You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Dear Valeri Barsegov Group,
We are a group of Academic researchers. We are analyzing vulnerable C++ code snippets migrated from StackOverflow to GitHub. Our research will be published in Academic publications and will not be used in any Industrial application.
We noted a vulnerable code snippet in your repository that was most likely copied from Stack Overflow. The vulnerability exists in this source code file of your repository.
Please verify our report here with regards to the above vulnerability to assist you. Link to report with four questions for you related to the vulnerability (should not take more than 5 minutes to answer).
Here is a summary of the vulnerable code snippet:
Description:
This code snippet only works when are characters are in ASCII.
Please do never assume characters are ASCII specially when there is user input involved, You can see one of a reasons here
Mitigation:
Use boost::locale::to_lower which works well on UTF8 too. More info.
Please verify our report here with regards to the above vulnerability to assist you. Link to report with four questions for you related to the vulnerability (should not take more than 5 minutes to answer).
Dear Valeri Barsegov Group,
We are a group of Academic researchers. We are analyzing vulnerable C++ code snippets migrated from StackOverflow to GitHub. Our research will be published in Academic publications and will not be used in any Industrial application.
We noted a vulnerable code snippet in your repository that was most likely copied from Stack Overflow. The vulnerability exists in this source code file of your repository.
Please verify our report here with regards to the above vulnerability to assist you.
Link to report with four questions for you related to the vulnerability (should not take more than 5 minutes to answer).
Here is a summary of the vulnerable code snippet:
Description:
This code snippet only works when are characters are in ASCII.
Please do never assume characters are ASCII specially when there is user input involved, You can see one of a reasons here
Mitigation:
Use
boost::locale::to_lower
which works well on UTF8 too. More info.References:
https://security.stackexchange.com/a/133970/39676
https://www.boost.org/doc/libs/1_51_0/libs/locale/doc/html/conversions.html
Please verify our report here with regards to the above vulnerability to assist you.
Link to report with four questions for you related to the vulnerability (should not take more than 5 minutes to answer).
Sincerely yours,
Morteza Verdi, Shiraz university, E-mail: [email protected]
Jafar Akhondali, Shiraz university, E-mail: [email protected]
Ashkan Sami, Shiraz university, E-mail: [email protected]
Foutse Khomh, Polytechnique Montreal, E-mail: [email protected], website: http://www.khomh.net/
Gias Uddin, Polytechnique Montreal, E-mail: [email protected], website: https://giasuddin.github.io
Alireza Karami motlagh, Shahid Chamran University, E-mail: [email protected]
The text was updated successfully, but these errors were encountered: