Yes, WinSCP does NOT use PCRE.
- martin
Post a reply
Before posting, please read how to report bug or request support effectively.
Bug reports without an attached log file are usually useless.
Topic review
- Royce
Hi Martin,
Sorry for late response. I just went thru the source as well and it just defines.
The defines seems did not includes any files/library during the compilation does it mean there is no PCRE libraries included during the compilation and hence WinSCP does not use PCRE at all?
Sorry for late response. I just went thru the source as well and it just defines.
The defines seems did not includes any files/library during the compilation does it mean there is no PCRE libraries included during the compilation and hence WinSCP does not use PCRE at all?
- martin
All I can see in the
I do not see anything relevant in
So the claim do not seem valid to me.
jcld20win32.inc are three defines PCRE_8, PCRE_16 and PCRE_PREFER_16, which are never used anywhere in the code base.
I do not see anything relevant in
crossplatform.inc.
So the claim do not seem valid to me.
- Royce
Hi Martin,
We have received communication from the Synopsis team regarding the requirement for proof of WinSCP utilizing the PCRE library. Kindly review the evidence provided by the Synopsis team at the following links:
https://github.com/winscp/winscp/blob/master/source/packages/jcl/jcld20win32.inc
https://github.com/winscp/winscp/blob/master/source/packages/jcl/crossplatform.inc
We would greatly appreciate your insight on the validity of the claim made by the Synopsis team. Additionally, if the claim is indeed valid, we are interested in knowing if the WinSCP team has any plans to upgrade the version accordingly.
Thank you for your attention to this matter.
We have received communication from the Synopsis team regarding the requirement for proof of WinSCP utilizing the PCRE library. Kindly review the evidence provided by the Synopsis team at the following links:
https://github.com/winscp/winscp/blob/master/source/packages/jcl/jcld20win32.inc
https://github.com/winscp/winscp/blob/master/source/packages/jcl/crossplatform.inc
We would greatly appreciate your insight on the validity of the claim made by the Synopsis team. Additionally, if the claim is indeed valid, we are interested in knowing if the WinSCP team has any plans to upgrade the version accordingly.
Thank you for your attention to this matter.
- Royce
Ya, the PCRE is referring to "Perl Compatible Regular Expressions".
Thanks for the reply and we will proceed from here.
Thanks for the reply and we will proceed from here.
- martin
Re: WinSCP Use of PCRE Library from BlackDuck Scan
PCRE as in "Perl Compatible Regular Expressions"?
WinSCP has nothing to do with any Perl.
So it indeed seems to be a false positive.
WinSCP has nothing to do with any Perl.
So it indeed seems to be a false positive.
- Royce
WinSCP Use of PCRE Library from BlackDuck Scan
Hi WinSCP team,
We are currently using WinSCP version 6.3.1 and the BlackDuck binary check report states the use of PCRE 7.9 library in WinSCP.
We would like to ask that is this a false positive or is WinSCP has any plan on upgrading the version of PCRE library?
The following are the critical vulnerabilities id detected for PCRE 7.9 from BlackDuck binary check report for your reference:
CVE-2015-8383
CVE-2015-8386
CVE-2015-8389
CVE-2015-8390
CVE-2015-8391
CVE-2015-8394
Hope to get your reply soon, thank you.
We are currently using WinSCP version 6.3.1 and the BlackDuck binary check report states the use of PCRE 7.9 library in WinSCP.
We would like to ask that is this a false positive or is WinSCP has any plan on upgrading the version of PCRE library?
The following are the critical vulnerabilities id detected for PCRE 7.9 from BlackDuck binary check report for your reference:
CVE-2015-8383
CVE-2015-8386
CVE-2015-8389
CVE-2015-8390
CVE-2015-8391
CVE-2015-8394
Hope to get your reply soon, thank you.