Hi There, As part of release practice in our org., we have run Veracode (static) scan on our application which uses BOOST. We got good amount of error pointing to the BOOST libraries. Detecting the false positives and fixing the code will be a tedious task. So, want to know if anyone in the community has faced such situations and want to share their experience on resolving those. ~Thanx Abhijit
Yes. Vericode is gives false positivies all the time. I had a scan fail my application and complainging about boost::asio::endpoint. I traced the line it was complaining about and it didn't like a memcpy with 16 bytes passed in as a param, with a destination field that was 16 bytes. Vericode called that a stack based buffer overrun. There is nothing wrong with boost::asio::endpoint that I can see. On Wed, May 2, 2018 at 2:08 AM, Abhijit Dutta via Boost-users < boost-users@lists.boost.org> wrote:
Hi There,
As part of release practice in our org., we have run Veracode (static) scan on our application which uses BOOST. We got good amount of error pointing to the BOOST libraries. Detecting the false positives and fixing the code will be a tedious task.
So, want to know if anyone in the community has faced such situations and want to share their experience on resolving those.
~Thanx
Abhijit
_______________________________________________ Boost-users mailing list Boost-users@lists.boost.org https://lists.boost.org/mailman/listinfo.cgi/boost-users
Thanks Christopher, did you find any valid cases as such detected by Veracode…
From: Boost-users [mailto:boost-users-bounces@lists.boost.org] On Behalf Of Christopher Pisz via Boost-users
Sent: 02 May 2018 19:14
To: boost-users@lists.boost.org
Cc: Christopher Pisz
participants (2)
-
Abhijit Dutta -
Christopher Pisz