Status/Resolution/Reason: Closed/Fixed/
Reporter/Name(from Bugbase): David Epler / David Epler (David Epler)
Created: 03/09/2016
Components: Security Analyzer
Versions: 2016
Failure Type: Unspecified
Found In Build/Fixed In Build: Alpha3_v12 /
Priority/Frequency: Major / Unknown
Locale/System: English / Win All
Vote Count: 0
Using BlogCFC as example code.
The Security Analyzer is incorrectly flagging the use of the variable posted in getActiveDays() method within org/camden/blog/blog.cfc. The variable posted is controlled the entire time when it is used in the method. It does use instance.offset which is set in the init() method of blog.cfc. The value for instance.offset originates from the settings from blog.ini.cfm. At no time is any user provided data used in the creation of the variable posted and therefore is a false positive for SQLi.
----------------------------- Additional Watson Details -----------------------------
Watson Bug ID: 4126531
External Customer Info:
External Company:
External Customer Name: David Epler
External Customer Email: dcepler@dcepler.net
External Test Config:
Bug File Paths:
\\sjshare.corp.adobe.com\Prereleasebugfiles\ColdFusion\12.0\Alpha3_v12\4086190\blog.cfc
Attachments:
Comments: