Vulnerability

Never use CoSetProxyBlanket or CoInitializeSecurity

Description

    This rule states that developers should never use the CoSetProxyBlanket or CoInitializeSecurity APIs in PowerBuilder code. These APIs are used to set the authentication level for a COM object, which can be a security risk when used incorrectly. As such, they should be avoided when writing PowerBuilder code.

Key Benefits

  • Secure: Never use CoSetProxyBlanket or CoInitializeSecurity rule ensures that the security of the application is not compromised.
  • Robust: By avoiding CoSetProxyBlanket or CoInitializeSecurity rule, the application is more robust and less prone to errors.
  • Efficient: Applications that avoid CoSetProxyBlanket or CoInitializeSecurity rule are generally more efficient and perform better.

 

Non-compliant Code Example

SUBROUTINE CoInitializeSecurityAlias(string uExitCode) LIBRARY "ole32.dll" ALIAS FOR "CoInitializeSecurity"
SUBROUTINE CoInitializeSecurity(string uExitCode) LIBRARY "ole32.dll"
SUBROUTINE CoSetProxyBlanket(string uExitCode) LIBRARY "ole32.dll"
Visual Expert 2023
 VEPBRULE16