Skip to content

yup #89

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
lakeyscott wants to merge 1,826 commits into
base: gh-pages
Choose a base branch
from

升级版本到0.5.3

3aa5689
Select commit
Loading
Failed to load commit list.
Open

yup #89

升级版本到0.5.3
3aa5689
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / CodeQL failed May 29, 2025 in 3s

11 new alerts including 11 high severity security vulnerabilities

New alerts in code changed by this pull request

Security Alerts:

  • 11 high

Alerts not introduced by this pull request might have been detected because the code changes were too large.

See annotations below for details.

View all branch alerts.

Annotations

Check failure on line 60 in Android/LuaViewSDK/pom.xml

See this annotation in the file changed.

Code scanning / CodeQL

Failure to use HTTPS or SFTP URL in Maven artifact upload/download High

Downloading or uploading artifacts over insecure protocol (eg. http or ftp) to/from repository http://mvnrepo.alibaba-inc.com/mvn/releases

Check failure on line 64 in Android/LuaViewSDK/pom.xml

See this annotation in the file changed.

Code scanning / CodeQL

Failure to use HTTPS or SFTP URL in Maven artifact upload/download High

Downloading or uploading artifacts over insecure protocol (eg. http or ftp) to/from repository http://mvnrepo.alibaba-inc.com/mvn/snapshots

Check failure on line 202 in Android/LuaViewSDK/src/com/taobao/luaview/scriptbundle/asynctask/delegate/ScriptBundleUnpackDelegate.java

See this annotation in the file changed.

Code scanning / CodeQL

Arbitrary file access during archive extraction ("Zip Slip") High

Unsanitized archive entry, which may contain '..', is used in a
file system operation
Loading
.
Unsanitized archive entry, which may contain '..', is used in a
file system operation
Loading
.

Check failure on line 213 in Android/LuaViewSDK/src/com/taobao/luaview/scriptbundle/asynctask/delegate/ScriptBundleUnpackDelegate.java

See this annotation in the file changed.

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
Loading
.

Check failure on line 214 in Android/LuaViewSDK/src/com/taobao/luaview/scriptbundle/asynctask/delegate/ScriptBundleUnpackDelegate.java

See this annotation in the file changed.

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
Loading
.

Check failure on line 77 in Android/LuaViewSDK/src/com/taobao/luaview/util/DecryptUtil.java

See this annotation in the file changed.

Code scanning / CodeQL

Use of a broken or risky cryptographic algorithm High

Cryptographic algorithm
AES/CBC/PKCS5Padding
Loading
is insecure. CBC mode with PKCS#5 or PKCS#7 padding is vulnerable to padding oracle attacks. Consider using GCM instead.

Check failure on line 79 in Android/LuaViewSDK/src/com/taobao/luaview/util/DecryptUtil.java

See this annotation in the file changed.

Code scanning / CodeQL

Use of a broken or risky cryptographic algorithm High

Cryptographic algorithm
AES/CBC/PKCS5Padding
Loading
is insecure. CBC mode with PKCS#5 or PKCS#7 padding is vulnerable to padding oracle attacks. Consider using GCM instead.

Check failure on line 80 in Android/LuaViewSDK/src/com/taobao/luaview/util/DecryptUtil.java

See this annotation in the file changed.

Code scanning / CodeQL

Using a static initialization vector for encryption High

A
static initialization vector
Loading
should not be used for encryption.

Check failure on line 480 in Android/LuaViewSDK/src/org/luaj/vm2/Globals.java

See this annotation in the file changed.

Code scanning / CodeQL

Implicit narrowing conversion in compound assignment High

Implicit cast of source type long to narrower destination type
int
Loading
.

Check failure on line 464 in Android/LuaViewSDK/src/org/luaj/vm2/compiler/FuncState.java

See this annotation in the file changed.

Code scanning / CodeQL

Implicit narrowing conversion in compound assignment High

Implicit cast of source type int to narrower destination type
short
Loading
.

Check failure on line 20 in Android/LuaViewSDK/target/AndroidManifest.xml

See this annotation in the file changed.

Code scanning / CodeQL

Android debuggable attribute enabled High

The 'android:debuggable' attribute is enabled.