1
93%
master: 93%

Ran 11 Mar 2022 08:05PM UTC

Files 73

Run time 9s

Badge

Embed ▾

Committed 11 Mar 2022 08:05PM UTC coverage: 92.575%. Remained the same

Job # #798.1

Build Type

push

github-actions

Committed by

web-flow

Commit Message

[JarInfer] Update Apache Commons IO dependency. (#582)

JarInfer depended on a version of commons-io susceptible to
CVE-2021-29425 (a file path sanitization vulnerability).

I don't believe JarInfer is vulnerable, since it isn't dealing with
potentially untrusted file paths from the network, but rather
relatively trusted paths as part of some build system integration.
It also doesn't directly invoke the vulnerable `FileNameUtils.normalize`
API. Thought it uses other methods from `FileNameUtils`, such as
`getFullPath(...)` and `getBaseName(...)`.

Still, for code hygiene, we should update the library to its latest
version.

Original CVE alert raised by SonaType when releasing 0.9.6.

Run Details

4763 of 5145 relevant lines covered (92.58%)

0.93 hits per line

uber / NullAway / #798 / 1
93%
master: 93%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job #798.1

uber / NullAway / #798 / 1 93% master: 93%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job #798.1

uber / NullAway / #798 / 1
93%
master: 93%

README BADGES
x