Eclipse IDE XXE in eclipse.platform

Impact xml files like ".project" are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file for example for review a foreign repository or patch. Vulnerablility was found by static code analysis SonarLint...

GHSA-J24H-XCPC-9JW8 Eclipse IDE XXE in eclipse.platform

Impact xml files like ".project" are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file for example for review a foreign repository or patch. Vulnerablility was found by static code analysis SonarLint...

Don't be afraid of XXE vulnerabilities: understand the beast and how to detect them

Today XML External Entities XXE vulnerabilities are still ubiquitous, despite the fact that recommendations to protect against them have been an integral part of security standards for years. In this post, the first in a series of three blog posts, we will try to demystify XXE vulnerabilities and...

‘Quick Fix’ your C++ issues with SonarLint

​When the team decided to implement quick fixes for C++, we committed to bringing value to the C++ user by providing more than what they had today. It appears we found multiple ways to do that. First, by providing an enhanced version of the checks natively available through the IDE and other...

Supercharge your C++ analysis with SonarLint for CLion

Earlier this year we launched the support for C and C++ in SonarLint for CLion to address quality and security issues for your C/C++ projects. Since then, the team has continued to bring even greater value to the C and C++ users, continuing our mission to empower the community to deliver code tha...

Modernize Code Quality with ‘Quick Fixes’

Delivering functional code that is reliable, safe, and on schedule is a high priority for most development teams. And you’ll agree that the earlier in your workflow you address quality and security issues, the better and cheaper!. Today, I’d like to give you a quick tour of how you can maximize...

Product portals open: we want your input

SonarSource was born from open source software and most of what we do remains FLOSS, so openness and transparency have always been fundamental principles. With a recent change in how we approach product management, we've gone even further. We've recently opened up product portals on Productboard...

Launching ‘Secret Detection’ to keep your Cloud ‘Secrets’ safe

Most digital applications we work on require some type of credentials –– to connect to a database with a username/password, to access computer programs via authorized tokens, or API keys to invoke services for authentication. Credentials a.k.a ‘Secrets’ are pieces of user or system level...