Cadet 1st Class Cadet 1st Class
Cadet 1st Class
4835 views

Singleton findings

We’re seeing Fortify 4.1 (Linux, 2014.1.0.0010) misidentify a lot of findings as singletons.   Anyone have this issue or know a way to get SCA to stop doing this?

0 Likes
4 Replies
Absent Member.
Absent Member.

Hi Stephen, I believe this is something our research team is aware of. We have a bugfix request open which, if all goes to plan, should be included in our next rulepack release. Apologies for the inconvenience in the meantime.

0 Likes
Absent Member.
Absent Member.

Hi Stephen, what do you mean "findings as singletons"?

Does it see Singleton classes while they are not actually Singletons?

Does it report the same issue multiple times?

Something else?

0 Likes
Absent Member.
Absent Member.

Hi Geert, in the bug I was referring to, in certain situations SCA will define a nested bean as a singleton even though it may not be. This has led to a number of false positive "Race Condition: Singleton Member field" issues being reported. So you shouldn't see the same issue multiple times, but you may have single issues reported which are false positives. As I say, our research group are currently working on a fix for this which is due to be included in the next rulepack release.

If you're seeing different behaviour to this please drop an email to fortifytechsupport@hp.com and the team will take a closer look.

0 Likes
Absent Member.
Absent Member.

Got it, thanks! We do get "Race Condition: Singleton Member field" but in a different scenarios. Not an issue for us right now.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.