oracle .
Fortify Security Report
Copyright 2010 Fortify Software Inc. Page 20 of 32
(--) . SQL [4]. , . 1 . "name'); DELETE FROM items; SELECT * FROM items WHERE 'a'='a" SQL .
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name';
DELETE FROM items;
SELECT * FROM items WHERE 'a'='a';
SQL injection () () . , SQL . SQL injection . , .
- .
- .
- (stored procedure) .
SQL SQL injection .
SQL injection (stored procedure) . (Stored procedure) SQL injection . (Stored procedure) SQL SQL injection . SQL (Stored procedure) . , (Stored procedure) SQL injection .
Recommendations:SQL injection SQL . SQL , . SQL SQL injection . SQL SQL , . , . SQL .
SQL .
<select id="getItems" parameterClass="MyClass" resultClass="items">
SELECT * FROM items WHERE owner = #userName# AND itemname = #itemName#
</select>
WHERE , SQL . . SQL injection . , SQL . SQL .
board.xml, line 45 (SQL Injection: iBatis Data Map)
Fortify Priority: Critical Folder CriticalKingdom: Input Validation and RepresentationAbstract: board.xml 45 SQL . SQL SQL .Sink: board.xml:45 null()43 where $type$ like '%$keyword$%'
44 </select>
45 <select id="searchArticle" parameterClass="java.util.HashMap"resultClass="BoardModel">
46 select
47 b.idx, b.writer, b.subject,
board.xml, line 39 (SQL Injection: iBatis Data Map)
Fortify Priority: Critical Folder CriticalKingdom: Input Validation and RepresentationAbstract: board.xml 39 SQL . SQL SQL .Sink: board.xml:39 null()37 from jmboard
38 </select>
39 <select id="getSearchTotalNum" resultClass="int">
40 select
41 count(idx)
Fortify Security Report
Copyright 2010 Fortify Software Inc. Page 21 of 32
Code base location: D:/00./Fortify_/20131021/SummerBoard
Files Scanned:
.settings/org.eclipse.wst.common.project.facet.core.xmlxml345 bytes2013. 9. 14 1:27:14
WebContent/WEB-INF/board/join.jspjsp2.7 KB2013. 9. 16 7:34:00
WebContent/WEB-INF/board/list.jspjsp2.8 KB2013. 9. 23 1:44:32
WebContent/WEB-INF/board/login.jspjsp2.1 KB2013. 9. 14 1:48:00
WebContent/WEB-INF/board/modify.jspjsp2.1 KB2012. 1. 2 2:26:58
WebContent/WEB-INF/board/view.jspjsp4 KB2013. 10. 2 12:44:22
WebContent/WEB-INF/board/write.jspjsp2 KB2012. 1. 3 5:41:58
WebContent/WEB-INF/dispatcher-servlet.xmlxml2 KB2012. 1. 3 4:50:00
WebContent/WEB-INF/web.xmlxml1.4 KB2011. 12. 28 2:04:02
WebContent/index.htmlhtml174 bytes2013. 9. 14 1:45:48
WebContent/js/jquery-1.7.1.jsjavascript242.4 KB2011. 12. 22 4:27:26
build/classes/config/applicationContext.xmlxml2.2 KB2013. 10. 2 12:32:02
build/classes/config/dbconn.propertiesjava_properties131 bytes2013. 9. 16 7:58:12
build/classes/config/smboard_schema.sqltsql1.3 KB2013. 10. 2 12:27:52
build/classes/config/sqlMapConfig.xmlxml861 bytes2013. 9. 16 7:58:12
build/classes/config/validation.propertiesjava_properties53 bytes2011. 12. 28 4:07:48
src/config/applicationContext.xmlxml2.2 KB2013. 10. 2 12:32:02
src/config/dbconn.propertiesjava_properties131 bytes2013. 9. 16 7:58:12
src/config/smboard_schema.sqltsql1.3 KB2013. 10. 2 12:27:52
src/config/sqlMapConfig.xmlxml861 bytes2013. 9. 16 7:58:12
src/config/validation.propertiesjava_properties53 bytes2011. 12. 28 4:07:48
src/net/nice19/smboard/board/controller/BoardController.javajava12.7 KB2013. 10. 2 1:11:00
src/net/nice19/smboard/board/controller/TestCode.javajava78 bytes2013. 10. 1 4:23:54
src/net/nice19/smboard/board/dao/BoardDao.javajava1.3 KB2012. 1. 2 9:25:00
src/net/nice19/smboard/board/model/BoardCommentModel.javajava1 KB2011. 12. 30 1:34:28
src/net/nice19/smboard/board/model/BoardModel.javajava1.7 KB2012. 1. 2 1:53:16
src/net/nice19/smboard/board/service/BoardService.javajava3.2 KB2012. 1. 2 9:40:40
src/net/nice19/smboard/ibatis/board.xmlxml4.6 KB2013. 9. 23 1:38:16
src/net/nice19/smboard/ibatis/login.xmlxml775 bytes2013. 10. 2 11:49:40
src/net/nice19/smboard/ibatis/member.xmlxml1 KB2013. 9. 16 8:04:08
src/net/nice19/smboard/interceptor/SessionInterceptor.javajava1.2 KB2012. 1. 3 3:59:44
src/net/nice19/smboard/login/controller/LoginController.javajava2.6 KB2013. 9. 23 12:58:44
src/net/nice19/smboard/login/dao/LoginDao.javajava255 bytes2013. 9. 23 1:00:32
src/net/nice19/smboard/login/model/LoginSessionModel.javajava918 bytes2013. 9. 23 1:00:32
src/net/nice19/smboard/login/service/LoginService.javajava911 bytes2013. 9. 23 1:03:22
src/net/nice19/smboard/login/service/LoginValidator.javajava842 bytes2011. 12. 29 9:24:56
src/net/nice19/smboard/member/controller/MemberController.javajava2 KB2012. 1. 2 11:47:24
src/net/nice19/smboard/member/dao/MemberDao.javajava220 bytes2011. 12. 28 6:14:28
src/net/nice19/smboard/member/model/MemberModel.javajava812 bytes2011. 12. 28 9:39:50
src/net/nice19/smboard/member/service/MemberService.javajava948 bytes2011. 12. 29 9:12:52
src/net/nice19/smboard/member/service/MemberValidatior.javajava923 bytes2011. 12. 29 9:25:08
Classpath:
D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\commons-dbcp-1.4.jar
Detailed Project SummaryFiles Scanned
Reference Elements
Fortify Security Report
Copyright 2010 Fortify Software Inc. Page 22 of 32
D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\commons-fileupload-1.2.2.jar
D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\commons-io-2.0.1.jar
D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\commons-logging-1.1.1.jar
D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\commons-pool-1.5.6.jar
D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\ibatis-2.3.4.726.jar
D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\jstl-api-1.2.jar
D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\jstl-impl-1.2.jar
D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\mysql-connector-java-5.1.5-bin.jar
D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\ojdbc14.jar
D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\org.springframework.aop-3.1.0.RELEASE.jar
D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\org.springframework.asm-3.1.0.RELEASE.jar
D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\org.springframework.aspects-3.1.0.RELEASE.jar
D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\org.springframework.beans-3.1.0.RELEASE.jar
D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\org.springframework.context-3.1.0.RELEASE.jar
D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\org.springframework.context.support-3.1.0.RELEASE.jar
D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\org.springframework.core-3.1.0.RELEASE.jar
D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\org.springframework.expression-3.1.0.RELEASE.jar
D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\org.springframework.instrument-3.1.0.RELEASE.jar
D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\org.springframework.instrument.tomcat-3.1.0.RELEASE.jar
D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\org.springframework.jdbc-3.1.0.RELEASE.jar
D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\org.springframework.jms-3.1.0.RELEASE.jar
D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\org.springframework.orm-3.1.0.RELEASE.jar
D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\org.springframework.oxm-3.1.0.RELEASE.jar
D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\org.springframework.test-3.1.0.RELEASE.jar
D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\org.springframework.transaction-3.1.0.RELEASE.jar
D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\org.springframework.web-3.1.0.RELEASE.jar
D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\org.springframework.web.portlet-3.1.0.RELEASE.jar
D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\org.springframework.web.servlet-3.1.0.RELEASE.jar
D:\00.\Fortify_\20131021\SummerBoard\WebContent\WEB-INF\lib\org.springframework.web.struts-3.1.0.RELEASE.jar
Libdirs:
No libdirs specified during translation
Valid Rulepacks:
Name: Fortify , , ABAP
Version: 2013.1.1.0008
ID: A68E453E-17CF-4CC6-B038-EC15275EF284
SKU: RUL13100
Name: Fortify , , ActionScript 3.0
Version: 2013.1.1.0008
ID: 97FE26F7-DE80-427E-A4DD-BDB2A18A04E5
SKU: RUL13101
Name: Fortify , , Android
Version: 2013.1.1.0008
Rulepacks
Fortify Security Report
Copyright 2010 Fortify Software Inc. Page 23 of 32
ID: 72BA22A1-FB05-48AA-A677-32EE9DE8EE7D
SKU: RUL13102
Name: Fortify , ,
Version: 2013.1.1.0008
ID: ECF9D5C7-4380-470E-9184-8CC664A627C9
SKU: RUL13080
Name: Fortify , , ColdFusion 5.0
Version: 2013.1.1.0008
ID: 4818C291-33D7-4DA2-9117-63AD83E8B23C
SKU: RUL13032
Name: Fortify , , C/C++
Version: 2013.1.1.0008
ID: C33370BD-4810-478F-B244-168C6C26EFA6
SKU: RUL13015
Name: Fortify , , .NET
Version: 2013.1.1.0008
ID: 647E5ECD-4BFB-44C6-B86B-6678E98D8EA8
SKU: RUL13016
Name: Fortify , , Java
Version: 2013.1.1.0008
ID: 90642FEA-0043-4416-9032-F0A4F0DF56A6
SKU: RUL13017
Name: Fortify , , JavaScript
Version: 2013.1.1.0008
ID: F910862E-08FC-4118-B0E8-8D2257AC0059
SKU: RUL13065
Name: Fortify , , Objective-C
Version: 2013.1.1.0008
ID: A4AE1E41-4DA2-483A-B2C1-883F7235B4CC
SKU: RUL13110
Name: Fortify , , PHP
Version: 2013.1.1.0008
ID: 70667216-191A-40C6-8564-15DFB99CBAE3
SKU: RUL13064
Name: Fortify , , Python
Version: 2013.1.1.0008
ID: D774151B-AB2A-4DF1-8F16-341AD4334CB9
SKU: RUL13085
Name: Fortify , , SQL
Version: 2013.1.1.0008
ID: B615B96E-C718-4324-9808-A35BC9DF1289
Fortify Security Report
Copyright 2010 Fortify Software Inc. Page 24 of 32
SKU: RUL13018
Name: Fortify , , Classic ASP, VBScript VB6
Version: 2013.1.1.0008
ID: C79E2DDD-9C19-4E0E-B16E-5BD549967D8B
SKU: RUL13066
Name: Fortify , ,
Version: 2013.1.1.0008
ID: 02670170-E5E6-4A7F-AD4C-7481EBC812BA
SKU: RUL13019
Name: Fortify , ,
Version: 2013.1.1.0008
ID: A93E6268-C89C-42F4-9E08-EB128F790196
SKU: RUL13075
Name: Fortify , , C/C++
Version: 2013.1.1.0008
ID: 329C9994-07BC-424F-AE27-E3864B8E18C7
SKU: RUL13020
Name: Fortify , , .NET
Version: 2013.1.1.0008
ID: 7B7AF804-D719-479E-9FAA-48DE36280BEA
SKU: RUL13033
Name: Fortify , , Java
Version: 2013.1.1.0008
ID: E3538DF4-9298-40DF-A5B5-933DC2BE79EB
SKU: RUL13021
Name: Fortify , , JSP
Version: 2013.1.1.0008
ID: CE6CB10E-32A9-4B7C-B1C4-C0A71B34B0FA
SKU: RUL13034
Name: Fortify , , SQL
Version: 2013.1.1.0008
ID: 52664466-6BDF-4022-98F5-7FC6CA8EEE89
SKU: RUL13035
WinForms.CollectionMutationMonitor.Label=WinFormsDataSource
WinForms.ExtractEventHandlers=true
WinForms.TransformChangeNotificationPattern=true
WinForms.TransformDataBindings=true
WinForms.TransformMessageLoops=true
awt.toolkit=sun.awt.windows.WToolkit
Properties
Fortify Security Report
Copyright 2010 Fortify Software Inc. Page 25 of 32
com.fortify.AuthenticationKey=C:\Users\Administrator\AppData\Local/Fortify/config/tools
com.fortify.Core=D:\Program Files\Fortify Software\HP Fortify v3.40\Core
com.fortify.InstallRoot=D:\Program Files\Fortify Software\HP Fortify v3.40
com.fortify.InstallationUserName=5002536
com.fortify.SCAExecutablePath=D:\Program Files\Fortify Software\HP Fortify v3.40\bin\sourceanalyzer.exe
com.fortify.TotalPhysicalMemory=4226146304
com.fortify.VS.RequireASPPrecompilation=true
com.fortify.WorkingDirectory=C:\Users\Administrator\AppData\Local/Fortify
com.fortify.locale=en
com.fortify.sca.AddImpliedMethods=true
com.fortify.sca.AllocationWebServiceURL=https://per-use.fortify.com/services/GasAllocationService
com.fortify.sca.AntCompilerClass=com.fortify.dev.ant.SCACompiler
com.fortify.sca.BuildID=SummerBoard
com.fortify.sca.BundleControlflowIssues=true
com.fortify.sca.CollectPerformanceData=true
com.fortify.sca.CustomRulesDir=D:\Program Files\Fortify Software\HP Fortify v3.40\Core\config\customrules
com.fortify.sca.DaemonCompilers=com.fortify.sca.util.compilers.GppCompiler,com.fortify.sca.util.compilers.GccCompiler,com.f
ortify.sca.util.compilers.AppleGppCompiler,com.fortify.sca.util.compilers.AppleGccCompiler,com.fortify.sca.util.compilers.Micr
osoftCompiler,com.fortify.sca.util.compilers.MicrosoftLinker,com.fortify.sca.util.compilers.LdCompiler,com.fortify.sca.util.com
pilers.ArUtil,com.fortify.sca.util.compilers.SunCCompiler,com.fortify.sca.util.compilers.SunCppCompiler,com.fortify.sca.util.co
mpilers.IntelCompiler,com.fortify.sca.util.compilers.ExternalCppAdapter,com.fortify.sca.util.compilers.ClangCompiler
com.fortify.sca.DeadCodeFilter=true
com.fortify.sca.DeadCodeIgnoreTrivialPredicates=true
com.fortify.sca.DefaultAnalyzers=semantic:dataflow:controlflow:nullptr:configuration:content:structural:buffer
com.fortify.sca.DefaultFileTypes=java,jsp,jspx,tag,tagx,sql,cfm,php,ctp,pks,pkh,pkb,xml,config,properties,dll,exe,inc,asp,vbscript
,js,ini,bas,cls,vbs,frm,ctl,html,htm,xsd,wsdd,xmi,py,cfml,cfc,abap,xhtml,cpx,xcfg,jsff,as,mxml
com.fortify.sca.DefaultJarsDirs=default_jars
com.fortify.sca.DefaultRulesDir=D:\Program Files\Fortify Software\HP Fortify v3.40\Core\config\rules
com.fortify.sca.DisableDeadCodeElimination=false
com.fortify.sca.DisableFunctionPointers=false
com.fortify.sca.DisableGlobals=false
com.fortify.sca.DisplayProgress=true
com.fortify.sca.FVDLAllowUnifiedVulnerability=true
com.fortify.sca.FVDLDisableDescriptions=false
com.fortify.sca.FVDLDisableProgramData=false
com.fortify.sca.FVDLDisableSnippets=false
com.fortify.sca.FVDLStylesheet=D:\Program Files\Fortify Software\HP Fortify v3.40\Core/resources/sca/fvdl2html.xsl
com.fortify.sca.IndirectCallGraphBuilders=com.fortify.sca.analyzer.callgraph.WinFormsAdHocFunctionBuilder,com.fortify.sca.a
nalyzer.callgraph.VirtualCGBuilder,com.fortify.sca.analyzer.callgraph.J2EEIndirectCGBuilder,com.fortify.sca.analyzer.callgraph
.JNICGBuilder,com.fortify.sca.analyzer.callgraph.StoredProcedureResolver,com.fortify.sca.analyzer.callgraph.JavaWSCGBuilder
,com.fortify.sca.analyzer.callgraph.StrutsCGBuilder,com.fortify.sca.analyzer.callgraph.DotNetWSCGBuilder,com.fortify.sca.anal
yzer.callgraph.SqlServerSPResolver,com.fortify.sca.analyzer.callgraph.ASPCGBuilder,com.fortify.sca.analyzer.callgraph.Scripte
dCGBuilder,com.fortify.sca.analyzer.callgraph.NewJspCustomTagCGBuilder,com.fortify.sca.analyzer.callgraph.DotNetCABCG
Builder,com.fortify.sca.analyzer.callgraph.StateInjectionCGBuilder,com.fortify.sca.analyzer.callgraph.SqlServerSPResolver2
com.fortify.sca.JVMArgs=-Dcom.sun.management.jmxremote=true -XX:SoftRefLRUPolicyMSPerMB=100 -Xss1M -Xmx600M
-Xms300M -server
com.fortify.sca.JdkVersion=1.4
com.fortify.sca.LowSeverityCutoff=1.0
com.fortify.sca.MachineOutputMode=
com.fortify.sca.NoNestedOutTagOutput=org.apache.taglibs.standard.tag.rt.core.RemoveTag,org.apache.taglibs.standard.tag.rt.cor
e.SetTag
Fortify Security Report
Copyright 2010 Fortify Software Inc. Page 26 of 32
com.fortify.sca.PID=2952
com.fortify.sca.PidFile=C:\Users\ADMINI~1\AppData\Local\Temp\PID6469815142888690840.tmp
com.fortify.sca.PrintPerformanceDataAfterScan=false
com.fortify.sca.ProjectRoot=C:\Users\Administrator\AppData\Local/Fortify
com.fortify.sca.Renderer=fpr
com.fortify.sca.ResultsFile=C:\Users\Administrator\AppData\Local/Fortify\AWB-3.40\SummerBoard\SummerBoard.fpr
com.fortify.sca.SolverTimeout=15
com.fortify.sca.SqlLanguage=TSQL
com.fortify.sca.SuppressLowSeverity=true
com.fortify.sca.Tank=D:\Program Files\Fortify Software\HP Fortify v3.40\Core\config\tank.dat#493480#1#D:\Program
Files\Fortify Software\HP Fortify v3.40\Core\config\tank.a08804#804606#1#D:\Program Files\Fortify Software\HP Fortify
v3.40\Core\config\tank.b08804#214783#1#
com.fortify.sca.UnicodeInputFile=true
com.fortify.sca.analyzer.controlflow.EnableLivenessOptimization=false
com.fortify.sca.analyzer.controlflow.EnableMachineFiltering=false
com.fortify.sca.analyzer.controlflow.EnableRefRuleOptimization=false
com.fortify.sca.analyzer.controlflow.EnableTimeOut=true
com.fortify.sca.compilers.ant=com.fortify.sca.util.compilers.AntAdapter
com.fortify.sca.compilers.ar=com.fortify.sca.util.compilers.ArUtil
com.fortify.sca.compilers.armcc=com.fortify.sca.util.compilers.ArmCcCompiler
com.fortify.sca.compilers.armcpp=com.fortify.sca.util.compilers.ArmCppCompiler
com.fortify.sca.compilers.c++=com.fortify.sca.util.compilers.GppCompiler
com.fortify.sca.compilers.cc=com.fortify.sca.util.compilers.GccCompiler
com.fortify.sca.compilers.cl=com.fortify.sca.util.compilers.MicrosoftCompiler
com.fortify.sca.compilers.clearmake=com.fortify.sca.util.compilers.TouchlessCompiler
com.fortify.sca.compilers.devenv=com.fortify.sca.util.compilers.DevenvNetAdapter
com.fortify.sca.compilers.fortify=com.fortify.sca.util.compilers.FortifyCompiler
com.fortify.sca.compilers.g++=com.fortify.sca.util.compilers.GppCompiler
com.fortify.sca.compilers.g++-*=com.fortify.sca.util.compilers.GppCompiler
com.fortify.sca.compilers.g++2*=com.fortify.sca.util.compilers.GppCompiler
com.fortify.sca.compilers.g++3*=com.fortify.sca.util.compilers.GppCompiler
com.fortify.sca.compilers.g++4*=com.fortify.sca.util.compilers.GppCompiler
com.fortify.sca.compilers.gcc=com.fortify.sca.util.compilers.GccCompiler
com.fortify.sca.compilers.gcc-*=com.fortify.sca.util.compilers.GccCompiler
com.fortify.sca.compilers.gcc2*=com.fortify.sca.util.compilers.GccCompiler
com.fortify.sca.compilers.gcc3*=com.fortify.sca.util.compilers.GccCompiler
com.fortify.sca.compilers.gcc4*=com.fortify.sca.util.compilers.GccCompiler
com.fortify.sca.compilers.gmake=com.fortify.sca.util.compilers.TouchlessCompiler
com.fortify.sca.compilers.icc=com.fortify.sca.util.compilers.IntelCompiler
com.fortify.sca.compilers.icpc=com.fortify.sca.util.compilers.IntelCompiler
com.fortify.sca.compilers.jam=com.fortify.sca.util.compilers.TouchlessCompiler
com.fortify.sca.compilers.javac=com.fortify.sca.util.compilers.JavacCompiler
com.fortify.sca.compilers.ld=com.fortify.sca.util.compilers.LdCompiler
com.fortify.sca.compilers.link=com.fortify.sca.util.compilers.MicrosoftLinker
com.fortify.sca.compilers.make=com.fortify.sca.util.compilers.TouchlessCompiler
com.fortify.sca.compilers.msbuild=com.fortify.sca.util.compilers.MSBuildAdapter
com.fortify.sca.compilers.msdev=com.fortify.sca.util.compilers.DevenvAdapter
com.fortify.sca.compilers.nmake=com.fortify.sca.util.compilers.TouchlessCompiler
com.fortify.sca.compilers.tcc=com.fortify.sca.util.compilers.ArmCcCompiler
com.fortify.sca.compilers.tcpp=com.fortify.sca.util.compilers.ArmCppCompiler
com.fortify.sca.compilers.touchless=com.fortify.sca.util.compilers.FortifyCompiler
Fortify Security Report
Copyright 2010 Fortify Software Inc. Page 27 of 32
com.fortify.sca.cpfe.command=D:\Program Files\Fortify Software\HP Fortify v3.40\Core/private-bin/sca/cpfe.exe
com.fortify.sca.cpfe.file.option=--gen_c_file_name
com.fortify.sca.cpfe.options=--remove_unneeded_entities --suppress_vtbl -tused
com.fortify.sca.cpfe.options=--remove_unneeded_entities --suppress_vtbl -tused
com.fortify.sca.env.exesearchpath=C:\Windows\system32;C:\Windows\;D:\Program Files\Fortify Software\HP Fortify
v3.40\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;
C:\Windows\Softcamp\SDS;C:\Windows\Softcamp\SDK;C:\Windows\Softcamp\VSD;C:\Program Files (x86)\Windows
Imaging\;D:\oracle\product\instantclient10_1;D:\Program Files (x86)\IBM\Rational AppScan\
com.fortify.sca.fileextensions.ABAP=ABAP
com.fortify.sca.fileextensions.abap=ABAP
com.fortify.sca.fileextensions.as=ACTIONSCRIPT
com.fortify.sca.fileextensions.asp=ASP
com.fortify.sca.fileextensions.bas=VB6
com.fortify.sca.fileextensions.cfc=CFML
com.fortify.sca.fileextensions.cfm=CFML
com.fortify.sca.fileextensions.cfml=CFML
com.fortify.sca.fileextensions.cls=VB6
com.fortify.sca.fileextensions.config=XML
com.fortify.sca.fileextensions.cpx=XML
com.fortify.sca.fileextensions.cs=CSHARP
com.fortify.sca.fileextensions.ctl=VB6
com.fortify.sca.fileextensions.ctp=PHP
com.fortify.sca.fileextensions.dll=MSIL
com.fortify.sca.fileextensions.exe=MSIL
com.fortify.sca.fileextensions.faces=JSPX
com.fortify.sca.fileextensions.frm=VB6
com.fortify.sca.fileextensions.htm=HTML
com.fortify.sca.fileextensions.html=HTML
com.fortify.sca.fileextensions.ini=JAVA_PROPERTIES
com.fortify.sca.fileextensions.java=JAVA
com.fortify.sca.fileextensions.js=JAVASCRIPT
com.fortify.sca.fileextensions.jsff=JSPX
com.fortify.sca.fileextensions.jsp=JSP
com.fortify.sca.fileextensions.jspx=JSPX
com.fortify.sca.fileextensions.mdl=MSIL
com.fortify.sca.fileextensions.mod=MSIL
com.fortify.sca.fileextensions.mxml=MXML
com.fortify.sca.fileextensions.php=PHP
com.fortify.sca.fileextensions.pkb=PLSQL
com.fortify.sca.fileextensions.pkh=PLSQL
com.fortify.sca.fileextensions.pks=PLSQL
com.fortify.sca.fileextensions.properties=JAVA_PROPERTIES
com.fortify.sca.fileextensions.py=PYTHON
com.fortify.sca.fileextensions.sql=SQL
com.fortify.sca.fileextensions.tag=JSP
com.fortify.sca.fileextensions.tagx=JSP
com.fortify.sca.fileextensions.vb=VB
com.fortify.sca.fileextensions.vbs=VB6
com.fortify.sca.fileextensions.vbscript=VBSCRIPT
com.fortify.sca.fileextensions.wsdd=XML
com.fortify.sca.fileextensions.xcfg=XML
Fortify Security Report
Copyright 2010 Fortify Software Inc. Page 28 of 32
com.fortify.sca.fileextensions.xhtml=JSPX
com.fortify.sca.fileextensions.xmi=XML
com.fortify.sca.fileextensions.xml=XML
com.fortify.sca.fileextensions.xsd=XML
com.fortify.sca.jsp.UseNativeParser=true
com.sun.management.jmxremote=true
dotnet.install.dir=C:\Windows\Microsoft.NET\Framework
dotnet.v30.referenceAssemblies=C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0
dotnet.v35.referenceAssemblies=C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5
file.encoding=MS949
file.encoding.pkg=sun.io
file.separator=\
java.awt.graphicsenv=sun.awt.Win32GraphicsEnvironment
java.awt.printerjob=sun.awt.windows.WPrinterJob
java.class.path=D:\Program Files\Fortify Software\HP Fortify v3.40\Core\lib\exe\sca-exe.jar
java.class.version=50.0
java.endorsed.dirs=D:\Program Files\Fortify Software\HP Fortify v3.40\jre\lib\endorsed
java.ext.dirs=D:\Program Files\Fortify Software\HP Fortify v3.40\jre\lib\ext;C:\Windows\Sun\Java\lib\ext
java.home=D:\Program Files\Fortify Software\HP Fortify v3.40\jre
java.io.tmpdir=C:\Users\ADMINI~1\AppData\Local\Temp\
java.library.path=D:\Program Files\Fortify Software\HP Fortify
v3.40\jre\bin;.;C:\Windows\Sun\Java\bin;C:\Windows\system32;C:\Windows;C:\Windows\;D:\Program Files\Fortify
Software\HP Fortify
v3.40\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;
C:\Windows\Softcamp\SDS;C:\Windows\Softcamp\SDK;C:\Windows\Softcamp\VSD;C:\Program Files (x86)\Windows
Imaging\;D:\oracle\product\instantclient10_1;D:\Program Files (x86)\IBM\Rational AppScan\
java.rmi.server.randomIDs=true
java.runtime.name=Java(TM) SE Runtime Environment
java.runtime.version=1.6.0_24-b07
java.specification.name=Java Platform API Specification
java.specification.vendor=Sun Microsystems Inc.
java.specification.version=1.6
java.vendor=Sun Microsystems Inc.
java.vendor.url=http://java.sun.com/
java.vendor.url.bug=http://java.sun.com/cgi-bin/bugreport.cgi
java.version=1.6.0_24
java.vm.info=mixed mode
java.vm.name=Java HotSpot(TM) Server VM
java.vm.specification.name=Java Virtual Machine Specification
java.vm.specification.vendor=Sun Microsystems Inc.
java.vm.specification.version=1.0
java.vm.vendor=Sun Microsystems Inc.
java.vm.version=19.1-b02
line.separator=
max.file.path.length=255
os.arch=x86
os.name=Windows 7
os.version=6.1
path.separator=;
stderr.isatty=false
Fortify Security Report
Copyright 2010 Fortify Software Inc. Page 29 of 32
stdout.isatty=false
sun.arch.data.model=32
sun.boot.class.path=D:\Program Files\Fortify Software\HP Fortify v3.40\jre\lib\resources.jar;D:\Program Files\Fortify
Software\HP Fortify v3.40\jre\lib\rt.jar;D:\Program Files\Fortify Software\HP Fortify v3.40\jre\lib\sunrsasign.jar;D:\Program
Files\Fortify Software\HP Fortify v3.40\jre\lib\jsse.jar;D:\Program Files\Fortify Software\HP Fortify
v3.40\jre\lib\jce.jar;D:\Program Files\Fortify Software\HP Fortify v3.40\jre\lib\charsets.jar;D:\Program Files\Fortify Software\HP
Fortify v3.40\jre\lib\modules\jdk.boot.jar;D:\Program Files\Fortify Software\HP Fortify v3.40\jre\classes
sun.boot.library.path=D:\Program Files\Fortify Software\HP Fortify v3.40\jre\bin
sun.cpu.endian=little
sun.cpu.isalist=pentium_pro+mmx pentium_pro pentium+mmx pentium i486 i386 i86
sun.desktop=windows
sun.io.unicode.encoding=UnicodeLittle
sun.java.launcher=SUN_STANDARD
sun.jnu.encoding=MS949
sun.management.compiler=HotSpot Tiered Compilers
sun.os.patch.level=Service Pack 1
user.country=KR
user.dir=C:\Windows\system32
user.home=C:\Users\Administrator
user.language=ko
user.name=5002536
user.timezone=Asia/Seoul
user.variant=
win32.LocalAppdata=C:\Users\Administrator\AppData\Local
-scan
-pid-file
C:\Users\ADMINI~1\AppData\Local\Temp\PID6469815142888690840.tmp
-b
SummerBoard
-machine-output
-format
fpr
-f
C:\Users\Administrator\AppData\Local/Fortify\AWB-3.40\SummerBoard\SummerBoard.fpr
[10002] Unable to parse T-SQL at D:\00.\Fortify_\20131021\SummerBoard\src\config\smboard_schema.sql:24:28.
[10002] Unable to parse T-SQL at D:\00.\Fortify_\20131021\SummerBoard\build\classes\config\smboard_schema.sql:4:17.
[10002] Unable to parse T-SQL at D:\00.\Fortify_\20131021\SummerBoard\build\classes\config\smboard_schema.sql:24:28.
[10002] Unable to parse T-SQL at D:\00.\Fortify_\20131021\SummerBoard\build\classes\config\smboard_schema.sql:8:28.
[10002] Unable to parse T-SQL at D:\00.\Fortify_\20131021\SummerBoard\src\config\smboard_schema.sql:4:17.
[10002] Unable to parse T-SQL at D:\00.\Fortify_\20131021\SummerBoard\src\config\smboard_schema.sql:8:28.
[10002] Unable to parse T-SQL at D:\00.\Fortify_\20131021\SummerBoard\src\config\smboard_schema.sql:37:28.
[10002] Unable to parse T-SQL at D:\00.\Fortify_\20131021\SummerBoard\build\classes\config\smboard_schema.sql:37:28.
[212] Encountered an exception while trying to read rule pack D:\Program Files\Fortify Software\HP Fortify
v3.40\Core\config\customrules\externalmetadata.xml
[212] Encountered an exception while trying to read rule pack D:\Program Files\Fortify Software\HP Fortify
v3.40\Core\config\customrules\externalmetadata.xml
Commandline Arguments
Warnings
Fortify Security Report
Copyright 2010 Fortify Software Inc. Page 30 of 32
Issue Count by CategoryIssues by Category
Trust Boundary Violation 19Hidden Field 9Path Manipulation 8Race Condition: Singleton Member Field 8Cross-Site Request Forgery 7JavaScript Hijacking: Vulnerable Framework 6Poor Logging Practice: Use of a System Output Stream 4System Information Leak 4Cross-Site Scripting: Reflected 3Missing Check against Null 3Password Management: Password in Comment 3Insecure Randomness 2Often Misused: File Upload 2Password Management: Password in Configuration File 2Poor Error Handling: Overly Broad Catch 2Privacy Violation: Autocomplete 2Redundant Null Check 2SQL Injection: iBatis Data Map 2J2EE Misconfiguration: Excessive Session Timeout 1J2EE Misconfiguration: Missing Error Handling 1
Fortify Security Report
Copyright 2010 Fortify Software Inc. Page 31 of 32