Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Standard Widget Toolkit (SWT) » Security Issues in SWT 4.3 version for Windows and MAC
Security Issues in SWT 4.3 version for Windows and MAC [message #1384916] Tue, 03 June 2014 06:52
Madhushree  S is currently offline Madhushree S
Messages: 20
Registered: September 2010
Junior Member
Hi,
I am using SWT-org.eclipse.swt.cocoa.macosx.x86_64 (4.3 version) and org.eclipse.swt.win32.win32.x86 (4.3 version for windows) as part of our Java application.
We specify these jars as Maven dependencies in the Java projects. In order to ship these SWT jars as part of the application, we need to ensure that there are no security issues.Unfortunately when HP Fortify Software Security Center scans(security scans) are run the MAC and Windows SWT jars, 6000+ security issues are reported. There are issues like Path manipulation, command injection, Access control-security manager bypass and others.
For example :
1.In org.eclipse.swt.browser.Browser.java#checkStyle(int style)
Class.forName("org.eclipse.swt.browser.BrowserInitializer") is an Access control-security manager bypass security control
2. System.getProperty("swt.library.path") and many others like these are reported as issues.

Is the SWT jar for Windows and MAC identified with security issues. Are these issues already known? Will these issues be fixed.
Thanks.

Best Regards,
Madhu
Previous Topic:Border of table
Next Topic:Window 7 scaling issue (high DPI ?) on 125% display
Goto Forum:
  


Current Time: Tue Sep 16 17:42:08 GMT 2014

Powered by FUDForum. Page generated in 0.01888 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software