tracker issue : CF-4126652

select a category, or use search below
(searches all categories and all time range)
Title:

Security Analyzer - Fails to detect XSS when variable goes through duplicate(), structAppend(), or structCopy()

| View in Tracker

Status/Resolution/Reason: Closed/Fixed/

Reporter/Name(from Bugbase): David Epler / David Epler (David Epler)

Created: 03/09/2016

Components: Security Analyzer

Versions: 2016

Failure Type: Unspecified

Found In Build/Fixed In Build: Alpha_v12 /

Priority/Frequency: Normal / Unknown

Locale/System: English / Win All

Vote Count: 0

The security analyzer does not detect XSS when an unsafe variable is processed through duplicate, structappend, or structcopy.

The resulting variable after the operation should also be considered unsafe since it is a duplicate or copy of the original untrusted data.

Strangely it is flagged as SQLi though which is correct.

----------------------------- Additional Watson Details -----------------------------

Watson Bug ID:	4126652

External Customer Info:
External Company:  
External Customer Name: David Epler
External Customer Email: dcepler@dcepler.net
External Test Config: Friendly Name: Current MBP
System Type: Laptop
Brand: Apple 
Model: Mid-2012 15"
Processor Type: Intel Core i7
Processor Speed: 2GHz to 3GHz
Memory: 8GB to 16GB
Hard Drive Storage: 500GB-1TB
Peripherals: LCD Display
Peripherals: Web-Cam
Connectivity: Ethernet
Connectivity: Wireless 802.11 N
Interfaces: Firewire
Interfaces: USB 2.x
Media: CD
Media: CD-R
Media: CD-RW
Media: DVD
Media: DVD+R
Media: DVD-R
Media: SD Card
Primary Operating System: Mac OS X 10.9 (Mavericks)
Secondary Operating System: Windows 7 64
System Location: Other
Time Owned: 2 to 3 Years


Bug File Paths:
\\sjshare.corp.adobe.com\Prereleasebugfiles\ColdFusion\12.0\Alpha_v12\4027841\variable-through-duplicate.cfm
	 
\\sjshare.corp.adobe.com\Prereleasebugfiles\ColdFusion\12.0\Alpha_v12\4027841\variable-through-structcopy.cfm
	 
\\sjshare.corp.adobe.com\Prereleasebugfiles\ColdFusion\12.0\Alpha_v12\4027841\variable-through-structappend.cfm

Attachments:

Comments:

Adding BUG AUDIT TRAIL ********action: updated fieldName: Date Closed newValue: 2015-09-21 23:29:34.0 oldValue: Blank oprid: preethi recordName: RQ_DEFECT timpestamp: 2015-09-22 06:29:34.0 action: updated fieldName: Closed By newValue: preethi oldValue: Blank oprid: preethi recordName: RQ_DEFECT timpestamp: 2015-09-22 06:29:34.0 action: updated fieldName: Owner newValue: Blank oldValue: preethi oprid: preethi recordName: RQ_DEFECT timpestamp: 2015-09-22 06:29:34.0 action: updated fieldName: Reason newValue: Blank oldValue: Fixed oprid: preethi recordName: RQ_DEFECT timpestamp: 2015-09-22 06:29:34.0 action: updated fieldName: Status newValue: Fixed oldValue: ToTest oprid: preethi recordName: RQ_DEFECT timpestamp: 2015-09-22 06:29:34.0 action: updated fieldName: State newValue: Closed oldValue: Open oprid: preethi recordName: RQ_DEFECT timpestamp: 2015-09-22 06:29:34.0 action: updated fieldName: Fixed By newValue: uogra oldValue: Blank oprid: uogra recordName: RQ_DEFECT timpestamp: 2015-09-21 11:50:30.0 action: updated fieldName: Date Fixed newValue: 2015-09-21 04:50:30.0 oldValue: Blank oprid: uogra recordName: RQ_DEFECT timpestamp: 2015-09-21 11:50:30.0 action: updated fieldName: Owner newValue: preethi oldValue: uogra oprid: uogra recordName: RQ_DEFECT timpestamp: 2015-09-21 11:50:30.0 action: updated fieldName: Reason newValue: Fixed oldValue: Investigate oprid: uogra recordName: RQ_DEFECT timpestamp: 2015-09-21 11:50:30.0 action: updated fieldName: Status newValue: ToTest oldValue: ToFix oprid: uogra recordName: RQ_DEFECT timpestamp: 2015-09-21 11:50:30.0 action: updated fieldName: Changelist newValue: 295591 oldValue: Blank oprid: uogra recordName: RQ_DEFECT timpestamp: 2015-09-21 11:50:30.0 action: updated fieldName: Owner newValue: uogra oldValue: sanniset oprid: preethi recordName: RQ_DEFECT timpestamp: 2015-07-30 11:05:30.0 action: updated fieldName: Severity newValue: 2 oldValue: 3 oprid: preethi recordName: RQ_DEFECT timpestamp: 2015-07-30 11:05:30.0 action: updated fieldName: Priority newValue: 2 oldValue: 0 oprid: preethi recordName: RQ_DEFECT timpestamp: 2015-07-30 11:05:30.0 action: updated fieldName: Dev Assigned newValue: uogra oldValue: sanniset oprid: preethi recordName: RQ_DEFECT timpestamp: 2015-07-30 11:05:30.0 action: updated fieldName: Reason newValue: Investigate oldValue: Blank oprid: preethi recordName: RQ_DEFECT timpestamp: 2015-07-30 10:48:47.0 action: updated fieldName: Owner newValue: sanniset oldValue: preethi oprid: preethi recordName: RQ_DEFECT timpestamp: 2015-07-30 10:48:47.0 action: updated fieldName: Status newValue: ToFix oldValue: Unverified oprid: preethi recordName: RQ_DEFECT timpestamp: 2015-07-30 10:48:47.0 action: updated fieldName: Fix By Product Milestone newValue: Beta oldValue: Blank oprid: preethi recordName: RQ_DEFECT timpestamp: 2015-07-30 10:48:47.0 action: updated fieldName: Fix By Milestone newValue: Beta oldValue: Blank oprid: preethi recordName: RQ_DEFECT timpestamp: 2015-07-30 10:48:47.0
Comment by CFwatson U.
3602 | March 09, 2016 04:26:10 AM GMT
Added By:preethi Note Added: Fix will be available in the next release. Thanks! Date Added :2015-09-22 06:29:35.0 Added By: PreRelease User User Name:David Epler Note Added: Entered Bug. Date Added :2015-07-29 12:40:49.0
Comment by CFwatson U.
3603 | March 09, 2016 04:26:12 AM GMT