IBM Support

PI38444: JavaScript Analyzer crashes on jcarousellite.js

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as Permanent restriction.

Error description

  • 1) Expected behavior:
JSA will analyse jcarousellite.js correctly and not crash
2) Observed behavior:
JSA crashes on jcarousellite.js file:
[2015-03-17 12:47:17,779] [ERROR] [main]
[com.ibm.appscan.jsa.frontend.JsAnalyzer] [ndc:]
[JsAnalyzer.java:243] - Problem getting taint analysis results
com.ibm.wala.ipa.cha.ClassHierarchyException: Parsing issue:
org.mozilla.javascript.EvaluatorException: Compilation produced
2 syntax errors. (js_scan2396204092542548108.js#1)
   at
org.mozilla.javascript.tools.ToolErrorReporter.runtimeError(Tool
ErrorReporter.java:142)
   at org.mozilla.javascript.Parser.parse(Parser.java:391)
   at org.mozilla.javascript.Parser.parse(Parser.java:336)
3) Workarounds (if applicable):
N/A
4) Reproduction Steps:
1. Open the support file
2. Manual explore starting URL
3. Test only
4. debug log will have that error on jcarousellite.js
5) Additional Technical detail:
Rhino(the open source javascript front end that JSA use) should
be upgraded.

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED:                                              *
* ASD, ASE                                                     *
****************************************************************
* PROBLEM DESCRIPTION:                                         *
* JSA crashes on jcarousellite.js file:                        *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************

    



Problem conclusion


    

  • The Dynamic DOM Based XSS tests were excluded form the default
test policy because the caused memory and performance issues.

Sincenow running with more memory and the tests' logic was
improved to consume less memory, we re-enable these tests by
default.

The rules to be enabled are:
AdobeRoboHelpDOMBasedXSS:AdobeRoboHelpDOMBasedXSS1
AdobeRoboHelpDOMBasedXSS:AdobeRoboHelpDOMBasedXSS2
DOMBasedXSS:DOMXSSAppendFragment1
DOMBasedXSS:DOMXSSAppendFragment2
DOMBasedXSS2:DOMXSSParameter1
DOMBasedXSS2:DOMXSSParameter2

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PI38444
    • 

  • Reported component name
    SEC APPSCAN STD
    • 

  • Reported component ID
    5724T5900
    • 

  • Reported release
    901
    • 

  • Status
    CLOSED  PRS
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2015-04-05
    • 

  • Closed date
    2016-05-01
    • 

  • Last modified date
    2016-05-01
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":null,"label":null},"Product":{"code":"SUPPORT","label":"IBM Worldwide Support"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"901","Edition":"","Line of Business":{"code":null,"label":null}}]
              

                                                                    

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            08 September 2020
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback