tracker issue : CF-4126535

select a category, or use search below
(searches all categories and all time range)
Title:

Security Analyzer - incorrect flagging of method="post" on <form>

| View in Tracker

Status/Resolution/Reason: Closed/Fixed/

Reporter/Name(from Bugbase): David Epler / David Epler (David Epler)

Created: 03/09/2016

Components: Security Analyzer

Versions: 2016

Failure Type: Unspecified

Found In Build/Fixed In Build: Alpha3_v12 /

Priority/Frequency: Normal / Unknown

Locale/System: English / Win All

Vote Count: 0

Using LitePost (https://github.com/dcepler/litepost) as example code to test. 

Security Analyzer is flagging fusebox/home/entry/comment/dsp_commentForm.cfm with a warning, low for getvspost when the code clearly has method="post" in <form>.

There are additional files that it incorrectly identfies as well where method="post" is in <form>

----------------------------- Additional Watson Details -----------------------------

Watson Bug ID:	4126535

External Customer Info:
External Company:  
External Customer Name: David Epler
External Customer Email: dcepler@dcepler.net
External Test Config:  


Bug File Paths:
\\sjshare.corp.adobe.com\Prereleasebugfiles\ColdFusion\12.0\Alpha3_v12\4086167\dsp_commentForm.cfm

Attachments:

Comments:

Adding BUG AUDIT TRAIL ********action: updated fieldName: Closed By newValue: preethi oldValue: Blank oprid: preethi recordName: RQ_DEFECT timpestamp: 2015-12-07 08:43:36.0 action: updated fieldName: Reason newValue: Blank oldValue: Fixed oprid: preethi recordName: RQ_DEFECT timpestamp: 2015-12-07 08:43:36.0 action: updated fieldName: State newValue: Closed oldValue: Open oprid: preethi recordName: RQ_DEFECT timpestamp: 2015-12-07 08:43:36.0 action: updated fieldName: Status newValue: Fixed oldValue: ToTest oprid: preethi recordName: RQ_DEFECT timpestamp: 2015-12-07 08:43:36.0 action: updated fieldName: Owner newValue: Blank oldValue: preethi oprid: preethi recordName: RQ_DEFECT timpestamp: 2015-12-07 08:43:36.0 action: updated fieldName: Date Closed newValue: 2015-12-07 00:43:36.0 oldValue: Blank oprid: preethi recordName: RQ_DEFECT timpestamp: 2015-12-07 08:43:36.0 action: updated fieldName: Reason newValue: Fixed oldValue: Blank oprid: uogra recordName: RQ_DEFECT timpestamp: 2015-12-04 11:42:51.0 action: updated fieldName: Status newValue: ToTest oldValue: ToFix oprid: uogra recordName: RQ_DEFECT timpestamp: 2015-12-04 11:42:51.0 action: updated fieldName: Owner newValue: preethi oldValue: uogra oprid: uogra recordName: RQ_DEFECT timpestamp: 2015-12-04 11:42:51.0 action: updated fieldName: Fixed By newValue: uogra oldValue: Blank oprid: uogra recordName: RQ_DEFECT timpestamp: 2015-12-04 11:42:51.0 action: updated fieldName: Changelist newValue: 296656 oldValue: Blank oprid: uogra recordName: RQ_DEFECT timpestamp: 2015-12-04 11:42:51.0 action: updated fieldName: Date Fixed newValue: 2015-12-04 03:42:51.0 oldValue: Blank oprid: uogra recordName: RQ_DEFECT timpestamp: 2015-12-04 11:42:51.0 action: updated fieldName: Fix By Milestone newValue: Gold Master oldValue: Beta2 oprid: vmannebo recordName: RQ_DEFECT timpestamp: 2015-12-01 04:30:29.0 action: updated fieldName: Fix By Product Milestone newValue: Gold Master oldValue: Beta2 oprid: vmannebo recordName: RQ_DEFECT timpestamp: 2015-12-01 04:30:29.0 action: updated fieldName: Fix By Product Milestone newValue: Beta2 oldValue: Beta oprid: vmannebo recordName: RQ_DEFECT timpestamp: 2015-12-01 04:20:32.0 action: updated fieldName: Fix By Milestone newValue: Beta2 oldValue: Beta oprid: vmannebo recordName: RQ_DEFECT timpestamp: 2015-12-01 04:20:32.0 action: updated fieldName: Severity newValue: 2 oldValue: 3 oprid: preethi recordName: RQ_DEFECT timpestamp: 2015-11-12 10:13:37.0 action: updated fieldName: Priority newValue: 2 oldValue: 0 oprid: preethi recordName: RQ_DEFECT timpestamp: 2015-11-12 10:13:37.0 action: updated fieldName: Status newValue: ToFix oldValue: Unverified oprid: preethi recordName: RQ_DEFECT timpestamp: 2015-11-12 10:10:52.0 action: updated fieldName: Dev Assigned newValue: uogra oldValue: sanniset oprid: preethi recordName: RQ_DEFECT timpestamp: 2015-11-12 10:10:52.0 action: updated fieldName: Fix By Product Milestone newValue: Beta oldValue: Blank oprid: preethi recordName: RQ_DEFECT timpestamp: 2015-11-12 10:10:52.0 action: updated fieldName: Fix By Milestone newValue: Beta oldValue: Blank oprid: preethi recordName: RQ_DEFECT timpestamp: 2015-11-12 10:10:52.0 action: updated fieldName: Owner newValue: uogra oldValue: preethi oprid: preethi recordName: RQ_DEFECT timpestamp: 2015-11-12 10:10:52.0 action: updated fieldName: Reason newValue: Blank oldValue: Blank oprid: preethi recordName: RQ_DEFECT timpestamp: 2015-11-12 10:10:52.0
Comment by CFwatson U.
3825 | March 09, 2016 02:29:54 AM GMT
Added By:preethi Note Added: Fix will be available in the next release. Thanks! Date Added :2015-12-07 08:43:36.0 Added By: PreRelease User User Name:David Epler Note Added: Entered Bug. Date Added :2015-11-10 17:12:11.0
Comment by CFwatson U.
3826 | March 09, 2016 02:29:55 AM GMT