-
Notifications
You must be signed in to change notification settings - Fork 136
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
java.lang.IllegalArgumentException: Error: missing bug code for keySECXXEVAL #983
Comments
Thank you for reporting this, I think this is due to a new bug detector introduced in find-sec-bugs/find-sec-bugs#728 In the meantime you might have an XML validator susceptible to XXE in your code. I think that fixing this (see https://openjdk.org/jeps/185) would solve the problem because the error happens when trying to report the bug |
With version 4.2.9 the problem is still there: |
The issue in findsecbugs was fixed but unfortunately not released. |
To add to that, it also means your build you are using it against has an XXE exposure so if you can track that down and patch it, the issue goes away. |
As there seems to be no release coming from find-sec-bugs, is it an option to downgrade find-sec-bugs in the SonarQube plugin? |
Issue Description
If the Sonarqube rule: findsecbugs:XXE_VALIDATOR is active, a project results in Error: missing bug code for keySECXXEVAL
Environment
Stacktrace:
The text was updated successfully, but these errors were encountered: