|YaK:: WebLog #535 Topic : 2007-02-01 02.13.01 matt : more bug finding with google code search||[Changes] [Calendar] [Search] [Index] [PhotoTags]|
|[Back to weblog: pretention]|
We had an XSS bug we found as part of our developer testing. As part of fixing it, Aaron Peckham and I came up with a regexp to see if there were any other places we needed to fix. We came up with these two (the latter only works in perl, not in IntelliJ):
It's a common bug to check for >0 instead of >=0 from indexOf. About 10% of the time, it's intentional. Usually, it's not. This isn't exploitable (AFAIK), but it's still a cause of functional bugs that should be fixed.
Google Code Search *still* doesn't support multi-line matching or lookahead/lookbehind, which is really necessary for the bug-finding capabilities to be taken to the next step. Of course, on your own private code you can just make a perl script and do something like:
find . -name "*.js" | xargs perl checkcode.pl
If anyone has improvements upon these regexps or the previous ones , please let me know and I'll post an update!
Discussion:showing all 0 messages
|(last modified 2007-02-01) [Login]|