From 93f892956142d929f3fd9a70ac35e04b7e6232f4 Mon Sep 17 00:00:00 2001 From: Eric Christensen Date: Mon, 12 Aug 2013 23:12:14 -0400 Subject: [PATCH] Updated POT files --- defensive-coding/pot/Author_Group.pot | 4 +- defensive-coding/pot/Book_Info.pot | 4 +- defensive-coding/pot/C/Allocators.pot | 6 +- defensive-coding/pot/C/C.pot | 4 +- defensive-coding/pot/C/Language.pot | 4 +- defensive-coding/pot/C/Libc.pot | 121 +++++++++- defensive-coding/pot/C/Other.pot | 59 +++++ defensive-coding/pot/C/schemas.pot | 4 +- .../pot/C/snippets/Arithmetic-add.pot | 4 +- .../pot/C/snippets/Arithmetic-mult.pot | 4 +- .../pot/C/snippets/Pointers-remaining.pot | 4 +- .../C/snippets/String-Functions-format.pot | 4 +- .../String-Functions-snprintf-incremental.pot | 28 +++ .../C/snippets/String-Functions-snprintf.pot | 4 +- .../String-Functions-strncat-as-strncpy.pot | 22 ++ .../String-Functions-strncat-emulation.pot | 23 ++ .../String-Functions-strncat-merged.pot | 21 ++ .../C/snippets/String-Functions-strncpy.pot | 4 +- defensive-coding/pot/CXX/CXX.pot | 4 +- defensive-coding/pot/CXX/Language.pot | 4 +- defensive-coding/pot/CXX/Std.pot | 4 +- defensive-coding/pot/CXX/schemas.pot | 4 +- defensive-coding/pot/Defensive_Coding.pot | 4 +- .../pot/Features/Authentication.pot | 4 +- defensive-coding/pot/Features/TLS.pot | 15 +- defensive-coding/pot/Features/schemas.pot | 4 +- .../snippets/TLS-Client-GNUTLS-Connect.pot | 4 +- .../TLS-Client-GNUTLS-Credentials.pot | 4 +- .../snippets/TLS-Client-GNUTLS-Match.pot | 4 +- .../snippets/TLS-Client-GNUTLS-Verify.pot | 4 +- .../snippets/TLS-Client-NSS-Close.pot | 4 +- .../snippets/TLS-Client-NSS-Connect.pot | 32 +-- .../snippets/TLS-Client-OpenJDK-Connect.pot | 4 +- .../snippets/TLS-Client-OpenJDK-Context.pot | 4 +- .../TLS-Client-OpenJDK-Context_For_Cert.pot | 4 +- .../snippets/TLS-Client-OpenJDK-Hostname.pot | 4 +- .../snippets/TLS-Client-OpenJDK-Import.pot | 4 +- .../TLS-Client-OpenJDK-MyTrustManager.pot | 4 +- .../snippets/TLS-Client-OpenJDK-Use.pot | 4 +- .../snippets/TLS-Client-OpenSSL-CTX.pot | 4 +- .../snippets/TLS-Client-OpenSSL-Connect.pot | 4 +- .../TLS-Client-OpenSSL-Connection-Use.pot | 4 +- .../snippets/TLS-Client-OpenSSL-Init.pot | 4 +- .../snippets/TLS-Client-Python-Connect.pot | 4 +- .../TLS-Client-Python-check_host_name.pot | 4 +- .../snippets/TLS-GNUTLS-Credentials-Close.pot | 4 +- .../snippets/TLS-GNUTLS-Disconnect.pot | 4 +- .../pot/Features/snippets/TLS-GNUTLS-Init.pot | 4 +- .../pot/Features/snippets/TLS-GNUTLS-Use.pot | 4 +- .../pot/Features/snippets/TLS-NSS-Close.pot | 4 +- .../Features/snippets/TLS-NSS-Includes.pot | 4 +- .../pot/Features/snippets/TLS-NSS-Init.pot | 10 +- .../pot/Features/snippets/TLS-NSS-Use.pot | 4 +- .../pot/Features/snippets/TLS-Nagle.pot | 4 +- .../snippets/TLS-OpenJDK-Parameters.pot | 4 +- .../snippets/TLS-OpenSSL-Connection-Close.pot | 4 +- .../snippets/TLS-OpenSSL-Context-Close.pot | 4 +- .../Features/snippets/TLS-OpenSSL-Errors.pot | 4 +- .../Features/snippets/TLS-Python-Close.pot | 4 +- .../pot/Features/snippets/TLS-Python-Use.pot | 4 +- defensive-coding/pot/Java/Java.pot | 19 ++ defensive-coding/pot/Java/Language.pot | 214 ++++++++++++++++ defensive-coding/pot/Java/LowLevel.pot | 119 +++++++++ defensive-coding/pot/Java/SecurityManager.pot | 228 ++++++++++++++++++ defensive-coding/pot/Java/schemas.pot | 14 ++ .../pot/Java/snippets/Finally.pot | 26 ++ .../pot/Java/snippets/JNI-Pointers.pot | 50 ++++ .../pot/Java/snippets/Language-ReadArray.pot | 53 ++++ .../snippets/SecurityManager-Callback.pot | 54 +++++ .../SecurityManager-CurrentDirectory.pot | 22 ++ .../snippets/SecurityManager-Privileged.pot | 33 +++ .../snippets/SecurityManager-Unprivileged.pot | 42 ++++ .../pot/Java/snippets/TryWithResource.pot | 23 ++ defensive-coding/pot/Python/Language.pot | 4 +- defensive-coding/pot/Python/schemas.pot | 4 +- defensive-coding/pot/Revision_History.pot | 14 +- defensive-coding/pot/Tasks/Cryptography.pot | 8 +- defensive-coding/pot/Tasks/Descriptors.pot | 6 +- defensive-coding/pot/Tasks/File_System.pot | 4 +- defensive-coding/pot/Tasks/Library_Design.pot | 4 +- defensive-coding/pot/Tasks/Locking.pot | 4 +- defensive-coding/pot/Tasks/Processes.pot | 4 +- defensive-coding/pot/Tasks/Serialization.pot | 63 ++++- .../pot/Tasks/Temporary_Files.pot | 4 +- defensive-coding/pot/Tasks/schemas.pot | 4 +- .../Serialization-XML-Expat-Create.pot | 4 +- ...ialization-XML-Expat-EntityDeclHandler.pot | 4 +- .../Serialization-XML-OpenJDK-Errors.pot | 4 +- .../Serialization-XML-OpenJDK-Imports.pot | 4 +- ...alization-XML-OpenJDK-NoEntityResolver.pot | 4 +- ...ization-XML-OpenJDK-NoResourceResolver.pot | 4 +- .../Serialization-XML-OpenJDK_Parse-DOM.pot | 4 +- ...zation-XML-OpenJDK_Parse-XMLSchema_DOM.pot | 4 +- ...zation-XML-OpenJDK_Parse-XMLSchema_SAX.pot | 4 +- .../Serialization-XML-Qt-NoEntityHandler.pot | 56 +++++ .../Serialization-XML-Qt-NoEntityReader.pot | 39 +++ .../Serialization-XML-Qt-QDomDocument.pot | 30 +++ 97 files changed, 1520 insertions(+), 198 deletions(-) create mode 100644 defensive-coding/pot/C/Other.pot create mode 100644 defensive-coding/pot/C/snippets/String-Functions-snprintf-incremental.pot create mode 100644 defensive-coding/pot/C/snippets/String-Functions-strncat-as-strncpy.pot create mode 100644 defensive-coding/pot/C/snippets/String-Functions-strncat-emulation.pot create mode 100644 defensive-coding/pot/C/snippets/String-Functions-strncat-merged.pot create mode 100644 defensive-coding/pot/Java/Java.pot create mode 100644 defensive-coding/pot/Java/Language.pot create mode 100644 defensive-coding/pot/Java/LowLevel.pot create mode 100644 defensive-coding/pot/Java/SecurityManager.pot create mode 100644 defensive-coding/pot/Java/schemas.pot create mode 100644 defensive-coding/pot/Java/snippets/Finally.pot create mode 100644 defensive-coding/pot/Java/snippets/JNI-Pointers.pot create mode 100644 defensive-coding/pot/Java/snippets/Language-ReadArray.pot create mode 100644 defensive-coding/pot/Java/snippets/SecurityManager-Callback.pot create mode 100644 defensive-coding/pot/Java/snippets/SecurityManager-CurrentDirectory.pot create mode 100644 defensive-coding/pot/Java/snippets/SecurityManager-Privileged.pot create mode 100644 defensive-coding/pot/Java/snippets/SecurityManager-Unprivileged.pot create mode 100644 defensive-coding/pot/Java/snippets/TryWithResource.pot create mode 100644 defensive-coding/pot/Tasks/snippets/Serialization-XML-Qt-NoEntityHandler.pot create mode 100644 defensive-coding/pot/Tasks/snippets/Serialization-XML-Qt-NoEntityReader.pot create mode 100644 defensive-coding/pot/Tasks/snippets/Serialization-XML-Qt-QDomDocument.pot diff --git a/defensive-coding/pot/Author_Group.pot b/defensive-coding/pot/Author_Group.pot index 17d0380..89648c2 100644 --- a/defensive-coding/pot/Author_Group.pot +++ b/defensive-coding/pot/Author_Group.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Book_Info.pot b/defensive-coding/pot/Book_Info.pot index fc85393..58bc7af 100644 --- a/defensive-coding/pot/Book_Info.pot +++ b/defensive-coding/pot/Book_Info.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/C/Allocators.pot b/defensive-coding/pot/C/Allocators.pot index 3c42bc5..bb36f5d 100644 --- a/defensive-coding/pot/C/Allocators.pot +++ b/defensive-coding/pot/C/Allocators.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" @@ -114,7 +114,7 @@ msgstr "" #. Tag: para #, no-c-format -msgid "If malloc or realloc is used, the size check must be written manually. For instance, to allocate an array of n elements of type T, check that the requested size is not greater than n / sizeof(T)." +msgid "If malloc or realloc is used, the size check must be written manually. For instance, to allocate an array of n elements of type T, check that the requested size is not greater than n / sizeof(T). See ." msgstr "" #. Tag: title diff --git a/defensive-coding/pot/C/C.pot b/defensive-coding/pot/C/C.pot index 40a113f..7b22041 100644 --- a/defensive-coding/pot/C/C.pot +++ b/defensive-coding/pot/C/C.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/C/Language.pot b/defensive-coding/pot/C/Language.pot index fdc6e40..87a9969 100644 --- a/defensive-coding/pot/C/Language.pot +++ b/defensive-coding/pot/C/Language.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/C/Libc.pot b/defensive-coding/pot/C/Libc.pot index b02bc86..7c65710 100644 --- a/defensive-coding/pot/C/Libc.pot +++ b/defensive-coding/pot/C/Libc.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" @@ -169,17 +169,52 @@ msgstr "" #. Tag: para #, no-c-format -msgid "The snprintf function provides a way to construct a string in a statically-sized buffer. (If the buffer size is dynamic, use asprintf instead.)" +msgid "The C run-time library provides string manipulation functions which not just look for NUL characters for string termination, but also honor explicit lengths provided by the caller. However, these functions evolved over a long period of time, and the lengths mean different things depending on the function." +msgstr "" + +#. Tag: title +#, no-c-format +msgid "snprintf" msgstr "" #. Tag: para #, no-c-format -msgid "The second argument to the snprintf should always be the size of the buffer in the first argument (which should be a character array). Complex pointer and length arithmetic can introduce errors and nullify the security benefits of snprintf. If you need to construct a string iteratively, by repeatedly appending fragments, consider constructing the string on the heap, increasing the buffer with realloc as needed. (snprintf does not support overlapping the result buffer with argument strings.)" +msgid "The snprintf function provides a way to construct a string in a statically-sized buffer. (If the buffer size is allocated on the heap, consider use asprintf instead.)" msgstr "" #. Tag: para #, no-c-format -msgid "If you use vsnprintf (or snprintf) with a format string which is not a constant, but a function argument, it is important to annotate the function with a format function attribute, so that GCC can warn about misuse of your function (see )." +msgid "The second argument to the snprintf call should always be the size of the buffer in the first argument (which should be a character array). Elaborate pointer and length arithmetic can introduce errors and nullify the security benefits of snprintf." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "In particular, snprintf is not well-suited to constructing a string iteratively, by appending to an existing buffer. snprintf returns one of two values, -1 on errors, or the number of characters which would have been written to the buffer if the buffer were large enough. This means that adding the result of snprintf to the buffer pointer to skip over the characters just written is incorrect and risky. However, as long as the length argument is not zero, the buffer will remain NUL-terminated. works because end -current > 0 is a loop invariant. After the loop, the result string is in the buf variable." +msgstr "" + +#. Tag: title +#, no-c-format +msgid "Repeatedly writing to a buffer using snprintf" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "If you want to avoid the call to strlen for performance reasons, you have to check for a negative return value from snprintf and also check if the return value is equal to the specified buffer length or larger. Only if neither condition applies, you may advance the pointer to the start of the write buffer by the number return by snprintf. However, this optimization is rarely worthwhile." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Note that it is not permitted to use the same buffer both as the destination and as a source argument." +msgstr "" + +#. Tag: title +#, no-c-format +msgid "vsnprintf and format strings" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "If you use vsnprintf (or vasprintf or even snprintf) with a format string which is not a constant, but a function argument, it is important to annotate the function with a format function attribute, so that GCC can warn about misuse of your function (see )." msgstr "" #. Tag: title @@ -187,13 +222,83 @@ msgstr "" msgid "The format function attribute" msgstr "" -#. Tag: para +#. Tag: title #, no-c-format -msgid "There are other functions which operator on NUL-terminated strings and take a length argument which affects the number of bytes written to the destination: strncpy, strncat, and stpncpy. These functions do not ensure that the result string is NUL-terminated. For strncpy, NUL termination can be added this way:" +msgid "strncpy" msgstr "" #. Tag: para #, no-c-format -msgid "Some systems support strlcpy and strlcat functions which behave this way, but these functions are not part of GNU libc. Using snprintf with a suitable format string is a simple (albeit slightly slower) replacement." +msgid "The strncpy function does not ensure that the target buffer is NUL-terminated. A common idiom for ensuring NUL termination is:" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Another approach uses the strncat function for this purpose:" +msgstr "" + +#. Tag: title +#, no-c-format +msgid "strncat" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "The length argument of the strncat function specifies the maximum number of characters copied from the source buffer, excluding the terminating NUL character. This means that the required number of bytes in the destination buffer is the length of the original string, plus the length argument in the strncat call, plus one. Consequently, this function is rarely appropriate for performing a length-checked string operation, with the notable exception of the strcpy emulation described in ." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "To implement a length-checked string append, you can use an approach similar to :" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "In many cases, including this one, the string concatenation can be avoided by combining everything into a single format string:" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "But you should must not dynamically construct format strings to avoid concatenation because this would prevent GCC from type-checking the argument lists." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "It is not possible to use format strings like \"%s%s\" to implement concatenation, unless you use separate buffers. snprintf does not support overlapping source and target strings." +msgstr "" + +#. Tag: title +#, no-c-format +msgid "strlcpy and strlcat" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Some systems support strlcpy and strlcat functions which behave this way, but these functions are not part of GNU libc. strlcpy is often replaced with snprintf with a \"%s\" format string. See for a caveat related to the snprintf return value." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "To emulate strlcat, use the approach described in ." +msgstr "" + +#. Tag: title +#, no-c-format +msgid "ISO C11 Annex K *_s functions" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "ISO C11 adds another set of length-checking functions, but GNU libc currently does not implement them." +msgstr "" + +#. Tag: title +#, no-c-format +msgid "Other strn* and stpn* functions" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "GNU libc contains additional functions with different variants of length checking. Consult the documentation before using them to find out what the length actually means." msgstr "" diff --git a/defensive-coding/pot/C/Other.pot b/defensive-coding/pot/C/Other.pot new file mode 100644 index 0000000..c0828fc --- /dev/null +++ b/defensive-coding/pot/C/Other.pot @@ -0,0 +1,59 @@ +# +# AUTHOR , YEAR. +# +msgid "" +msgstr "" +"Project-Id-Version: 0\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" +"Last-Translator: Automatically generated\n" +"Language-Team: None\n" +"MIME-Version: 1.0\n" +"Content-Type: application/x-publican; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Tag: title +#, no-c-format +msgid "Other C-related topics" +msgstr "" + +#. Tag: title +#, no-c-format +msgid "Wrapper functions" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Some libraries provide wrappers for standard library functions. Common cases include allocation functions such as xmalloc which abort the process on allocation failure (instead of returning a NULL pointer), or alternatives to relatively recent library additions such as snprintf (along with implementations for systems which lack them)." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "In general, such wrappers are a bad idea, particularly if they are not implemented as inline functions or preprocessor macros. The compiler lacks knowledge of such wrappers outside the translation unit which defines them, which means that some optimizations and security checks are not performed. Adding __attribute__ annotations to function declarations can remedy this to some extent, but these annotations have to be maintained carefully for feature parity with the standard implementation." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "At the minimum, you should apply these attributes:" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "If you wrap function which accepts are GCC-recognized format string (for example, a printf-style function used for logging), you should add a suitable format attribute, as in ." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "If you wrap a function which carries a warn_unused_result attribute and you propagate its return value, your wrapper should be declared with warn_unused_result as well." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Duplicating the buffer length checks based on the __builtin_object_size GCC builtin is desirable if the wrapper processes arrays. (This functionality is used by the -D_FORTIFY_SOURCE=2 checks to guard against static buffer overflows.) However, designing appropriate interfaces and implementing the checks may not be entirely straightforward." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "For other attributes (such as malloc), careful analysis and comparison with the compiler documentation is required to check if propagating the attribute is appropriate. Incorrectly applied attributes can result in undesired behavioral changes in the compiled code." +msgstr "" + diff --git a/defensive-coding/pot/C/schemas.pot b/defensive-coding/pot/C/schemas.pot index c6dd072..dadbf49 100644 --- a/defensive-coding/pot/C/schemas.pot +++ b/defensive-coding/pot/C/schemas.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/C/snippets/Arithmetic-add.pot b/defensive-coding/pot/C/snippets/Arithmetic-add.pot index 53ae35b..7b598ad 100644 --- a/defensive-coding/pot/C/snippets/Arithmetic-add.pot +++ b/defensive-coding/pot/C/snippets/Arithmetic-add.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/C/snippets/Arithmetic-mult.pot b/defensive-coding/pot/C/snippets/Arithmetic-mult.pot index ce1b8e8..5c12d00 100644 --- a/defensive-coding/pot/C/snippets/Arithmetic-mult.pot +++ b/defensive-coding/pot/C/snippets/Arithmetic-mult.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/C/snippets/Pointers-remaining.pot b/defensive-coding/pot/C/snippets/Pointers-remaining.pot index a4aabe8..a339142 100644 --- a/defensive-coding/pot/C/snippets/Pointers-remaining.pot +++ b/defensive-coding/pot/C/snippets/Pointers-remaining.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/C/snippets/String-Functions-format.pot b/defensive-coding/pot/C/snippets/String-Functions-format.pot index 9641289..f925895 100644 --- a/defensive-coding/pot/C/snippets/String-Functions-format.pot +++ b/defensive-coding/pot/C/snippets/String-Functions-format.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/C/snippets/String-Functions-snprintf-incremental.pot b/defensive-coding/pot/C/snippets/String-Functions-snprintf-incremental.pot new file mode 100644 index 0000000..248bc70 --- /dev/null +++ b/defensive-coding/pot/C/snippets/String-Functions-snprintf-incremental.pot @@ -0,0 +1,28 @@ +# +# AUTHOR , YEAR. +# +msgid "" +msgstr "" +"Project-Id-Version: 0\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" +"Last-Translator: Automatically generated\n" +"Language-Team: None\n" +"MIME-Version: 1.0\n" +"Content-Type: application/x-publican; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Tag: programlisting +#, no-c-format +msgid "\n" +"char buf[512];\n" +"char *current = buf;\n" +"const char *const end = buf + sizeof(buf);\n" +"for (struct item *it = data; it->key; ++it) {\n" +" snprintf(current, end - current, \"%s%s=%d\",\n" +" current == buf ? \"\" : \", \", it->key, it->value);\n" +" current += strlen(current);\n" +"}\n" +"" +msgstr "" + diff --git a/defensive-coding/pot/C/snippets/String-Functions-snprintf.pot b/defensive-coding/pot/C/snippets/String-Functions-snprintf.pot index 168f85c..cbba76b 100644 --- a/defensive-coding/pot/C/snippets/String-Functions-snprintf.pot +++ b/defensive-coding/pot/C/snippets/String-Functions-snprintf.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/C/snippets/String-Functions-strncat-as-strncpy.pot b/defensive-coding/pot/C/snippets/String-Functions-strncat-as-strncpy.pot new file mode 100644 index 0000000..2130ea7 --- /dev/null +++ b/defensive-coding/pot/C/snippets/String-Functions-strncat-as-strncpy.pot @@ -0,0 +1,22 @@ +# +# AUTHOR , YEAR. +# +msgid "" +msgstr "" +"Project-Id-Version: 0\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" +"Last-Translator: Automatically generated\n" +"Language-Team: None\n" +"MIME-Version: 1.0\n" +"Content-Type: application/x-publican; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Tag: programlisting +#, no-c-format +msgid "\n" +"buf[0] = '\\0';\n" +"strncpy(buf, data, sizeof(buf) - 1);\n" +"" +msgstr "" + diff --git a/defensive-coding/pot/C/snippets/String-Functions-strncat-emulation.pot b/defensive-coding/pot/C/snippets/String-Functions-strncat-emulation.pot new file mode 100644 index 0000000..51f163c --- /dev/null +++ b/defensive-coding/pot/C/snippets/String-Functions-strncat-emulation.pot @@ -0,0 +1,23 @@ +# +# AUTHOR , YEAR. +# +msgid "" +msgstr "" +"Project-Id-Version: 0\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" +"Last-Translator: Automatically generated\n" +"Language-Team: None\n" +"MIME-Version: 1.0\n" +"Content-Type: application/x-publican; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Tag: programlisting +#, no-c-format +msgid "\n" +"char buf[10];\n" +"snprintf(buf, sizeof(buf), \"%s\", prefix);\n" +"snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), \"%s\", data);\n" +"" +msgstr "" + diff --git a/defensive-coding/pot/C/snippets/String-Functions-strncat-merged.pot b/defensive-coding/pot/C/snippets/String-Functions-strncat-merged.pot new file mode 100644 index 0000000..f68cbf1 --- /dev/null +++ b/defensive-coding/pot/C/snippets/String-Functions-strncat-merged.pot @@ -0,0 +1,21 @@ +# +# AUTHOR , YEAR. +# +msgid "" +msgstr "" +"Project-Id-Version: 0\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" +"Last-Translator: Automatically generated\n" +"Language-Team: None\n" +"MIME-Version: 1.0\n" +"Content-Type: application/x-publican; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Tag: programlisting +#, no-c-format +msgid "\n" +"snprintf(buf, sizeof(buf), \"%s%s\", prefix, data);\n" +"" +msgstr "" + diff --git a/defensive-coding/pot/C/snippets/String-Functions-strncpy.pot b/defensive-coding/pot/C/snippets/String-Functions-strncpy.pot index 87c44ec..3398b76 100644 --- a/defensive-coding/pot/C/snippets/String-Functions-strncpy.pot +++ b/defensive-coding/pot/C/snippets/String-Functions-strncpy.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/CXX/CXX.pot b/defensive-coding/pot/CXX/CXX.pot index 326ed89..af0572c 100644 --- a/defensive-coding/pot/CXX/CXX.pot +++ b/defensive-coding/pot/CXX/CXX.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/CXX/Language.pot b/defensive-coding/pot/CXX/Language.pot index 76a9a85..db2837e 100644 --- a/defensive-coding/pot/CXX/Language.pot +++ b/defensive-coding/pot/CXX/Language.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/CXX/Std.pot b/defensive-coding/pot/CXX/Std.pot index 23eef26..5de49bf 100644 --- a/defensive-coding/pot/CXX/Std.pot +++ b/defensive-coding/pot/CXX/Std.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/CXX/schemas.pot b/defensive-coding/pot/CXX/schemas.pot index c6dd072..dadbf49 100644 --- a/defensive-coding/pot/CXX/schemas.pot +++ b/defensive-coding/pot/CXX/schemas.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Defensive_Coding.pot b/defensive-coding/pot/Defensive_Coding.pot index 20b38b8..9b27883 100644 --- a/defensive-coding/pot/Defensive_Coding.pot +++ b/defensive-coding/pot/Defensive_Coding.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Features/Authentication.pot b/defensive-coding/pot/Features/Authentication.pot index 48dfc8a..0aeeefa 100644 --- a/defensive-coding/pot/Features/Authentication.pot +++ b/defensive-coding/pot/Features/Authentication.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Features/TLS.pot b/defensive-coding/pot/Features/TLS.pot index 421e18d..b8bfdbc 100644 --- a/defensive-coding/pot/Features/TLS.pot +++ b/defensive-coding/pot/Features/TLS.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" @@ -544,7 +544,12 @@ msgstr "" #. Tag: para #, no-c-format -msgid "The following code shows how to implement a simple TLS client using NSS. Note that the error handling needs replacing before production use." +msgid "The following code shows how to implement a simple TLS client using NSS. These instructions apply to NSS version 3.14 and later. Versions before 3.14 need different initialization code." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Keep in mind that the error handling needs to be improved before the code can be used in production." msgstr "" #. Tag: para @@ -559,7 +564,7 @@ msgstr "" #. Tag: para #, no-c-format -msgid "Initializing the NSS library is a complex task (). It is not thread-safe. By default, the library is in export mode, and all strong ciphers are disabled. Therefore, after creating the NSSInitCContext object, we probe all the strong ciphers we want to use, and check if at least one of them is available. If not, we call NSS_SetDomesticPolicy to switch to unrestricted policy mode. This function replaces the existing global cipher suite policy, that is why we avoid calling it unless absolutely necessary." +msgid "Initializing the NSS library is shown in . This initialization procedure overrides global state. We only call NSS_SetDomesticPolicy if there are no strong ciphers available, assuming that it has already been called otherwise. This avoids overriding the process-wide cipher suite policy unnecessarily." msgstr "" #. Tag: para @@ -579,7 +584,7 @@ msgstr "" #. Tag: para #, no-c-format -msgid "After NSS has been initialized, the TLS connection can be created (). The internal PR_ImportTCPSocket function is used to turn the POSIX file descriptor sockfd into an NSPR file descriptor. (This function is de-facto part of the NSS public ABI, so it will not go away.) Creating the TLS-capable file descriptor requires a model descriptor, which is configured with the desired set of protocols and ciphers. (The good_ciphers variable is part of .) We cannot resort to disabling ciphers not on a whitelist because by default, the AES cipher suites are disabled. The model descriptor is not needed anymore after TLS support has been activated for the existing connection descriptor." +msgid "After NSS has been initialized, the TLS connection can be created (). The internal PR_ImportTCPSocket function is used to turn the POSIX file descriptor sockfd into an NSPR file descriptor. (This function is de-facto part of the NSS public ABI, so it will not go away.) Creating the TLS-capable file descriptor requires a model descriptor, which is configured with the desired set of protocols. The model descriptor is not needed anymore after TLS support has been activated for the existing connection descriptor." msgstr "" #. Tag: para diff --git a/defensive-coding/pot/Features/schemas.pot b/defensive-coding/pot/Features/schemas.pot index c6dd072..dadbf49 100644 --- a/defensive-coding/pot/Features/schemas.pot +++ b/defensive-coding/pot/Features/schemas.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Features/snippets/TLS-Client-GNUTLS-Connect.pot b/defensive-coding/pot/Features/snippets/TLS-Client-GNUTLS-Connect.pot index 5e26798..46ddb5e 100644 --- a/defensive-coding/pot/Features/snippets/TLS-Client-GNUTLS-Connect.pot +++ b/defensive-coding/pot/Features/snippets/TLS-Client-GNUTLS-Connect.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Features/snippets/TLS-Client-GNUTLS-Credentials.pot b/defensive-coding/pot/Features/snippets/TLS-Client-GNUTLS-Credentials.pot index 9768edc..6c7728b 100644 --- a/defensive-coding/pot/Features/snippets/TLS-Client-GNUTLS-Credentials.pot +++ b/defensive-coding/pot/Features/snippets/TLS-Client-GNUTLS-Credentials.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Features/snippets/TLS-Client-GNUTLS-Match.pot b/defensive-coding/pot/Features/snippets/TLS-Client-GNUTLS-Match.pot index 195395b..4961300 100644 --- a/defensive-coding/pot/Features/snippets/TLS-Client-GNUTLS-Match.pot +++ b/defensive-coding/pot/Features/snippets/TLS-Client-GNUTLS-Match.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Features/snippets/TLS-Client-GNUTLS-Verify.pot b/defensive-coding/pot/Features/snippets/TLS-Client-GNUTLS-Verify.pot index 7d94118..3e7fe20 100644 --- a/defensive-coding/pot/Features/snippets/TLS-Client-GNUTLS-Verify.pot +++ b/defensive-coding/pot/Features/snippets/TLS-Client-GNUTLS-Verify.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Features/snippets/TLS-Client-NSS-Close.pot b/defensive-coding/pot/Features/snippets/TLS-Client-NSS-Close.pot index d9f249c..ce00bf3 100644 --- a/defensive-coding/pot/Features/snippets/TLS-Client-NSS-Close.pot +++ b/defensive-coding/pot/Features/snippets/TLS-Client-NSS-Close.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Features/snippets/TLS-Client-NSS-Connect.pot b/defensive-coding/pot/Features/snippets/TLS-Client-NSS-Connect.pot index c463a3e..fb3d8be 100644 --- a/defensive-coding/pot/Features/snippets/TLS-Client-NSS-Connect.pot +++ b/defensive-coding/pot/Features/snippets/TLS-Client-NSS-Connect.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" @@ -55,34 +55,6 @@ msgid "\n" " exit(1);\n" " }\n" "\n" -" // Disable all ciphers (except RC4-based ciphers, for backwards\n" -" // compatibility).\n" -" const PRUint16 *const ciphers = SSL_GetImplementedCiphers();\n" -" for (unsigned i = 0; i < SSL_GetNumImplementedCiphers(); i++) {\n" -" if (ciphers[i] != SSL_RSA_WITH_RC4_128_SHA\n" -" && ciphers[i] != SSL_RSA_WITH_RC4_128_MD5) {\n" -" if (SSL_CipherPrefSet(model, ciphers[i], PR_FALSE) != SECSuccess) {\n" -" const PRErrorCode err = PR_GetError();\n" -" fprintf(stderr, \"error: disable cipher %u: error %d: %s\n" -"\",\n" -" (unsigned)ciphers[i], err, PR_ErrorToName(err));\n" -" exit(1);\n" -" }\n" -" }\n" -" }\n" -"\n" -" // Enable the strong ciphers.\n" -" for (const PRUint16 *p = good_ciphers; *p != SSL_NULL_WITH_NULL_NULL;\n" -" ++p) {\n" -" if (SSL_CipherPrefSet(model, *p, PR_TRUE) != SECSuccess) {\n" -" const PRErrorCode err = PR_GetError();\n" -" fprintf(stderr, \"error: enable cipher %u: error %d: %s\n" -"\",\n" -" (unsigned)*p, err, PR_ErrorToName(err));\n" -" exit(1);\n" -" }\n" -" }\n" -"\n" " // Allow overriding invalid certificate.\n" " if (SSL_BadCertHook(model, bad_certificate, (char *)host) != SECSuccess) {\n" " const PRErrorCode err = PR_GetError();\n" diff --git a/defensive-coding/pot/Features/snippets/TLS-Client-OpenJDK-Connect.pot b/defensive-coding/pot/Features/snippets/TLS-Client-OpenJDK-Connect.pot index 24fac5d..459097d 100644 --- a/defensive-coding/pot/Features/snippets/TLS-Client-OpenJDK-Connect.pot +++ b/defensive-coding/pot/Features/snippets/TLS-Client-OpenJDK-Connect.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Features/snippets/TLS-Client-OpenJDK-Context.pot b/defensive-coding/pot/Features/snippets/TLS-Client-OpenJDK-Context.pot index b5732e3..0c1ae13 100644 --- a/defensive-coding/pot/Features/snippets/TLS-Client-OpenJDK-Context.pot +++ b/defensive-coding/pot/Features/snippets/TLS-Client-OpenJDK-Context.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Features/snippets/TLS-Client-OpenJDK-Context_For_Cert.pot b/defensive-coding/pot/Features/snippets/TLS-Client-OpenJDK-Context_For_Cert.pot index 5dda7e0..9b972ce 100644 --- a/defensive-coding/pot/Features/snippets/TLS-Client-OpenJDK-Context_For_Cert.pot +++ b/defensive-coding/pot/Features/snippets/TLS-Client-OpenJDK-Context_For_Cert.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Features/snippets/TLS-Client-OpenJDK-Hostname.pot b/defensive-coding/pot/Features/snippets/TLS-Client-OpenJDK-Hostname.pot index 67f4ca4..f3eff1b 100644 --- a/defensive-coding/pot/Features/snippets/TLS-Client-OpenJDK-Hostname.pot +++ b/defensive-coding/pot/Features/snippets/TLS-Client-OpenJDK-Hostname.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Features/snippets/TLS-Client-OpenJDK-Import.pot b/defensive-coding/pot/Features/snippets/TLS-Client-OpenJDK-Import.pot index 9d5f54f..9dfdbb9 100644 --- a/defensive-coding/pot/Features/snippets/TLS-Client-OpenJDK-Import.pot +++ b/defensive-coding/pot/Features/snippets/TLS-Client-OpenJDK-Import.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Features/snippets/TLS-Client-OpenJDK-MyTrustManager.pot b/defensive-coding/pot/Features/snippets/TLS-Client-OpenJDK-MyTrustManager.pot index 61292b1..a7b2313 100644 --- a/defensive-coding/pot/Features/snippets/TLS-Client-OpenJDK-MyTrustManager.pot +++ b/defensive-coding/pot/Features/snippets/TLS-Client-OpenJDK-MyTrustManager.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Features/snippets/TLS-Client-OpenJDK-Use.pot b/defensive-coding/pot/Features/snippets/TLS-Client-OpenJDK-Use.pot index 92c8f56..e6ff6a9 100644 --- a/defensive-coding/pot/Features/snippets/TLS-Client-OpenJDK-Use.pot +++ b/defensive-coding/pot/Features/snippets/TLS-Client-OpenJDK-Use.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Features/snippets/TLS-Client-OpenSSL-CTX.pot b/defensive-coding/pot/Features/snippets/TLS-Client-OpenSSL-CTX.pot index 7df92e5..77cffd9 100644 --- a/defensive-coding/pot/Features/snippets/TLS-Client-OpenSSL-CTX.pot +++ b/defensive-coding/pot/Features/snippets/TLS-Client-OpenSSL-CTX.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Features/snippets/TLS-Client-OpenSSL-Connect.pot b/defensive-coding/pot/Features/snippets/TLS-Client-OpenSSL-Connect.pot index 8df0a84..7770d69 100644 --- a/defensive-coding/pot/Features/snippets/TLS-Client-OpenSSL-Connect.pot +++ b/defensive-coding/pot/Features/snippets/TLS-Client-OpenSSL-Connect.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Features/snippets/TLS-Client-OpenSSL-Connection-Use.pot b/defensive-coding/pot/Features/snippets/TLS-Client-OpenSSL-Connection-Use.pot index c7d0aa0..56d13f3 100644 --- a/defensive-coding/pot/Features/snippets/TLS-Client-OpenSSL-Connection-Use.pot +++ b/defensive-coding/pot/Features/snippets/TLS-Client-OpenSSL-Connection-Use.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Features/snippets/TLS-Client-OpenSSL-Init.pot b/defensive-coding/pot/Features/snippets/TLS-Client-OpenSSL-Init.pot index 4e79297..086aded 100644 --- a/defensive-coding/pot/Features/snippets/TLS-Client-OpenSSL-Init.pot +++ b/defensive-coding/pot/Features/snippets/TLS-Client-OpenSSL-Init.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Features/snippets/TLS-Client-Python-Connect.pot b/defensive-coding/pot/Features/snippets/TLS-Client-Python-Connect.pot index c501cb5..51f0a44 100644 --- a/defensive-coding/pot/Features/snippets/TLS-Client-Python-Connect.pot +++ b/defensive-coding/pot/Features/snippets/TLS-Client-Python-Connect.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Features/snippets/TLS-Client-Python-check_host_name.pot b/defensive-coding/pot/Features/snippets/TLS-Client-Python-check_host_name.pot index 3eb47d1..3313164 100644 --- a/defensive-coding/pot/Features/snippets/TLS-Client-Python-check_host_name.pot +++ b/defensive-coding/pot/Features/snippets/TLS-Client-Python-check_host_name.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Features/snippets/TLS-GNUTLS-Credentials-Close.pot b/defensive-coding/pot/Features/snippets/TLS-GNUTLS-Credentials-Close.pot index e96a543..ee82d8e 100644 --- a/defensive-coding/pot/Features/snippets/TLS-GNUTLS-Credentials-Close.pot +++ b/defensive-coding/pot/Features/snippets/TLS-GNUTLS-Credentials-Close.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Features/snippets/TLS-GNUTLS-Disconnect.pot b/defensive-coding/pot/Features/snippets/TLS-GNUTLS-Disconnect.pot index 636e0fb..192b5ff 100644 --- a/defensive-coding/pot/Features/snippets/TLS-GNUTLS-Disconnect.pot +++ b/defensive-coding/pot/Features/snippets/TLS-GNUTLS-Disconnect.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Features/snippets/TLS-GNUTLS-Init.pot b/defensive-coding/pot/Features/snippets/TLS-GNUTLS-Init.pot index 64bf621..b9a6824 100644 --- a/defensive-coding/pot/Features/snippets/TLS-GNUTLS-Init.pot +++ b/defensive-coding/pot/Features/snippets/TLS-GNUTLS-Init.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Features/snippets/TLS-GNUTLS-Use.pot b/defensive-coding/pot/Features/snippets/TLS-GNUTLS-Use.pot index 73180ce..823967e 100644 --- a/defensive-coding/pot/Features/snippets/TLS-GNUTLS-Use.pot +++ b/defensive-coding/pot/Features/snippets/TLS-GNUTLS-Use.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Features/snippets/TLS-NSS-Close.pot b/defensive-coding/pot/Features/snippets/TLS-NSS-Close.pot index 5265f90..dd1b750 100644 --- a/defensive-coding/pot/Features/snippets/TLS-NSS-Close.pot +++ b/defensive-coding/pot/Features/snippets/TLS-NSS-Close.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Features/snippets/TLS-NSS-Includes.pot b/defensive-coding/pot/Features/snippets/TLS-NSS-Includes.pot index dbd8e7f..7d04510 100644 --- a/defensive-coding/pot/Features/snippets/TLS-NSS-Includes.pot +++ b/defensive-coding/pot/Features/snippets/TLS-NSS-Includes.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Features/snippets/TLS-NSS-Init.pot b/defensive-coding/pot/Features/snippets/TLS-NSS-Init.pot index 479d09a..00756db 100644 --- a/defensive-coding/pot/Features/snippets/TLS-NSS-Init.pot +++ b/defensive-coding/pot/Features/snippets/TLS-NSS-Init.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" @@ -36,9 +36,9 @@ msgid "\n" "};\n" "\n" "// Check if the current policy allows any strong ciphers. If it\n" -"// doesn't, switch to the \"domestic\" (unrestricted) policy. This is\n" -"// not thread-safe and has global impact. Consequently, we only do\n" -"// it if absolutely necessary.\n" +"// doesn't, set the cipher suite policy. This is not thread-safe\n" +"// and has global impact. Consequently, we only do it if absolutely\n" +"// necessary.\n" "int found_good_cipher = 0;\n" "for (const PRUint16 *p = good_ciphers; *p != SSL_NULL_WITH_NULL_NULL;\n" " ++p) {\n" diff --git a/defensive-coding/pot/Features/snippets/TLS-NSS-Use.pot b/defensive-coding/pot/Features/snippets/TLS-NSS-Use.pot index bdc7bf3..67eda3d 100644 --- a/defensive-coding/pot/Features/snippets/TLS-NSS-Use.pot +++ b/defensive-coding/pot/Features/snippets/TLS-NSS-Use.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Features/snippets/TLS-Nagle.pot b/defensive-coding/pot/Features/snippets/TLS-Nagle.pot index d57cf55..15d4f78 100644 --- a/defensive-coding/pot/Features/snippets/TLS-Nagle.pot +++ b/defensive-coding/pot/Features/snippets/TLS-Nagle.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Features/snippets/TLS-OpenJDK-Parameters.pot b/defensive-coding/pot/Features/snippets/TLS-OpenJDK-Parameters.pot index 7322b7f..a4d668e 100644 --- a/defensive-coding/pot/Features/snippets/TLS-OpenJDK-Parameters.pot +++ b/defensive-coding/pot/Features/snippets/TLS-OpenJDK-Parameters.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Features/snippets/TLS-OpenSSL-Connection-Close.pot b/defensive-coding/pot/Features/snippets/TLS-OpenSSL-Connection-Close.pot index 902e622..f1a07b8 100644 --- a/defensive-coding/pot/Features/snippets/TLS-OpenSSL-Connection-Close.pot +++ b/defensive-coding/pot/Features/snippets/TLS-OpenSSL-Connection-Close.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Features/snippets/TLS-OpenSSL-Context-Close.pot b/defensive-coding/pot/Features/snippets/TLS-OpenSSL-Context-Close.pot index 92fa568..cd48239 100644 --- a/defensive-coding/pot/Features/snippets/TLS-OpenSSL-Context-Close.pot +++ b/defensive-coding/pot/Features/snippets/TLS-OpenSSL-Context-Close.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Features/snippets/TLS-OpenSSL-Errors.pot b/defensive-coding/pot/Features/snippets/TLS-OpenSSL-Errors.pot index 5f6b7e1..251e6f2 100644 --- a/defensive-coding/pot/Features/snippets/TLS-OpenSSL-Errors.pot +++ b/defensive-coding/pot/Features/snippets/TLS-OpenSSL-Errors.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Features/snippets/TLS-Python-Close.pot b/defensive-coding/pot/Features/snippets/TLS-Python-Close.pot index 7a5ef78..31fb60a 100644 --- a/defensive-coding/pot/Features/snippets/TLS-Python-Close.pot +++ b/defensive-coding/pot/Features/snippets/TLS-Python-Close.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Features/snippets/TLS-Python-Use.pot b/defensive-coding/pot/Features/snippets/TLS-Python-Use.pot index d52d1c3..f602220 100644 --- a/defensive-coding/pot/Features/snippets/TLS-Python-Use.pot +++ b/defensive-coding/pot/Features/snippets/TLS-Python-Use.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Java/Java.pot b/defensive-coding/pot/Java/Java.pot new file mode 100644 index 0000000..d7c4e4b --- /dev/null +++ b/defensive-coding/pot/Java/Java.pot @@ -0,0 +1,19 @@ +# +# AUTHOR , YEAR. +# +msgid "" +msgstr "" +"Project-Id-Version: 0\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" +"Last-Translator: Automatically generated\n" +"Language-Team: None\n" +"MIME-Version: 1.0\n" +"Content-Type: application/x-publican; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Tag: title +#, no-c-format +msgid "The Java Programming Language" +msgstr "" + diff --git a/defensive-coding/pot/Java/Language.pot b/defensive-coding/pot/Java/Language.pot new file mode 100644 index 0000000..87fe945 --- /dev/null +++ b/defensive-coding/pot/Java/Language.pot @@ -0,0 +1,214 @@ +# +# AUTHOR , YEAR. +# +msgid "" +msgstr "" +"Project-Id-Version: 0\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" +"Last-Translator: Automatically generated\n" +"Language-Team: None\n" +"MIME-Version: 1.0\n" +"Content-Type: application/x-publican; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Tag: title +#, no-c-format +msgid "The core language" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Implementations of the Java programming language provide strong memory safety, even in the presence of data races in concurrent code. This prevents a large range of security vulnerabilities from occurring, unless certain low-level features are used; see ." +msgstr "" + +#. Tag: title +#, no-c-format +msgid "Inceasing robustness when reading arrays" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "External data formats often include arrays, and the data is stored as an integer indicating the number of array elements, followed by this number of elements in the file or protocol data unit. This length specified can be much larger than what is actually available in the data source." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "To avoid allocating extremely large amounts of data, you can allocate a small array initially and grow it as you read more data, implementing an exponential growth policy. See the readBytes(InputStream, int) function in ." +msgstr "" + +#. Tag: title +#, no-c-format +msgid "Incrementally reading a byte array" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "When reading data into arrays, hash maps or hash sets, use the default constructor and do not specify a size hint. You can simply add the elements to the collection as you read them." +msgstr "" + +#. Tag: title +#, no-c-format +msgid "Resource management" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Unlike C++, Java does not offer destructors which can deallocate resources in a predictable fashion. All resource management has to be manual, at the usage site. (Finalizers are generally not usable for resource management, especially in high-performance code; see .)" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "The first option is the try-finally construct, as shown in . The code in the finally block should be as short as possible and should not throw any exceptions." +msgstr "" + +#. Tag: title +#, no-c-format +msgid "Resource management with a try-finally block" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Note that the resource allocation happens outside the try block, and that there is no null check in the finally block. (Both are common artifacts stemming from IDE code templates.)" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "If the resource object is created freshly and implements the java.lang.AutoCloseable interface, the code in can be used instead. The Java compiler will automatically insert the close() method call in a synthetic finally block." +msgstr "" + +#. Tag: title +#, no-c-format +msgid "Resource management using the try-with-resource construct" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "To be compatible with the try-with-resource construct, new classes should name the resource deallocation method close(), and implement the AutoCloseable interface (the latter breaking backwards compatibility with Java 6). However, using the try-with-resource construct with objects that are not freshly allocated is at best awkward, and an explicit finally block is usually the better approach." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "In general, it is best to design the programming interface in such a way that resource deallocation methods like close() cannot throw any (checked or unchecked) exceptions, but this should not be a reason to ignore any actual error conditions." +msgstr "" + +#. Tag: title +#, no-c-format +msgid "Finalizers" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Finalizers can be used a last-resort approach to free resources which would otherwise leak. Finalization is unpredictable, costly, and there can be a considerable delay between the last reference to an object going away and the execution of the finalizer. Generally, manual resource management is required; see ." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Finalizers should be very short and should only deallocate native or other external resources held directly by the object being finalized. In general, they must use synchronization: Finalization necessarily happens on a separate thread because it is inherently concurrent. There can be multiple finalization threads, and despite each object being finalized at most once, the finalizer must not assume that it has exclusive access to the object being finalized (in the this pointer)." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Finalizers should not deallocate resources held by other objects, especially if those objects have finalizers on their own. In particular, it is a very bad idea to define a finalizer just to invoke the resource deallocation method of another object, or overwrite some pointer fields." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Finalizers are not guaranteed to run at all. For instance, the virtual machine (or the machine underneath) might crash, preventing their execution." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Objects with finalizers are garbage-collected much later than objects without them, so using finalizers to zero out key material (to reduce its undecrypted lifetime in memory) may have the opposite effect, keeping objects around for much longer and prevent them from being overwritten in the normal course of program execution." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "For the same reason, code which allocates objects with finalizers at a high rate will eventually fail (likely with a java.lang.OutOfMemoryError exception) because the virtual machine has finite resources for keeping track of objects pending finalization. To deal with that, it may be necessary to recycle objects with finalizers." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "The remarks in this section apply to finalizers which are implemented by overriding the finalize() method, and to custom finalization using reference queues." +msgstr "" + +#. Tag: title +#, no-c-format +msgid "Recovering from exceptions and errors" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Java exceptions come in three kinds, all ultimately deriving from java.lang.Throwable:" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Run-time exceptions do not have to be declared explicitly and can be explicitly thrown from any code, by calling code which throws them, or by triggering an error condition at run time, like division by zero, or an attempt at an out-of-bounds array access. These exceptions derive from from the java.lang.RuntimeException class (perhaps indirectly)." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Checked exceptions have to be declared explicitly by functions that throw or propagate them. They are similar to run-time exceptions in other regards, except that there is no language construct to throw them (except the throw statement itself). Checked exceptions are only present at the Java language level and are only enforced at compile time. At run time, the virtual machine does not know about them and permits throwing exceptions from any code. Checked exceptions must derive (perhaps indirectly) from the java.lang.Exception class, but not from java.lang.RuntimeException." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Errors are exceptions which typically reflect serious error conditions. They can be thrown at any point in the program, and do not have to be declared (unlike checked exceptions). In general, it is not possible to recover from such errors; more on that below, in . Error classes derive (perhaps indirectly) from java.lang.Error, or from java.lang.Throwable, but not from java.lang.Exception." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "The general expection is that run-time errors are avoided by careful programming (e.g., not dividing by zero). Checked exception are expected to be caught as they happen (e.g., when an input file is unexpectedly missing). Errors are impossible to predict and can happen at any point and reflect that something went wrong beyond all expectations." +msgstr "" + +#. Tag: title +#, no-c-format +msgid "The difficulty of catching errors" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Errors (that is, exceptions which do not (indirectly) derive from java.lang.Exception), have the peculiar property that catching them is problematic. There are several reasons for this:" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "The error reflects a failed consistenty check, for example, java.lang.AssertionError." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "The error can happen at any point, resulting in inconsistencies due to half-updated objects. Examples are java.lang.ThreadDeath, java.lang.OutOfMemoryError and java.lang.StackOverflowError." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "The error indicates that virtual machine failed to provide some semantic guarantees by the Java programming language. java.lang.ExceptionInInitializerError is an example—it can leave behind a half-initialized class." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "In general, if an error is thrown, the virtual machine should be restarted as soon as possible because it is in an inconsistent state. Continuing running as before can have unexpected consequences. However, there are legitimate reasons for catching errors because not doing so leads to even greater problems." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Code should be written in a way that avoids triggering errors. See for an example." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "It is usually necessary to log errors. Otherwise, no trace of the problem might be left anywhere, making it very difficult to diagnose realted failures. Consequently, if you catch java.lang.Exception to log and suppress all unexpected exceptions (for example, in a request dispatching loop), you should consider switching to java.lang.Throwable instead, to also cover errors." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "The other reason mainly applies to such request dispatching loops: If you do not catch errors, the loop stops looping, resulting in a denial of service." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "However, if possible, catching errors should be coupled with a way to signal the requirement of a virtual machine restart." +msgstr "" + diff --git a/defensive-coding/pot/Java/LowLevel.pot b/defensive-coding/pot/Java/LowLevel.pot new file mode 100644 index 0000000..34e6e3c --- /dev/null +++ b/defensive-coding/pot/Java/LowLevel.pot @@ -0,0 +1,119 @@ +# +# AUTHOR , YEAR. +# +msgid "" +msgstr "" +"Project-Id-Version: 0\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" +"Last-Translator: Automatically generated\n" +"Language-Team: None\n" +"MIME-Version: 1.0\n" +"Content-Type: application/x-publican; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Tag: title +#, no-c-format +msgid "Low-level features of the virtual machine" +msgstr "" + +#. Tag: title +#, no-c-format +msgid "Reflection and private parts" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "The setAccessible(boolean) method of the java.lang.reflect.AccessibleObject class allows a program to disable language-defined access rules for specific constructors, methods, or fields. Once the access checks are disabled, any code can use the java.lang.reflect.Constructor, java.lang.reflect.Method, or java.lang.reflect.Field object to access the underlying Java entity, without further permission checks. This breaks encapsulation and can undermine the stability of the virtual machine. (In contrast, without using the setAccessible(boolean) method, this should not happen because all the language-defined checks still apply.)" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "This feature should be avoided if possible." +msgstr "" + +#. Tag: title +#, no-c-format +msgid "Java Native Interface (JNI)" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "The Java Native Interface allows calling from Java code functions specifically written for this purpose, usually in C or C++." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "The transition between the Java world and the C world is not fully type-checked, and the C code can easily break the Java virtual machine semantics. Therefore, extra care is needed when using this functionality." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "To provide a moderate amount of type safety, it is recommended to recreate the class-specific header file using javah during the build process, include it in the implementation, and use the option." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Ideally, the required data is directly passed to static JNI methods and returned from them, and the code and the C side does not have to deal with accessing Java fields (or even methods)." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "When using GetPrimitiveArrayCritical or GetStringCritical, make sure that you only perform very little processing between the get and release operations. Do not access the file system or the network, and not perform locking, because that might introduce blocking. When processing large strings or arrays, consider splitting the computation into multiple sub-chunks, so that you do not prevent the JVM from reaching a safepoint for extended periods of time." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "If necessary, you can use the Java long type to store a C pointer in a field of a Java class. On the C side, when casting between the jlong value and the pointer on the C side," +msgstr "" + +#. Tag: para +#, no-c-format +msgid "You should not try to perform pointer arithmetic on the Java side (that is, you should treat pointer-carrying long values as opaque). When passing a slice of an array to the native code, follow the Java convention and pass it as the base array, the integer offset of the start of the slice, and the integer length of the slice. On the native side, check the offset/length combination against the actual array length, and use the offset to compute the pointer to the beginning of the array." +msgstr "" + +#. Tag: title +#, no-c-format +msgid "Array length checking in JNI code" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "In any case, classes referring to native resources must be declared final, and must not be serializeable or cloneable. Initialization and mutation of the state used by the native side must be controlled carefully. Otherwise, it might be possible to create an object with inconsistent native state which results in a crash (or worse) when used (or perhaps only finalized) later. If you need both Java inheritance and native resources, you should consider moving the native state to a separate class, and only keep a reference to objects of that class. This way, cloning and serialization issues can be avoided in most cases." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "If there are native resources associated with an object, the class should have an explicit resource deallocation method () and a finalizer () as a last resort. The need for finalization means that a minimum amount of synchronization is needed. Code on the native side should check that the object is not in a closed/freed state." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Many JNI functions create local references. By default, these persist until the JNI-implemented method returns. If you create many such references (e.g., in a loop), you may have to free them using DeleteLocalRef, or start using PushLocalFrame and PopLocalFrame. Global references must be deallocated with DeleteGlobalRef, otherwise there will be a memory leak, just as with malloc and free." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "When throwing exceptions using Throw or ThrowNew, be aware that these functions return regularly. You have to return control manually to the JVM." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Technically, the JNIEnv pointer is not necessarily constant during the lifetime of your JNI module. Storing it in a global variable is therefore incorrect. Particularly if you are dealing with callbacks, you may have to store the pointer in a thread-local variable (defined with __thread). It is, however, best to avoid the complexity of calling back into Java code." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Keep in mind that C/C++ and Java are different languages, despite very similar syntax for expressions. The Java memory model is much more strict than the C or C++ memory models, and native code needs more synchronization, usually using JVM facilities or POSIX threads mutexes. Integer overflow in Java is defined, but in C/C++ it is not (for the jint and jlong types)." +msgstr "" + +#. Tag: title +#, no-c-format +msgid "sun.misc.Unsafe" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "The sun.misc.Unsafe class is unportable and contains many functions explicitly designed to break Java memory safety (for performance and debugging). If possible, avoid using this class." +msgstr "" + diff --git a/defensive-coding/pot/Java/SecurityManager.pot b/defensive-coding/pot/Java/SecurityManager.pot new file mode 100644 index 0000000..8a46ebc --- /dev/null +++ b/defensive-coding/pot/Java/SecurityManager.pot @@ -0,0 +1,228 @@ +# +# AUTHOR , YEAR. +# +msgid "" +msgstr "" +"Project-Id-Version: 0\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" +"Last-Translator: Automatically generated\n" +"Language-Team: None\n" +"MIME-Version: 1.0\n" +"Content-Type: application/x-publican; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Tag: title +#, no-c-format +msgid "Interacting with the security manager" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "The Java platform is largely implemented in the Java language itself. Therefore, within the same JVM, code runs which is part of the Java installation and which is trusted, but there might also be code which comes from untrusted sources and is restricted by the Java sandbox (to varying degrees). The security manager draws a line between fully trusted, partially trusted and untrusted code." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "The type safety and accessibility checks provided by the Java language and JVM would be sufficient to implement a sandbox. However, only some Java APIs employ such a capabilities-based approach. (The Java SE library contains many public classes with public constructors which can break any security policy, such as java.io.FileOutputStream.) Instead, critical functionality is protected by stack inspection: At a security check, the stack is walked from top (most-nested) to bottom. The security check fails if a stack frame for a method is encountered whose class lacks the permission which the security check requires." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "This simple approach would not allow untrusted code (which lacks certain permissions) to call into trusted code while the latter retains trust. Such trust transitions are desirable because they enable Java as an implementation language for most parts of the Java platform, including security-relevant code. Therefore, there is a mechanism to mark certain stack frames as trusted ()." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "In theory, it is possible to run a Java virtual machine with a security manager that acts very differently from this approach, but a lot of code expects behavior very close to the platform default (including many classes which are part of the OpenJDK implementation)." +msgstr "" + +#. Tag: title +#, no-c-format +msgid "Security manager compatibility" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "A lot of code can run without any additional permissions at all, with little changes. The following guidelines should help to increase compatibility with a restrictive security manager." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "When retrieving system properties using System.getProperty(String) or similar methods, catch SecurityException exceptions and treat the property as unset." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Avoid unnecessary file system or network access." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Avoid explicit class loading. Access to a suitable class loader might not be available when executing as untrusted code." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "If the functionality you are implementing absolutely requires privileged access and this functionality has to be used from untrusted code (hopefully in a restricted and secure manner), see ." +msgstr "" + +#. Tag: title +#, no-c-format +msgid "Activating the security manager" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "The usual command to launch a Java application, java, does not activate the security manager. Therefore, the virtual machine does not enforce any sandboxing restrictions, even if explicitly requested by the code (for example, as described in )." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "The option activates the security manager, with the fairly restrictive default policy. With a very permissive policy, most Java code will run unchanged. Assuming the policy in has been saved in a file grant-all.policy, this policy can be activated using the option (in addition to the option)." +msgstr "" + +#. Tag: title +#, no-c-format +msgid "Most permissve OpenJDK policy file" +msgstr "" + +#. Tag: programlisting +#, no-c-format +msgid "\n" +"grant {\n" +" permission java.security.AllPermission;\n" +"};\n" +"" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "With this most permissive policy, the security manager is still active, and explicit requests to drop privileges will be honored." +msgstr "" + +#. Tag: title +#, no-c-format +msgid "Reducing trust in code" +msgstr "" + +#. Tag: para +#, no-c-format +msgid " shows how to run a piece code of with reduced privileges." +msgstr "" + +#. Tag: title +#, no-c-format +msgid "Using the security manager to run code with reduced privileges" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "The example above does not add any additional permissions to the permissions object. If such permissions are necessary, code like the following (which grants read permission on all files in the current directory) can be used:" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Calls to the java.security.AccessController.doPrivileged() methods do not enforce any additional restriction if no security manager has been set. Except for a few special exceptions, the restrictions no longer apply if the doPrivileged() has returned, even to objects created by the code which ran with reduced privileges. (This applies to object finalization in particular.)" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "The example code above does not prevent the called code from calling the java.security.AccessController.doPrivileged() methods. This mechanism should be considered an additional safety net, but it still can be used to prevent unexpected behavior of trusted code. As long as the executed code is not dynamic and came with the original application or library, the sandbox is fairly effective." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "The context argument in is extremely important—otherwise, this code would increase privileges instead of reducing them." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "For activating the security manager, see . Unfortunately, this affects the virtual machine as a whole, so it is not possible to do this from a library." +msgstr "" + +#. Tag: title +#, no-c-format +msgid "Re-gaining privileges" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Ordinarily, when trusted code is called from untrusted code, it loses its privileges (because of the untrusted stack frames visible to stack inspection). The java.security.AccessController.doPrivileged() family of methods provides a controlled backdoor from untrusted to trusted code." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "By design, this feature can undermine the Java security model and the sandbox. It has to be used very carefully. Most sandbox vulnerabilities can be traced back to its misuse." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "In essence, the doPrivileged() methods cause the stack inspection to end at their call site. Untrusted code further down the call stack becomes invisible to security checks." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "The following operations are common and safe to perform with elevated privileges." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Reading custom system properties with fixed names, especially if the value is not propagated to untrusted code. (File system paths including installation paths, host names and user names are sometimes considered private information and need to be protected.)" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Reading from the file system at fixed paths, either determined at compile time or by a system property. Again, leaking the file contents to the caller can be problematic." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Accessing network resources under a fixed address, name or URL, derived from a system property or configuration file, information leaks not withstanding." +msgstr "" + +#. Tag: para +#, no-c-format +msgid " shows how to request additional privileges." +msgstr "" + +#. Tag: title +#, no-c-format +msgid "Using the security manager to run code with increased privileges" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Obviously, this only works if the class containing the call to doPrivileged() is marked trusted (usually because it is loaded from a trusted class loader)." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "When writing code that runs with elevated privileges, make sure that you follow the rules below." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Make the privileged code as small as possible. Perform as many computations as possible before and after the privileged code section, even if it means that you have to define a new class to pass the data around." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Make sure that you either control the inputs to the privileged code, or that the inputs are harmless and cannot affect security properties of the privileged code." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Data that is returned from or written by the privileged code must either be restricted (that is, it cannot be accessed by untrusted code), or must be harmless. Otherwise, privacy leaks or information disclosures which affect security properties can be the result." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "If the code calls back into untrusted code at a later stage (or performs other actions under control from the untrusted caller), you must obtain the original security context and restore it before performing the callback, as in . (In this example, it would be much better to move the callback invocation out of the privileged code section, of course.)" +msgstr "" + +#. Tag: title +#, no-c-format +msgid "Restoring privileges when invoking callbacks" +msgstr "" + diff --git a/defensive-coding/pot/Java/schemas.pot b/defensive-coding/pot/Java/schemas.pot new file mode 100644 index 0000000..dadbf49 --- /dev/null +++ b/defensive-coding/pot/Java/schemas.pot @@ -0,0 +1,14 @@ +# +# AUTHOR , YEAR. +# +msgid "" +msgstr "" +"Project-Id-Version: 0\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" +"Last-Translator: Automatically generated\n" +"Language-Team: None\n" +"MIME-Version: 1.0\n" +"Content-Type: application/x-publican; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + diff --git a/defensive-coding/pot/Java/snippets/Finally.pot b/defensive-coding/pot/Java/snippets/Finally.pot new file mode 100644 index 0000000..34b80db --- /dev/null +++ b/defensive-coding/pot/Java/snippets/Finally.pot @@ -0,0 +1,26 @@ +# +# AUTHOR , YEAR. +# +msgid "" +msgstr "" +"Project-Id-Version: 0\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" +"Last-Translator: Automatically generated\n" +"Language-Team: None\n" +"MIME-Version: 1.0\n" +"Content-Type: application/x-publican; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Tag: programlisting +#, no-c-format +msgid "\n" +"InputStream in = new BufferedInputStream(new FileInputStream(path));\n" +"try {\n" +" readFile(in);\n" +"} finally {\n" +" in.close();\n" +"}\n" +"" +msgstr "" + diff --git a/defensive-coding/pot/Java/snippets/JNI-Pointers.pot b/defensive-coding/pot/Java/snippets/JNI-Pointers.pot new file mode 100644 index 0000000..59d4a26 --- /dev/null +++ b/defensive-coding/pot/Java/snippets/JNI-Pointers.pot @@ -0,0 +1,50 @@ +# +# AUTHOR , YEAR. +# +msgid "" +msgstr "" +"Project-Id-Version: 0\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" +"Last-Translator: Automatically generated\n" +"Language-Team: None\n" +"MIME-Version: 1.0\n" +"Content-Type: application/x-publican; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Tag: programlisting +#, no-c-format +msgid "\n" +"JNIEXPORT jint JNICALL Java_sum\n" +" (JNIEnv *jEnv, jclass clazz, jbyteArray buffer, jint offset, jint length)\n" +"{\n" +" assert(sizeof(jint) == sizeof(unsigned));\n" +" if (offset < 0 || length < 0) {\n" +" (*jEnv)->ThrowNew(jEnv, arrayIndexOutOfBoundsExceptionClass,\n" +" \"negative offset/length\");\n" +" return 0;\n" +" }\n" +" unsigned uoffset = offset;\n" +" unsigned ulength = length;\n" +" // This cannot overflow because of the check above.\n" +" unsigned totallength = uoffset + ulength;\n" +" unsigned actuallength = (*jEnv)->GetArrayLength(jEnv, buffer);\n" +" if (totallength > actuallength) {\n" +" (*jEnv)->ThrowNew(jEnv, arrayIndexOutOfBoundsExceptionClass,\n" +" \"offset + length too large\");\n" +" return 0;\n" +" }\n" +" unsigned char *ptr = (*jEnv)->GetPrimitiveArrayCritical(jEnv, buffer, 0);\n" +" if (ptr == NULL) {\n" +" return 0;\n" +" }\n" +" unsigned long long sum = 0;\n" +" for (unsigned char *p = ptr + uoffset, *end = p + ulength; p != end; ++p) {\n" +" sum += *p;\n" +" }\n" +" (*jEnv)->ReleasePrimitiveArrayCritical(jEnv, buffer, ptr, 0);\n" +" return sum;\n" +"}\n" +"" +msgstr "" + diff --git a/defensive-coding/pot/Java/snippets/Language-ReadArray.pot b/defensive-coding/pot/Java/snippets/Language-ReadArray.pot new file mode 100644 index 0000000..b135bc2 --- /dev/null +++ b/defensive-coding/pot/Java/snippets/Language-ReadArray.pot @@ -0,0 +1,53 @@ +# +# AUTHOR , YEAR. +# +msgid "" +msgstr "" +"Project-Id-Version: 0\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" +"Last-Translator: Automatically generated\n" +"Language-Team: None\n" +"MIME-Version: 1.0\n" +"Content-Type: application/x-publican; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Tag: programlisting +#, no-c-format +msgid "\n" +"static byte[] readBytes(InputStream in, int length) throws IOException {\n" +" final int startSize = 65536;\n" +" byte[] b = new byte[Math.min(length, startSize)];\n" +" int filled = 0;\n" +" while (true) {\n" +" int remaining = b.length - filled;\n" +" readFully(in, b, filled, remaining);\n" +" if (b.length == length) {\n" +" break;\n" +" }\n" +" filled = b.length;\n" +" if (length - b.length <= b.length) {\n" +" // Allocate final length. Condition avoids overflow.\n" +" b = Arrays.copyOf(b, length);\n" +" } else {\n" +" b = Arrays.copyOf(b, b.length * 2);\n" +" }\n" +" }\n" +" return b;\n" +"}\n" +"\n" +"static void readFully(InputStream in,byte[] b, int off, int len)\n" +" throws IOException {\n" +" int startlen = len;\n" +" while (len > 0) {\n" +" int count = in.read(b, off, len);\n" +" if (count < 0) {\n" +" throw new EOFException();\n" +" }\n" +" off += count;\n" +" len -= count;\n" +" }\n" +"}\n" +"" +msgstr "" + diff --git a/defensive-coding/pot/Java/snippets/SecurityManager-Callback.pot b/defensive-coding/pot/Java/snippets/SecurityManager-Callback.pot new file mode 100644 index 0000000..a212115 --- /dev/null +++ b/defensive-coding/pot/Java/snippets/SecurityManager-Callback.pot @@ -0,0 +1,54 @@ +# +# AUTHOR , YEAR. +# +msgid "" +msgstr "" +"Project-Id-Version: 0\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" +"Last-Translator: Automatically generated\n" +"Language-Team: None\n" +"MIME-Version: 1.0\n" +"Content-Type: application/x-publican; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Tag: programlisting +#, no-c-format +msgid "\n" +"interface Callback<T> {\n" +" T call(boolean flag);\n" +"}\n" +"\n" +"class CallbackInvoker<T> {\n" +" private final AccessControlContext context;\n" +" Callback<T> callback;\n" +"\n" +" CallbackInvoker(Callback<T> callback) {\n" +" context = AccessController.getContext();\n" +" this.callback = callback;\n" +" }\n" +"\n" +" public T invoke() {\n" +" // Obtain increased privileges.\n" +" return AccessController.doPrivileged(new PrivilegedAction<T>() {\n" +" @Override\n" +" public T run() {\n" +" // This operation would fail without\n" +" // additional privileges.\n" +" final boolean flag = Boolean.getBoolean(\"some.property\");\n" +"\n" +" // Restore the original privileges.\n" +" return AccessController.doPrivileged(\n" +" new PrivilegedAction<T>() {\n" +" @Override\n" +" public T run() {\n" +" return callback.call(flag);\n" +" }\n" +" }, context);\n" +" }\n" +" });\n" +" }\n" +"}\n" +"" +msgstr "" + diff --git a/defensive-coding/pot/Java/snippets/SecurityManager-CurrentDirectory.pot b/defensive-coding/pot/Java/snippets/SecurityManager-CurrentDirectory.pot new file mode 100644 index 0000000..4aea496 --- /dev/null +++ b/defensive-coding/pot/Java/snippets/SecurityManager-CurrentDirectory.pot @@ -0,0 +1,22 @@ +# +# AUTHOR , YEAR. +# +msgid "" +msgstr "" +"Project-Id-Version: 0\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" +"Last-Translator: Automatically generated\n" +"Language-Team: None\n" +"MIME-Version: 1.0\n" +"Content-Type: application/x-publican; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Tag: programlisting +#, no-c-format +msgid "\n" +"permissions.add(new FilePermission(\n" +" System.getProperty(\"user.dir\") + \"/-\", \"read\"));\n" +"" +msgstr "" + diff --git a/defensive-coding/pot/Java/snippets/SecurityManager-Privileged.pot b/defensive-coding/pot/Java/snippets/SecurityManager-Privileged.pot new file mode 100644 index 0000000..3d23034 --- /dev/null +++ b/defensive-coding/pot/Java/snippets/SecurityManager-Privileged.pot @@ -0,0 +1,33 @@ +# +# AUTHOR , YEAR. +# +msgid "" +msgstr "" +"Project-Id-Version: 0\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" +"Last-Translator: Automatically generated\n" +"Language-Team: None\n" +"MIME-Version: 1.0\n" +"Content-Type: application/x-publican; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Tag: programlisting +#, no-c-format +msgid "\n" +"// This is expected to fail.\n" +"try {\n" +" System.out.println(System.getProperty(\"user.home\"));\n" +"} catch (SecurityException e) {\n" +" e.printStackTrace(System.err);\n" +"}\n" +"AccessController.doPrivileged(new PrivilegedAction<Void>() {\n" +" public Void run() {\n" +" // This should work.\n" +" System.out.println(System.getProperty(\"user.home\"));\n" +" return null;\n" +" }\n" +" });\n" +"" +msgstr "" + diff --git a/defensive-coding/pot/Java/snippets/SecurityManager-Unprivileged.pot b/defensive-coding/pot/Java/snippets/SecurityManager-Unprivileged.pot new file mode 100644 index 0000000..b7c5b04 --- /dev/null +++ b/defensive-coding/pot/Java/snippets/SecurityManager-Unprivileged.pot @@ -0,0 +1,42 @@ +# +# AUTHOR , YEAR. +# +msgid "" +msgstr "" +"Project-Id-Version: 0\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" +"Last-Translator: Automatically generated\n" +"Language-Team: None\n" +"MIME-Version: 1.0\n" +"Content-Type: application/x-publican; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Tag: programlisting +#, no-c-format +msgid "\n" +"Permissions permissions = new Permissions();\n" +" ProtectionDomain protectionDomain =\n" +" new ProtectionDomain(null, permissions);\n" +" AccessControlContext context = new AccessControlContext(\n" +" new ProtectionDomain[] { protectionDomain });\n" +"\n" +"// This is expected to succeed.\n" +"try (FileInputStream in = new FileInputStream(path)) {\n" +" System.out.format(\"FileInputStream: %s%n\", in);\n" +"}\n" +"\n" +"AccessController.doPrivileged(new PrivilegedExceptionAction<Void>() {\n" +" @Override\n" +" public Void run() throws Exception {\n" +" // This code runs with reduced privileges and is\n" +" // expected to fail.\n" +" try (FileInputStream in = new FileInputStream(path)) {\n" +" System.out.format(\"FileInputStream: %s%n\", in);\n" +" }\n" +" return null;\n" +" }\n" +" }, context);\n" +"" +msgstr "" + diff --git a/defensive-coding/pot/Java/snippets/TryWithResource.pot b/defensive-coding/pot/Java/snippets/TryWithResource.pot new file mode 100644 index 0000000..96737da --- /dev/null +++ b/defensive-coding/pot/Java/snippets/TryWithResource.pot @@ -0,0 +1,23 @@ +# +# AUTHOR , YEAR. +# +msgid "" +msgstr "" +"Project-Id-Version: 0\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" +"Last-Translator: Automatically generated\n" +"Language-Team: None\n" +"MIME-Version: 1.0\n" +"Content-Type: application/x-publican; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Tag: programlisting +#, no-c-format +msgid "\n" +"try (InputStream in = new BufferedInputStream(new FileInputStream(path))) {\n" +" readFile(in);\n" +"}\n" +"" +msgstr "" + diff --git a/defensive-coding/pot/Python/Language.pot b/defensive-coding/pot/Python/Language.pot index 8389480..301a8ef 100644 --- a/defensive-coding/pot/Python/Language.pot +++ b/defensive-coding/pot/Python/Language.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Python/schemas.pot b/defensive-coding/pot/Python/schemas.pot index c6dd072..dadbf49 100644 --- a/defensive-coding/pot/Python/schemas.pot +++ b/defensive-coding/pot/Python/schemas.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Revision_History.pot b/defensive-coding/pot/Revision_History.pot index 028ca6f..7f8f8bc 100644 --- a/defensive-coding/pot/Revision_History.pot +++ b/defensive-coding/pot/Revision_History.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" @@ -27,6 +27,16 @@ msgstr "" msgid "Christensen" msgstr "" +#. Tag: member +#, no-c-format +msgid "Added more C and C++ examples." +msgstr "" + +#. Tag: member +#, no-c-format +msgid "TLS Client NSS: Rely on NSS 3.14 cipher suite defaults." +msgstr "" + #. Tag: member #, no-c-format msgid "Initial publication." diff --git a/defensive-coding/pot/Tasks/Cryptography.pot b/defensive-coding/pot/Tasks/Cryptography.pot index 75249bb..f85638e 100644 --- a/defensive-coding/pot/Tasks/Cryptography.pot +++ b/defensive-coding/pot/Tasks/Cryptography.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" @@ -24,7 +24,7 @@ msgstr "" #. Tag: para #, no-c-format -msgid "Chosing from the following cryptographic primitives is recommended:" +msgid "Choosing from the following cryptographic primitives is recommended:" msgstr "" #. Tag: para @@ -109,7 +109,7 @@ msgstr "" #. Tag: para #, no-c-format -msgid "The following facilities can be used to generate unpredictable and non-repeating values. When these functions are used without special safeguards, each individual rnadom value should be at least 12 bytes long." +msgid "The following facilities can be used to generate unpredictable and non-repeating values. When these functions are used without special safeguards, each individual random value should be at least 12 bytes long." msgstr "" #. Tag: para diff --git a/defensive-coding/pot/Tasks/Descriptors.pot b/defensive-coding/pot/Tasks/Descriptors.pot index 503675d..e1eaa70 100644 --- a/defensive-coding/pot/Tasks/Descriptors.pot +++ b/defensive-coding/pot/Tasks/Descriptors.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" @@ -159,7 +159,7 @@ msgstr "" #. Tag: para #, no-c-format -msgid "If a library which creates many file descriptors is used in the same process as a library which uses select, at least one of them needs to be changed. Calls to select can be replaced with calls to poll or another event handling mechanism." +msgid "If a library which creates many file descriptors is used in the same process as a library which uses select, at least one of them needs to be changed. Calls to select can be replaced with calls to poll or another event handling mechanism. Replacing the select function is the recommended approach." msgstr "" #. Tag: para diff --git a/defensive-coding/pot/Tasks/File_System.pot b/defensive-coding/pot/Tasks/File_System.pot index 351d7db..13b10bb 100644 --- a/defensive-coding/pot/Tasks/File_System.pot +++ b/defensive-coding/pot/Tasks/File_System.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Tasks/Library_Design.pot b/defensive-coding/pot/Tasks/Library_Design.pot index 74d9a50..a7956a8 100644 --- a/defensive-coding/pot/Tasks/Library_Design.pot +++ b/defensive-coding/pot/Tasks/Library_Design.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Tasks/Locking.pot b/defensive-coding/pot/Tasks/Locking.pot index c6dd072..dadbf49 100644 --- a/defensive-coding/pot/Tasks/Locking.pot +++ b/defensive-coding/pot/Tasks/Locking.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Tasks/Processes.pot b/defensive-coding/pot/Tasks/Processes.pot index daf88fe..24c54c1 100644 --- a/defensive-coding/pot/Tasks/Processes.pot +++ b/defensive-coding/pot/Tasks/Processes.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:44\n" -"PO-Revision-Date: 2013-03-12T03:19:44\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Tasks/Serialization.pot b/defensive-coding/pot/Tasks/Serialization.pot index 64c938e..d961e92 100644 --- a/defensive-coding/pot/Tasks/Serialization.pot +++ b/defensive-coding/pot/Tasks/Serialization.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:45\n" -"PO-Revision-Date: 2013-03-12T03:19:45\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" @@ -74,7 +74,7 @@ msgstr "" #. Tag: para #, no-c-format -msgid "Java serialization (java.io.ObjectInputStream)" +msgid "Java serialization (java.io.ObjectInputStream), even if encoded in other formats (as with java.beans.XMLDecoder)" msgstr "" #. Tag: para @@ -94,7 +94,7 @@ msgstr "" #. Tag: para #, no-c-format -msgid "JSON decoders do not suffer from this problem. But you must not use the eval function to parse JSON objects in Javascript; even with the regular expression filter from RFC 4627, there are still information leaks remaining." +msgid "In general, JSON decoders do not suffer from this problem. But you must not use the eval function to parse JSON objects in Javascript; even with the regular expression filter from RFC 4627, there are still information leaks remaining. JSON-based formats can still turn out risky if they serve as an encoding form for any if the serialization frameworks listed above." msgstr "" #. Tag: title @@ -249,6 +249,46 @@ msgstr "" msgid "It is also possible to reject internal DTD subsets altogeher, using a suitable XML_StartDoctypeDeclHandler handler installed with XML_SetDoctypeDeclHandler." msgstr "" +#. Tag: title +#, no-c-format +msgid "Using Qt for XML parsing" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "The XML component of Qt, QtXml, does not resolve external IDs by default, so it is not requred to prevent such resolution. Internal entities are processed, though. To change that, a custom QXmlDeclHandler and QXmlSimpleReader subclasses are needed. It is not possible to use the QDomDocument::setContent(const QByteArray &) convenience methods." +msgstr "" + +#. Tag: para +#, no-c-format +msgid " shows an entity handler which always returns errors, causing parsing to stop when encountering entity declarations." +msgstr "" + +#. Tag: title +#, no-c-format +msgid "A QtXml entity handler which blocks entity processing" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "This handler is used in the custom QXmlReader subclass in . Some parts of QtXml will call the setDeclHandler(QXmlDeclHandler *) method. Consequently, we prevent overriding our custom handler by providing a definition of this method which does nothing. In the constructor, we activate namespace processing; this part may need adjusting." +msgstr "" + +#. Tag: title +#, no-c-format +msgid "A QtXml XML reader which blocks entity processing" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Our NoEntityReader class can be used with one of the overloaded QDomDocument::setContent methods. shows how the buffer object (of type QByteArray) is wrapped as a QXmlInputSource. After calling the setContent method, you should check the return value and report any error." +msgstr "" + +#. Tag: title +#, no-c-format +msgid "Parsing an XML document with QDomDocument, without entity expansion" +msgstr "" + #. Tag: title #, no-c-format msgid "Using OpenJDK for XML parsing and validation" @@ -344,6 +384,21 @@ msgstr "" msgid "Validation of a DOM document against an XML schema in OpenJDK" msgstr "" +#. Tag: title +#, no-c-format +msgid "Other XML parsers in OpenJDK" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "OpenJDK contains additional XML parsing and processing facilities. Some of them are insecure." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "The class java.beans.XMLDecoder acts as a bridge between the Java object serialization format and XML. It is close to impossible to securely deserialize Java objects in this format from untrusted inputs, so its use is not recommended, as with the Java object serialization format itself. See ." +msgstr "" + #. Tag: title #, no-c-format msgid "Protocol Encoders" diff --git a/defensive-coding/pot/Tasks/Temporary_Files.pot b/defensive-coding/pot/Tasks/Temporary_Files.pot index e0bb481..42d6576 100644 --- a/defensive-coding/pot/Tasks/Temporary_Files.pot +++ b/defensive-coding/pot/Tasks/Temporary_Files.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:45\n" -"PO-Revision-Date: 2013-03-12T03:19:45\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Tasks/schemas.pot b/defensive-coding/pot/Tasks/schemas.pot index b1b0e67..dadbf49 100644 --- a/defensive-coding/pot/Tasks/schemas.pot +++ b/defensive-coding/pot/Tasks/schemas.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:45\n" -"PO-Revision-Date: 2013-03-12T03:19:45\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Tasks/snippets/Serialization-XML-Expat-Create.pot b/defensive-coding/pot/Tasks/snippets/Serialization-XML-Expat-Create.pot index b3a50b4..6690e08 100644 --- a/defensive-coding/pot/Tasks/snippets/Serialization-XML-Expat-Create.pot +++ b/defensive-coding/pot/Tasks/snippets/Serialization-XML-Expat-Create.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:45\n" -"PO-Revision-Date: 2013-03-12T03:19:45\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Tasks/snippets/Serialization-XML-Expat-EntityDeclHandler.pot b/defensive-coding/pot/Tasks/snippets/Serialization-XML-Expat-EntityDeclHandler.pot index f0871b0..bf1e344 100644 --- a/defensive-coding/pot/Tasks/snippets/Serialization-XML-Expat-EntityDeclHandler.pot +++ b/defensive-coding/pot/Tasks/snippets/Serialization-XML-Expat-EntityDeclHandler.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:45\n" -"PO-Revision-Date: 2013-03-12T03:19:45\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Tasks/snippets/Serialization-XML-OpenJDK-Errors.pot b/defensive-coding/pot/Tasks/snippets/Serialization-XML-OpenJDK-Errors.pot index a105980..e87f9a5 100644 --- a/defensive-coding/pot/Tasks/snippets/Serialization-XML-OpenJDK-Errors.pot +++ b/defensive-coding/pot/Tasks/snippets/Serialization-XML-OpenJDK-Errors.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:45\n" -"PO-Revision-Date: 2013-03-12T03:19:45\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Tasks/snippets/Serialization-XML-OpenJDK-Imports.pot b/defensive-coding/pot/Tasks/snippets/Serialization-XML-OpenJDK-Imports.pot index 06bfb42..6d4b0cc 100644 --- a/defensive-coding/pot/Tasks/snippets/Serialization-XML-OpenJDK-Imports.pot +++ b/defensive-coding/pot/Tasks/snippets/Serialization-XML-OpenJDK-Imports.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:45\n" -"PO-Revision-Date: 2013-03-12T03:19:45\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Tasks/snippets/Serialization-XML-OpenJDK-NoEntityResolver.pot b/defensive-coding/pot/Tasks/snippets/Serialization-XML-OpenJDK-NoEntityResolver.pot index 8f8f1e6..165113e 100644 --- a/defensive-coding/pot/Tasks/snippets/Serialization-XML-OpenJDK-NoEntityResolver.pot +++ b/defensive-coding/pot/Tasks/snippets/Serialization-XML-OpenJDK-NoEntityResolver.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:45\n" -"PO-Revision-Date: 2013-03-12T03:19:45\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Tasks/snippets/Serialization-XML-OpenJDK-NoResourceResolver.pot b/defensive-coding/pot/Tasks/snippets/Serialization-XML-OpenJDK-NoResourceResolver.pot index 37b2d48..5dd2231 100644 --- a/defensive-coding/pot/Tasks/snippets/Serialization-XML-OpenJDK-NoResourceResolver.pot +++ b/defensive-coding/pot/Tasks/snippets/Serialization-XML-OpenJDK-NoResourceResolver.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:45\n" -"PO-Revision-Date: 2013-03-12T03:19:45\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Tasks/snippets/Serialization-XML-OpenJDK_Parse-DOM.pot b/defensive-coding/pot/Tasks/snippets/Serialization-XML-OpenJDK_Parse-DOM.pot index 4ef3f33..03b490b 100644 --- a/defensive-coding/pot/Tasks/snippets/Serialization-XML-OpenJDK_Parse-DOM.pot +++ b/defensive-coding/pot/Tasks/snippets/Serialization-XML-OpenJDK_Parse-DOM.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:45\n" -"PO-Revision-Date: 2013-03-12T03:19:45\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Tasks/snippets/Serialization-XML-OpenJDK_Parse-XMLSchema_DOM.pot b/defensive-coding/pot/Tasks/snippets/Serialization-XML-OpenJDK_Parse-XMLSchema_DOM.pot index 28886b9..4e06666 100644 --- a/defensive-coding/pot/Tasks/snippets/Serialization-XML-OpenJDK_Parse-XMLSchema_DOM.pot +++ b/defensive-coding/pot/Tasks/snippets/Serialization-XML-OpenJDK_Parse-XMLSchema_DOM.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:45\n" -"PO-Revision-Date: 2013-03-12T03:19:45\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Tasks/snippets/Serialization-XML-OpenJDK_Parse-XMLSchema_SAX.pot b/defensive-coding/pot/Tasks/snippets/Serialization-XML-OpenJDK_Parse-XMLSchema_SAX.pot index 0734726..3227b7d 100644 --- a/defensive-coding/pot/Tasks/snippets/Serialization-XML-OpenJDK_Parse-XMLSchema_SAX.pot +++ b/defensive-coding/pot/Tasks/snippets/Serialization-XML-OpenJDK_Parse-XMLSchema_SAX.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2013-03-12T03:19:45\n" -"PO-Revision-Date: 2013-03-12T03:19:45\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/defensive-coding/pot/Tasks/snippets/Serialization-XML-Qt-NoEntityHandler.pot b/defensive-coding/pot/Tasks/snippets/Serialization-XML-Qt-NoEntityHandler.pot new file mode 100644 index 0000000..7971755 --- /dev/null +++ b/defensive-coding/pot/Tasks/snippets/Serialization-XML-Qt-NoEntityHandler.pot @@ -0,0 +1,56 @@ +# +# AUTHOR , YEAR. +# +msgid "" +msgstr "" +"Project-Id-Version: 0\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" +"Last-Translator: Automatically generated\n" +"Language-Team: None\n" +"MIME-Version: 1.0\n" +"Content-Type: application/x-publican; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Tag: programlisting +#, no-c-format +msgid "\n" +"class NoEntityHandler : public QXmlDeclHandler {\n" +"public:\n" +" bool attributeDecl(const QString&, const QString&, const QString&,\n" +" const QString&, const QString&);\n" +" bool internalEntityDecl(const QString&, const QString&);\n" +" bool externalEntityDecl(const QString&, const QString&,\n" +" const QString&);\n" +" QString errorString() const;\n" +"};\n" +"\n" +" bool\n" +"NoEntityHandler::attributeDecl\n" +" (const QString&, const QString&, const QString&, const QString&,\n" +" const QString&)\n" +"{\n" +" return false;\n" +"}\n" +"\n" +"bool\n" +"NoEntityHandler::internalEntityDecl(const QString&, const QString&)\n" +"{\n" +" return false;\n" +"}\n" +"\n" +"bool\n" +"NoEntityHandler::externalEntityDecl(const QString&, const QString&, const\n" +" QString&)\n" +"{\n" +" return false;\n" +"}\n" +"\n" +"QString\n" +"NoEntityHandler::errorString() const\n" +"{\n" +" return \"XML declaration not permitted\";\n" +"}\n" +"" +msgstr "" + diff --git a/defensive-coding/pot/Tasks/snippets/Serialization-XML-Qt-NoEntityReader.pot b/defensive-coding/pot/Tasks/snippets/Serialization-XML-Qt-NoEntityReader.pot new file mode 100644 index 0000000..1c79ac9 --- /dev/null +++ b/defensive-coding/pot/Tasks/snippets/Serialization-XML-Qt-NoEntityReader.pot @@ -0,0 +1,39 @@ +# +# AUTHOR , YEAR. +# +msgid "" +msgstr "" +"Project-Id-Version: 0\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" +"Last-Translator: Automatically generated\n" +"Language-Team: None\n" +"MIME-Version: 1.0\n" +"Content-Type: application/x-publican; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Tag: programlisting +#, no-c-format +msgid "\n" +"class NoEntityReader : public QXmlSimpleReader {\n" +" NoEntityHandler handler;\n" +"public:\n" +" NoEntityReader();\n" +" void setDeclHandler(QXmlDeclHandler *);\n" +"};\n" +"\n" +" NoEntityReader::NoEntityReader()\n" +"{\n" +" QXmlSimpleReader::setDeclHandler(&handler);\n" +" setFeature(\"http://xml.org/sax/features/namespaces\", true);\n" +" setFeature(\"http://xml.org/sax/features/namespace-prefixes\", false);\n" +" }\n" +"\n" +"void\n" +"NoEntityReader::setDeclHandler(QXmlDeclHandler *)\n" +"{\n" +" // Ignore the handler which was passed in.\n" +"}\n" +"" +msgstr "" + diff --git a/defensive-coding/pot/Tasks/snippets/Serialization-XML-Qt-QDomDocument.pot b/defensive-coding/pot/Tasks/snippets/Serialization-XML-Qt-QDomDocument.pot new file mode 100644 index 0000000..9877968 --- /dev/null +++ b/defensive-coding/pot/Tasks/snippets/Serialization-XML-Qt-QDomDocument.pot @@ -0,0 +1,30 @@ +# +# AUTHOR , YEAR. +# +msgid "" +msgstr "" +"Project-Id-Version: 0\n" +"POT-Creation-Date: 2013-08-13T01:54:52\n" +"PO-Revision-Date: 2013-08-13T01:54:52\n" +"Last-Translator: Automatically generated\n" +"Language-Team: None\n" +"MIME-Version: 1.0\n" +"Content-Type: application/x-publican; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Tag: programlisting +#, no-c-format +msgid "\n" +"NoEntityReader reader;\n" +"QBuffer buffer(&data);\n" +"buffer.open(QIODevice::ReadOnly);\n" +"QXmlInputSource source(&buffer);\n" +"QDomDocument doc;\n" +"QString errorMsg;\n" +"int errorLine;\n" +"int errorColumn;\n" +"bool okay = doc.setContent\n" +" (&source, &reader, &errorMsg, &errorLine, &errorColumn);\n" +"" +msgstr "" +