So java obviously resolves unicode escapes during compilation: https://gist.github.com/eoftedal/32cef64693db3c7f02f2 … (inspired by @peterjaric )
-
-
Replying to @webtonull
Alvaro Muñoz Retweeted Alvaro Muñoz
@webtonull@peterjaric Nice old trick! https://twitter.com/pwntester/status/446426562989412352 … /cc@KangAbrahamAlvaro Muñoz added,
2 replies 1 retweet 1 like -
Replying to @pwntester
@pwntester@peterjaric@KangAbraham Wow,@planetlevel did a talk at Blackhat in 2009 about this: http://www.blackhat.com/presentations/bh-usa-09/WILLIAMS/BHUSA09-Williams-EnterpriseJavaRootkits-PAPER.pdf …1 reply 0 retweets 6 likes -
Replying to @webtonull
@webtonull Ran Coverity's SAST on a test case, still finds the issue. Blog post soon //@pwntester@peterjaric@KangAbraham@planetlevel1 reply 0 retweets 0 likes -
Replying to @jonpasski
When I tested in '09 most tools handled this fine. Some weird editor behavior
@jonpasski@webtonull@pwntester@peterjaric@KangAbraham1 reply 0 retweets 0 likes -
Replying to @planetlevel
@planetlevel@jonpasski@webtonull@peterjaric@KangAbraham Well, at least Fortify does. I guess all tools at this point2 replies 0 retweets 0 likes -
Replying to @pwntester
@pwntester@planetlevel@webtonull@peterjaric@KangAbraham Showing my math regarding unicode escaping: http://security.coverity.com/blog/2015/Apr/unicode-escaping-is-coverity-affected.html …2 replies 3 retweets 4 likes -
Replying to @jonpasski
@jonpasski Great post, and nice to see that Coverity handled it. A very small thing:@mathias wrote his comment after visiting my site.1 reply 0 retweets 0 likes
@peterjaric @jonpasski +1; my tweet links to Peter’s site too. That said, nice write-up!
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
JavaScript, HTML, CSS, HTTP, performance, security, Bash, Unicode, i18n, macOS.