Le 14 mai 2019, lors de sa mise à jour mensuelle, Microsoft a publié un correctif pour une vulnérabilité identifiée comme CVE-2019-0725 [1].
Cette vulnérabilité permet à un attaquant, non authentifié, d’exécuter du code arbitraire à distance après avoir envoyé un paquet spécialement …
Source de l’article sur CERT-FR
Sorting a Stream instance is straightforward and involves just a single API method call — achieving the opposite is not that easy.
In this article, we’ll see how to shuffle a Stream in Java both eagerly and lazily using Stream Collectors factories and custom Spliterators.
Le 22 janvier 2019, Debian a publié un avis de sécurité indiquant que leur gestionnaire de paquets était vulnérable à une injection de code.
Par défaut, les mises à jour sont récupérées en HTTP. Toutefois des vérifications sont effectuées en local afin de vérifier l’intégrité des …
Source de l’article sur CERT-FR
Millions of repositories are hosted on GitHub, and lots of projects hosted there make their way into your project as dependencies. Developers can just look for modules that cover their use-case and import it into their project, which is actually great! The not-so-great part about importing third-party code is that developers usually just ignore the security aspects of it altogether.
According to GitHub, its security scan for vulnerabilities in Ruby and JavaScript unearthed more than four million bugs, which sparked a significant clean-up effort by project owners. As demonstrated by Equifax’s massive data breach, vulnerable open-source software libraries may contain significant security repercussions. GitHub has made some improvements in terms of notifying the user about the security issues in their code, but the users are required to opt into their security alerts.
Writing code to make sure that input parameters are not null does not make Java code "safer;" it’s exactly the opposite — it makes code less readable and less safe.
It would be difficult to argue that null-checks are attractive. Most of the time, it’s just boilerplate code, which contributes nothing to the "logic" of the method. It is a purely technical construct. Like this one:
It’s been about a month since my last research post, and I’ve been musing about the next topic. What should it be? Well, I’ve decided. Since I love nothing more than throwing the gates wide for everyone’s internet anger, I thought I’d weigh in on the subject of self-documenting code vs. comments.
I’ll be awaiting your rage below, in the comments.
Sometimes, when an important project is going poorly there’s a desire to start over. Sometimes this comes from management but often this comes from the developers themselves. They say if they only had a second chance and could start over then they can build the right system.
But that almost never happens. Take it from me. I’ve seen companies try many times and I can say that without exception, when a team sets out to rebuild the same system with basically the same approach, they end up with roughly the same system the started with, including the same problems only this time they have two systems they have to maintain.
Handling large images has always been a pain in my side since I started writing code. Lately, it has started to have a huge impact on page speed and SEO ranking. If your website has poorly optimized images it won’t score well on Google Lighthouse. If it doesn’t score well, it won’t be on the first page of Google. That sucks.
I’ve built and open-sourced a snippet of code that automates the process of creating and deploying an image resize function and an S3 bucket with one simple command. Check out the code here.
Le 22 août 2018, la fondation Apache a publié un correctif de sécurité pour le framework d’application web Struts. Celui-ci concerne la vulnérabilité CVE-2018-11776 permettant d’exécuter du code à distance sans authentification. L’exploitation ne nécessite pas l’installation de modules …
Source de l’article sur CERT-FR
It’s recommended to use Lambda instead of the anonymous class, but there are some pitfalls, such as the potential NoClassDefFoundError.
In this post, I will explore this error and how to avoid it. I have two classes, RequiredObject and OptionalObject. The latter one is optional at runtime, and optional dependency is common especially for this framework.
