This website uses cookies. By continuing to browse or login to this website, you consent to the use of cookies. Learn more.
OK
Vishal_Chugh
Absent Member.
Absent Member.
‎2014-12-04 06:09
4892 views

Fortify on Oracle codebase

 

Hi ,

 

1)   HP Fortify SCA (6.10) , doesn't recognize/scan any other extentions ( .pkg , .syn, .trig etc) . It works only on .sql files . That too doesnt report any errors/issues . What all configuraitons steps are required to make other extensions work ?  ( Though introducing com.fortify.sca.fileextensions.pkg = PLSQL in fortify-sca.properties dint help , it still remains unrecognized)

 

2)  Introducing SQL-injeciton code ( https://docs.oracle.com/cd/E38689_01/pt853pbr0/eng/pt/tpcd/task_PreventingSQLInjection-0749b7.html ) for testing purpose , also dint help. It doesnt catch this problem as well.  It still reports zero errors.

 

Can someone please advise.

Tags (1)
0 Likes
Reply
Report Inappropriate Content
0 Replies
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.