tracker issue : CF-4126698

select a category, or use search below
(searches all categories and all time range)
Title:

Security Analyzer - Incorrect SQLi

| View in Tracker

Status/Resolution/Reason: Closed/Withdrawn/AsDesigned

Reporter/Name(from Bugbase): David Epler / David Epler (David Epler)

Created: 03/09/2016

Components: Security Analyzer

Versions: 2016

Failure Type: Unspecified

Found In Build/Fixed In Build: Alpha_v12 /

Priority/Frequency: Trivial / Unknown

Locale/System: English / Win All

Vote Count: 0

The security analyzer incorrectly identifies attached code as having a SQLi where the variable is completely controlled through the code

Security Analyzer should understand the context of variables.

----------------------------- Additional Watson Details -----------------------------

Watson Bug ID:	4126698

External Customer Info:
External Company:  
External Customer Name: David Epler
External Customer Email: dcepler@dcepler.net
External Test Config: Friendly Name: Current MBP
System Type: Laptop
Brand: Apple 
Model: Mid-2012 15"
Processor Type: Intel Core i7
Processor Speed: 2GHz to 3GHz
Memory: 8GB to 16GB
Hard Drive Storage: 500GB-1TB
Peripherals: LCD Display
Peripherals: Web-Cam
Connectivity: Ethernet
Connectivity: Wireless 802.11 N
Interfaces: Firewire
Interfaces: USB 2.x
Media: CD
Media: CD-R
Media: CD-RW
Media: DVD
Media: DVD+R
Media: DVD-R
Media: SD Card
Primary Operating System: Mac OS X 10.9 (Mavericks)
Secondary Operating System: Windows 7 64
System Location: Other
Time Owned: 2 to 3 Years


Bug File Paths:
\\sjshare.corp.adobe.com\Prereleasebugfiles\ColdFusion\12.0\Alpha_v12\4022426\nosqli.cfm
	 
\\sjshare.corp.adobe.com\Prereleasebugfiles\ColdFusion\12.0\Alpha_v12\4022426\no-sqli-variant-2.cfm
	 
\\sjshare.corp.adobe.com\Prereleasebugfiles\ColdFusion\12.0\Alpha_v12\4022426\no-sqli-variant-1.cfm
	 
\\sjshare.corp.adobe.com\Prereleasebugfiles\ColdFusion\12.0\Alpha_v12\4022426\no-sqli-variant-4.cfm
	 
\\sjshare.corp.adobe.com\Prereleasebugfiles\ColdFusion\12.0\Alpha_v12\4022426\no-sqli-variant-3.cfm
	 
\\sjshare.corp.adobe.com\Prereleasebugfiles\ColdFusion\12.0\Alpha_v12\4022426\no-sqli-variant-5.cfm
	 
\\sjshare.corp.adobe.com\Prereleasebugfiles\ColdFusion\12.0\Alpha_v12\4022426\no-sqli-variant-6.cfm

Attachments:

Comments:

Adding BUG AUDIT TRAIL ********action: updated fieldName: State newValue: Closed oldValue: Open oprid: preethi recordName: RQ_DEFECT timpestamp: 2015-07-20 11:39:20.0 action: updated fieldName: Dev Assigned newValue: uogra oldValue: sanniset oprid: preethi recordName: RQ_DEFECT timpestamp: 2015-07-20 11:39:20.0 action: updated fieldName: Reason newValue: AsDesigned oldValue: Blank oprid: preethi recordName: RQ_DEFECT timpestamp: 2015-07-20 11:39:20.0 action: updated fieldName: Date Closed newValue: 2015-07-20 04:39:20.0 oldValue: Blank oprid: preethi recordName: RQ_DEFECT timpestamp: 2015-07-20 11:39:20.0 action: updated fieldName: Owner newValue: Blank oldValue: preethi oprid: preethi recordName: RQ_DEFECT timpestamp: 2015-07-20 11:39:20.0 action: updated fieldName: Closed By newValue: preethi oldValue: Blank oprid: preethi recordName: RQ_DEFECT timpestamp: 2015-07-20 11:39:20.0 action: updated fieldName: Status newValue: Withdrawn oldValue: Unverified oprid: preethi recordName: RQ_DEFECT timpestamp: 2015-07-20 11:39:20.0
Comment by CFwatson U.
3477 | March 09, 2016 04:40:25 AM GMT
Added By: PreRelease User User Name:David Epler Note Added: Added File Date Added :2015-07-25 17:44:49.0 Added By: PreRelease User User Name:David Epler Note Added: Added additional variants of code that all mitigate SQLi Date Added :2015-07-25 16:44:33.0 Added By: PreRelease User User Name:Adam Cameron Note Added: If this is representative of "the design", then the bug is in the design. It's still a bug. Needs to be reopened. Date Added :2015-07-20 19:45:46.0 Added By: PreRelease User User Name:David Epler Note Added: Why has this been withdrawn? Generating False Positives is not "As Designed" Date Added :2015-07-20 17:27:51.0 Added By:preethi Note Added: Hi David, As of now any variable assignment inside a cfif / loop / switch-case is not analyzed. And since there is a possibility of the code going into either the if case or the else case, a warning will be thrown for the vulnerable code. Thanks! Date Added :2015-07-20 11:39:20.0 Added By: PreRelease User User Name:David Epler Note Added: Entered Bug. Date Added :2015-07-18 12:57:19.0
Comment by CFwatson U.
3478 | March 09, 2016 04:40:26 AM GMT