when i ran fority scanner it reported often misused authentication issue on the below line
hostName=java.net.InetAddress.getLocalHost().getHostName();
I had written a function which will validate this host name against the white list of host names as below.
private String validateHost(String hostName)
{
String[] PossibleHosts = {"host1","host2","host2","host4","host5",};
Integer myhostIndex = Arrays.asList(PossibleHosts).indexOf((hostName).toLowerCase());
if(myhostIndex>=0){
hostName = PossibleHosts[myhostIndex];
} else {
hostName = "";
}
return hostName;
}
which will be called by below line
hostName=validateHost(java.net.InetAddress.getLocalHost().getHostName());
But when i run the fority scan for the next time , it still shows issue on the same line even after i have done the validaiton. what can be done to remove the fortify error.
To answer you, let me explain how Fortify detects this issue, why it's included, then what to do about it.
How Fortify detects this issue: It's basically a super grep. It just finds anywhere you're using java.net.InetAddress.getLocalHost().getHostName() and complains. It is unaffected by data validation.
Why do this? Because this function is sometimes used for security purposes, and it should not be. For example, imagine a dev wanted to trust all messages from their own domain, they might use this to determine where a message came from. But then the security of their system relies on DNS, which is not secure. (See the Details tab for more info.)
What to do: First, make sure that what you're trying to do with java.net.InetAddress.getLocalHost().getHostName() is safe. Basically, that you're not trying to secure your system with this code. Then ignore the finding. At most companies I help, you would write a short explanation of why this code is OK, put it in the comment field of the Issue Summary tab, and mark the Analysis as "Not an Issue." At some places, you could also suppress it. If you're getting a ton of these, you can create a Filter that will knock out the whole category, but realize that you might also knock out some real issues that way.
Source of information: Consultant at Fortify Software 2008-2010, independent application security consultant since then.
I have an application that uses a combination of ContentService.Saved & ContentService.Saving to extend Umbraco to manage content.
I have two websites in one Umbraco installation I am using those methods to keep content up to date in different parts of the tree.
So far I have got everything working the way I wanted to.
Now I want to add a feature that: depending on which Umbraco User is logged in, will either publish the content or simply send it for approval.
So I have changed some lines of code from:
cs.SaveAndPublishWithStatus(savedNode, 0, false)
To this:
cs.SendToPublication(savedNode);
Now the problem that I am finding is that unlike the SaveAndPublishWithStatus() method, the cs.SendToPublication(); doesn't have the option of passing false so that a save event is not raised. So I get into an infinite loop.
When I attach the debugger and manually stop the infinite loop the first time it calls cs.SendToPublication(savedNode); I get exactly the behavior I want.
Any ideas about how I can get round this problem? Is there a different method that I should be using?
You are correct in saying that it currently isn't possible to set raiseEvents to false when sending an item to publication - that's a problem.
I've added that overload in v. 7.6 (http://issues.umbraco.org/issue/U4-9490).
However considering that you need this now, an interim solution could be that you make sure your code is only run once when triggered by the .Saved / .Saving events.
One way to do this would be to check the last saved date (UpdateDate) in your code. If the content was saved within the last second of the current save operation, you know that this is a save event triggered by the save happening in SendToPublication action. Then you also know that the item has already been sent to publication and that this doesn't need to be done again - thereby preventing the endless loop from happening.
In an delphi 2007 application, we have used madExcept to handle exeptions for us. We use the standard dialog, letting the user send us a report with mail if he want to.
We want to add a little to this functionality. If the user choose not to send a full report, we still want to log the exception to a file, but not a full report. We want the exception class and message, and the source file and line number.
The first two is easy, but I can't find a straight forward way of finding the latter.
I have the full exception report in the form of an IMEException interface. As far as I can see, the call stack is available only through the BugReportSections property, which gives me the stack in plain text.
In madStackTrace.pas, there is a StackTrace( )-function that should give me what I want. It takes a lot of parameters, and the documentation is a little short on information..
Question:
Does anybody know the right parameters to feed into StackTrace( ), so that it only return the top item of the stack from the thread where the exception was thrown?
madStackTrace.pas has another function, StackAddrToStr that just takes a single address and returns the formatted text for it. If you're in the except block for the crashing thread you can pass the global ExceptAddr variable to it. If you're in one of the madExcept callbacks use `IMEException.ExceptAddr' instead.
I know how to create a .map file to track down access violation errors when the error message includes an actual address.
But what if the error message says
Access violation at address 00000000. Read of address 00000000.
Where do I start looking for the cause of this problem... ?
The accepted answer does not tell the entire story.
Yes, whenever you see zeros, a NULL pointer is involved. That is because NULL is by definition zero. So calling zero NULL may not be saying much.
What is interesting about the message you get is the fact that NULL is mentioned twice. In fact, the message you report looks a little bit like the messages Windows-brand operating systems show the user.
The message says the address NULL tried to read NULL. So what does that mean? Specifically, how does an address read itself?
We typically think of the instructions at an address reading and writing from memory at certain addresses. Knowing that allows us to parse the error message. The message is trying to articulate that the instruction at address NULL tried to read NULL.
Of course, there is no instruction at address NULL, that is why we think of NULL as special in our code. But every instruction can be thought of as commencing with the attempt to read itself. If the CPUs EIP register is at address NULL, then the CPU will attempt to read the opcode for an instruction from address 0x00000000 (NULL). This attempt to read NULL will fail, and generate the message you have received.
In the debugger, notice that EIP equals 0x00000000 when you receive this message. This confirms the description I have given you.
The question then becomes, "why does my program attempt to execute the NULL address." There are three possibilities which spring to mind:
You have attempt to make a function call via a function pointer which you have declared, assigned to NULL, never initialized otherwise, and are dereferencing.
Similarly, you may be calling an "abstract" C++ method which has a NULL entry in the object's vtable. These are created in your code with the syntax virtual function_name()=0.
In your code, a stack buffer has been overflowed while writing zeros. The zeros have been written beyond the end of the stack buffer, over the preserved return address. When the function later executes its ret instruction, the value 0x00000000 (NULL) is loaded from the overwritten memory spot. This type of error, stack overflow, is the eponym of our forum.
Since you mention that you are calling a third-party library, I will point out that it may be a situation of the library expecting you to provide a non-NULL function pointer as input to some API. These are sometimes known as "call back" functions.
You will have to use the debugger to narrow down the cause of your problem further, but the above possiblities should help you solve the riddle.
An access violation at anywhere near adress '00000000' indicates a null pointer access. You're using something before it's ever been created, most likely, or after it's been FreeAndNil()'d.
A lot of times this is caused by accessing a component in the wrong place during form creation, or by having your main form try and access something in a datamodule that hasn't been created yet.
MadExcept makes it pretty easy to track these things down, and is free for non-commercial use. (Actually, a commercial use license is pretty inexpensive as well, and well worth the money.)
You start looking near that code that you know ran, and you stop looking when you reach the code you know didn't run.
What you're looking for is probably some place where your program calls a function through a function pointer, but that pointer is null.
It's also possible you have stack corruption. You might have overwritten a function's return address with zero, and the exception occurs at the end of the function. Check for possible buffer overflows, and if you are calling any DLL functions, make sure you used the right calling convention and parameter count.
This isn't an ordinary case of using a null pointer, like an unassigned object reference or PChar. In those cases, you'll have a non-zero "at address x" value. Since the instruction occurred at address zero, you know the CPU's instruction pointer was not pointing at any valid instruction. That's why the debugger can't show you which line of code caused the problem — there is no line of code. You need to find it by finding the code that lead up to the place where the CPU jumped to the invalid address.
The call stack might still be intact, which should at least get you pretty close to your goal. If you have stack corruption, though, you might not be able to trust the call stack.
If you get 'Access violation at address 00000000.', you are calling a function pointer that hasn't been assigned - possibly an event handler or a callback function.
for example
type
TTest = class(TForm);
protected
procedure DoCustomEvent;
public
property OnCustomEvent : TNotifyEvent read FOnCustomEvent write FOnCustomEvent;
end;
procedure TTest.DoCustomEvent;
begin
FOnCustomEvent(Self);
end;
Instead of
procedure TTest.DoCustomEvent;
begin
if Assigned(FOnCustomEvent) then // need to check event handler is assigned!
FOnCustomEvent(Self);
end;
If the error is in a third party component, and you can track the offending code down, use an empty event handler to prevent the AV.
When I've stumbled upon this problem I usually start looking at the places where I FreeAndNil() or just xxx := NIL; variables and the code after that.
When nothing else has helped I've added a Log() function to output messages from various suspect places during execution, and then later looked at that log to trace where in the code the access violation comes.
There are ofcourse many more elegant solutions available for tracing these violations, but if you do not have them at your disposal the old-fashioned trial & error method works fine.
It's probably because you are directly or indirectly through a library call accessing a NULL pointer. In this particular case, it looks like you've jumped to a NULL address, which is a b bit hairier.
In my experience, the easiest way to track these down are to run it with a debugger, and dump a stack trace.
Alternatively, you can do it "by hand" and add lots of logging until you can track down exactly which function (and possibly LOC) this violation occurred in.
Take a look at Stack Tracer, which might help you improve your debugging.
Use MadExcept. Or JclDebug.
I will second madExcept and similar tools, like Eurekalog, but I think you can come a good way with FastMM also. With full debugmode enabled, it should give you some clues of whats wrong.
Anyway, even though Delphi uses FastMM as default, it's worth getting the full FastMM for it's additional control over logging.
Here is a real quick temporary fix, at least until you reboot again but it will get rid of a persistent access. I had installed a program that works fine but for some reason, there is a point that did not install correctly in the right file. So when it cannot access the file, it pops up the access denied but instead of just one, it keeps trying to start it up so even searching for the location to stop it permanently, it will continue to pop up more and more and more every 3 seconds. To stop that from happening at least temporarily, do the following...
Ctl+Alt+Del
Open your Task Manager
Note down the name of the program that's requesting access (you may see it in your application's tab)
Click on your Processes tab
Scroll through until you find the Process matching the program name and click on it
Click End Process
That will prevent the window from persistently popping up, at least until you reboot. I know that does not solve the problem but like anything, there is a process of elimination and this step here will at least make it a little less annoying.
I'm facing a strange problem in my project. My actions are getting old param values instead of the actual values which are in Request.Params. I created a HomeController.Echo(string text) action to illustrate it (see screenshot). When I call the action for the first time like "Home/Echo?text=aaa" everything works fine. When I call the same action second time with different text value ("Home/Echo/text=bbb"), I get the old "aaa" value again in my action "text" parameter. Strange think is that Request.Params contains the right "bbb" value.
I'm thinking if there's something I could break myself, but can't figure out anything. I'm serving controllers from IoC container, I overrided ControllerActionInvoker.InvokeActionMethodWithFilters method (to inject dependencies into filters from IoC) and I'm handling HttpApplication.AuthenticateRequest. Im'not working with params/binding anyhow in any of these...
screenshot
The problem was caused by some threading issues probably - I forgot to register controllers in my IoC container with per-request lifecycle (they were registered as singletons).
Have you debugged through the application to see where the value is getting switched out. A simple watch on the text variable (whatever you call it in the code) should yield where the variable gets changed. Without code to run through, I have no clue where it is happening.
I would say write a test, but there is still a possibility of UI interfering here. If you find where in the code it is changing, then write a test to confirm the bug and start whacking at it.
I suggest you to start commenting all the methods you overrode until you isolate the problem. In worst case you will get to the point where the ASP.NET MVC wizard left your project when you created it and where parameter binding definitely worked.