|
|
Boost Users : |
Subject: Re: [Boost-users] Veracode Scan
From: Christopher Pisz (christopherpisz_at_[hidden])
Date: 2018-05-02 13:44:28
Yes. Vericode is gives false positivies all the time.
I had a scan fail my application and complainging about
boost::asio::endpoint. I traced the line it was complaining about and it
didn't like a memcpy with 16 bytes passed in as a param, with a destination
field that was 16 bytes. Vericode called that a stack based buffer overrun.
There is nothing wrong with boost::asio::endpoint that I can see.
On Wed, May 2, 2018 at 2:08 AM, Abhijit Dutta via Boost-users <
boost-users_at_[hidden]> wrote:
> Hi There,
>
>
>
> As part of release practice in our org., we have run Veracode (static)
> scan on our application which uses BOOST. We got good amount of error
> pointing to the BOOST libraries. Detecting the false positives and fixing
> the code will be a tedious task.
>
>
>
> So, want to know if anyone in the community has faced such situations and
> want to share their experience on resolving those.
>
>
>
> ~Thanx
>
> Abhijit
>
> _______________________________________________
> Boost-users mailing list
> Boost-users_at_[hidden]
> https://lists.boost.org/mailman/listinfo.cgi/boost-users
>
>
Boost-users list run by williamkempf at hotmail.com, kalb at libertysoft.com, bjorn.karlsson at readsoft.com, gregod at cs.rpi.edu, wekempf at cox.net