...
Sound automated detection is infeasible; heuristic checks could be useful.
| Tool | Version | Checker | Description |
|---|---|---|---|
| Parasoft Jtest | 9.5 | SECURITY.EAB.CPCL, SECURITY.EAB.MPT, SECURITY.EAB.SMO, OOP.MUCOP | Implemented |
Related Vulnerabilities
Pugh [Pugh 2009] cites a vulnerability discovered by the Findbugs static analysis tool in the early betas of JDK 1.7 in which the sun.security.x509.InvalidityDateExtension class returned a Date instance through a public accessor without creating defensive copies.
...