SoftwareSecurity2014/Group 5/Log

Uit Werkplaats
< SoftwareSecurity2014‎ | Group 5
Versie door Evertson Croes (overleg | bijdragen) op 5 jun 2014 om 14:29 (2014-06-02)
(wijz) ← Oudere versie | Huidige versie (wijz) | Nieuwere versie → (wijz)
Ga naar: navigatie, zoeken

2014-04-23

Started investigating Fortify's and Rat's findings.

2014-04-15

Decided about which software: Simple Machines Forum and topic V5: Input validation. We also ran a Fortify analysis on the code.

2014-04-17 - 2014-04-20

Harm: Installing the Fortify Software Security Center. This gave some trouble. In the MySQL import script it tried to create an index with keys that were too long. I simply commented line 3618 where it creates the issue_mappedCategory_idx index. Then I couldn't seed the process templates:

FMNestedException: Multiple errors have occurred. com.fortify.manager.exception.FMUserInputException: Error parsing search string, Unknown Modifier: owasp top 10 2007

... and lots of more similar errors. I found a more recent version of Foritfy where I still had to comment the same line in the import script. During seeding the database I found that I had to increase MySQL's max packet size. When I imported my Fortify analysis result it gave an error:

Caused by: org.springframework.jdbc.UncategorizedSQLException: Hibernate operation: could not execute update query; uncategorized SQLException for SQL [update issue set folder_id=? where projectVersion_id=? and (id in (select issue1_.id from issue issue1_ where issue1_.projectVersion_id=? and issue1_.confidence>=? and issue1_.confidence<=? and issue1_.severity>? and issue1_.severity<=?))]; SQL state [HY000]; error code [1093]; You can't specify target table 'issue' for update in FROM clause; nested exception is java.sql.SQLException: You can't specify target table 'issue' for update in FROM clause

2014-04-22

Harm + Evertson: Trying to get the SSC to work with Microsoft SQL server. When importing our fortify project it seems stuck at 100% cpu. Danny: Ran Fortify on SMF; Processed issues in Fority Harm: Ran Rats on SMF; Processed issues Group: Fortify and RATS issues divided

2014-04-23

Evertson + Danny + Harm: Processed issues Fortify

2014-04-24

Harm: Processed issues

2014-04-25

Evertson: Processed issues

2014-04-28

Danny: Processed issues Fortify & RATS

2014-04-29

Harm: Processed issues

2014-04-30

Harm: Processed issues

Danny: Processed issues Fortify & RATS

2014-05-02

Danny: investigate RIPS

2014-05-01 until 2014-05-05

Writing the wiki pages.


2014-05-20

Divided work:

Account settings: Evertson

Forum profile: Danny

Look and layout + Notifications: Harm

Personal messages: Harm

Buddies/ingore list: Harm

2014-05-21

Harm: Manual Analysis & writing wiki page about look and layout

2014-05-22

Harm: Manual Analysis & writing wiki page about Change theme + look and layout

Evertson: Manual analysis & writing wiki page about account settings

2014-05-26

Harm: Manual Analysis & writing wiki page about Notifications + look and layout

Danny: Manual Analysis of input fields

2014-05-28

Harm: Manual Analysis & writing wiki page about Notifications + look and layout

Danny: Manual Analysis: changing avatar input and uploading of corrupt and invalid images. Validation of avatar by URL.

2014-06-01

Danny: results of Forum profile on wiki page

Evertson: Account settings wiki page

2014-06-02

Evertson: Added screenshots (account settings)

2014-06-03

All: Analysis + Wiki writing

2014-06-05

All: Analysis + Wiki writing