Kaixuan Li
Hi, I am trying to use SAST tools on java projects, including **betterscan-ce**. And I want to find out what concrete rules **better-ce** uses to detect vuls. So is there...
**Describe the bug** A clear and concise description of what the bug is. **To Reproduce** Steps to reproduce the behavior: 1. Download the OWASP Benchmark by `git clone https://github.com/OWASP-Benchmark/BenchmarkJava`. 2....
**What happened**: Encountered an error when running the horusec against [OWASP benchmark](https://github.com/OWASP-Benchmark/BenchmarkJava). **What you expected to happen**: get the result file by running horusec against OWASP benchmark. **How to reproduce...
### Describe the false alarm that Slither raise and how you know it's inaccurate: Slither reports `Weak PRNG` when it found there are some module usage `%`, regardless of it...
### Describe the false alarm that Slither raise and how you know it's inaccurate: The current implementation checks for direct `msg.sender` references and `onlyOwner` modifiers. For modifiers, I can see...
Hi, I find that Horusec failed to detect all Java path traversal vulnerabilities when performing on OWASP Benchmark. Furthermore, I observed that there are only 3 rules (HS-JAVA-54, HS-JAVA-55, and...
**What would you like to be added**: Hi, I am performing an evaluation study on Java SAST tools, and I noticed that Horusec is better than other tools like Spotbugs(with...
**Updates** - Affected products - Source code location - Summary **Comments** update vulnerable version range and the source code location.
**Updates** - References **Comments** Add a patch https://github.com/ESAPI/esapi-java-legacy/commit/41138fef5f63d9cf0d5e05d2bee2c7f682ffef3f, of which the commit message claims `Fix for Google Issue #306 and changes to address the side effects of the fix (i.e.,...
**Updates** - Affected products - References **Comments** Add a patch https://github.com/apache/cxf/commit/f8ed98e684c1a67a77ae8726db05a04a4978a445, of which the commit message claims `Update StaxInInterceptor to just create a html error message on the client side...