tbernard
(Thomas Bernard)
February 3, 2022, 1:49pm
1
SonarQube : 9.2.2
with
<jsp:include flush="false" page="/include/debut.inc.jsp">
<jsp:param name="PAGE_TITLE" value="Au revoir" />
</jsp:include>
I have a report of “Dynamic JSP inclusion could lead to arbitrary code execution”
But the JSP inclusion is not dynamic if is statically /include/debut.inc.jsp !
#bug:fp
ganncamp
(G Ann Campbell)
February 3, 2022, 2:37pm
2
Hi,
You should report this FP to the FindBugs maintainers by raising an issue on that GitHub project.
Ann
gtoison
(Guillaume Toison)
February 4, 2022, 3:54pm
3
Hello,
As Ann said this rule is from the FindBugs plugin , actually this particular rule is from the Find Sec Bugs project
1 Like
tbernard
(Thomas Bernard)
February 4, 2022, 4:08pm
4
1 Like