SoftwareSecurity2014/Group 5/Log
Inhoud
- 1 2014-04-23
- 2 2014-04-15
- 3 2014-04-17 - 2014-04-20
- 4 2014-04-22
- 5 2014-04-23
- 6 2014-04-24
- 7 2014-04-25
- 8 2014-04-28
- 9 2014-04-29
- 10 2014-04-30
- 11 2014-05-02
- 12 2014-05-01 until 2014-05-05
- 13 2014-05-20
- 14 2014-05-21
- 15 2014-05-22
- 16 2014-05-26
- 17 2014-05-28
- 18 2014-06-01
- 19 2014-06-02
- 20 2014-06-03
- 21 2014-06-05
2014-04-23
Started investigating Fortify's and Rat's findings.
2014-04-15
Decided about which software: Simple Machines Forum and topic V5: Input validation. We also ran a Fortify analysis on the code.
2014-04-17 - 2014-04-20
Harm: Installing the Fortify Software Security Center. This gave some trouble. In the MySQL import script it tried to create an index with keys that were too long. I simply commented line 3618 where it creates the issue_mappedCategory_idx index. Then I couldn't seed the process templates:
FMNestedException: Multiple errors have occurred. com.fortify.manager.exception.FMUserInputException: Error parsing search string, Unknown Modifier: owasp top 10 2007
... and lots of more similar errors. I found a more recent version of Foritfy where I still had to comment the same line in the import script. During seeding the database I found that I had to increase MySQL's max packet size. When I imported my Fortify analysis result it gave an error:
Caused by: org.springframework.jdbc.UncategorizedSQLException: Hibernate operation: could not execute update query; uncategorized SQLException for SQL [update issue set folder_id=? where projectVersion_id=? and (id in (select issue1_.id from issue issue1_ where issue1_.projectVersion_id=? and issue1_.confidence>=? and issue1_.confidence<=? and issue1_.severity>? and issue1_.severity<=?))]; SQL state [HY000]; error code [1093]; You can't specify target table 'issue' for update in FROM clause; nested exception is java.sql.SQLException: You can't specify target table 'issue' for update in FROM clause
2014-04-22
Harm + Evertson: Trying to get the SSC to work with Microsoft SQL server. When importing our fortify project it seems stuck at 100% cpu. Danny: Ran Fortify on SMF; Processed issues in Fority Harm: Ran Rats on SMF; Processed issues Group: Fortify and RATS issues divided
2014-04-23
Evertson + Danny + Harm: Processed issues Fortify
2014-04-24
Harm: Processed issues
2014-04-25
Evertson: Processed issues
2014-04-28
Danny: Processed issues Fortify & RATS
2014-04-29
Harm: Processed issues
2014-04-30
Harm: Processed issues
Danny: Processed issues Fortify & RATS
2014-05-02
Danny: investigate RIPS
2014-05-01 until 2014-05-05
Writing the wiki pages.
2014-05-20
Divided work:
Account settings: Evertson
Forum profile: Danny
Look and layout + Notifications: Harm
Personal messages: Harm
Buddies/ingore list: Harm
2014-05-21
Harm: Manual Analysis & writing wiki page about look and layout
2014-05-22
Harm: Manual Analysis & writing wiki page about Change theme + look and layout
Evertson: Manual analysis & writing wiki page about account settings
2014-05-26
Harm: Manual Analysis & writing wiki page about Notifications + look and layout
Danny: Manual Analysis of input fields
2014-05-28
Harm: Manual Analysis & writing wiki page about Notifications + look and layout
Danny: Manual Analysis: changing avatar input and uploading of corrupt and invalid images. Validation of avatar by URL.
2014-06-01
Danny: results of Forum profile on wiki page
Evertson: Account settings wiki page
2014-06-02
Evertson: Added screenshots (account settings)
2014-06-03
All: Analysis + Wiki writing
2014-06-05
All: Analysis + Wiki writing