|Security Issues in SWT 4.3 version for Windows and MAC [message #1384916]
||Tue, 03 June 2014 06:52
| Madhushree S
Registered: September 2010
I am using SWT-org.eclipse.swt.cocoa.macosx.x86_64 (4.3 version) and org.eclipse.swt.win32.win32.x86 (4.3 version for windows) as part of our Java application.
We specify these jars as Maven dependencies in the Java projects. In order to ship these SWT jars as part of the application, we need to ensure that there are no security issues.Unfortunately when HP Fortify Software Security Center scans(security scans) are run the MAC and Windows SWT jars, 6000+ security issues are reported. There are issues like Path manipulation, command injection, Access control-security manager bypass and others.
For example :
1.In org.eclipse.swt.browser.Browser.java#checkStyle(int style)
Class.forName("org.eclipse.swt.browser.BrowserInitializer") is an Access control-security manager bypass security control
2. System.getProperty("swt.library.path") and many others like these are reported as issues.
Is the SWT jar for Windows and MAC identified with security issues. Are these issues already known? Will these issues be fixed.
Powered by FUDForum
. Page generated in 0.02944 seconds