0

As shown in the picture below, line 18 shows that a hard-coded vulnerability was scanned.

image

But it does not report the issue when I import this flagged module in other files. And strangely, it also reports this problem when I remove the flagged module.

Please help me fix this.

Shayan Shafiq
  • 1,447
  • 5
  • 18
  • 25
j0ck
  • 1
  • 1
  • 1
    It seems that the scanner thinks that there's a hard-coded password in the flagged module. As to why that is so is not discernible from what you've shown us. - Please don't post images as part of your question if you can avoid doing so. In this case, you clearly could transfer the text in that image into your question as text. You should do that. – CryptoFool Nov 12 '20 at 01:46
  • But It will not report the issue when I Import this flagged module in other files.And strangely It will also report this problem when I remove the flagged module. – j0ck Nov 12 '20 at 05:15
  • 1
    Interesting. You should move those comments into the question, as they show what it is that's really the issue for you. – CryptoFool Nov 12 '20 at 06:03
  • Please share the Spotbugs report. – Boris Jun 10 '21 at 07:06

1 Answers1

0

The issue was investigate here: https://github.com/find-sec-bugs/find-sec-bugs/issues/617#issuecomment-741505146

The original poster (@j0ck) found the issue. It was code weaving altering the bytecode and probably modifying the source line metadata.

Answer on Github

h3xStream
  • 6,293
  • 2
  • 47
  • 57