Explore
1-25 of 589
Access Control: MvcRequestMatcher is more secure than AntPathRequestMatcher for Spring MVC patterns
When using Spring MVC it's recommended to use MvcRequestMatcher as it protects the paths Spring annotations will match on, instead of only the one provided.
- warning
- java
- Spring
- security
- Spring MVC
- Spring Security
- access control
Android WebView best practices: Disable Content Access
Enabling content access in the webview could lead to misuse
- error
- java
- security
- framework specific
- Android
- mobile
- Android security set
Android WebView best practices: Disable Content Access (setter)
Enabling content access in the webview could lead to misuse
- error
- java
- security
- framework specific
- Android
- mobile
- Android security set
Android WebView best practices: Insecure mixed content mode
Insecure content may be allowed to be loaded by a secure origin
- error
- java
- security
- framework specific
- Android
- mobile
- Android security set
Android WebView best practices: Insecure settings
Enabling this WebView setting has security implications
- warning
- java
- security
- framework specific
- Android
- mobile
- Android security set
Android WebView best practices: Set mixed content mode
WebView setting with security implications
- error
- java
- security
- framework specific
- Android
- mobile
- Android security set
appendShortText is different in java.time
appendShortText is different in java.time
- warning
- java
- java.time
- framework specific
- Joda-Time
- quality
appendTimeZoneId is now appendZoneId
appendTimeZoneId is now appendZoneId
- warning
- java
- java.time
- framework specific
- Joda-Time
- quality
appendTimeZoneOffset is now appendOffsetId
appendTimeZoneOffset is now appendOffsetId
- warning
- java
- java.time
- framework specific
- Joda-Time
- quality
Argument needs to be migrated from DateTimeFieldType to java.time.TemporalField
Argument needs to be migrated from DateTimeFieldType to java.time.TemporalField
- warning
- java
- java.time
- framework specific
- Joda-Time
- quality
Argument needs to be migrated from DateTimeFieldType to TemporalField
Argument needs to be migrated from DateTimeFieldType to TemporalField
- warning
- java
- java.time
- framework specific
- Joda-Time
- quality
Argument needs to be migrated from DateTimeFieldType to TemporalField
Argument needs to be migrated from DateTimeFieldType to TemporalField
- warning
- java
- java.time
- framework specific
- Joda-Time
- quality
Argument needs to be migrated from DateTimeParser to java.time.format.DateTimeFormatter
Argument needs to be migrated from DateTimeParser to java.time.format.DateTimeFormatter
- warning
- java
- java.time
- framework specific
- Joda-Time
- quality
Argument needs to be migrated to java.time.format.DateTimeFormatter
Argument needs to be migrated to java.time.format.DateTimeFormatter
- warning
- java
- java.time
- framework specific
- Joda-Time
- quality
assertThatThrownBy won't use description if the code doesn't throw
assertThatThrownBy won't use description if the code doesn't throw
- error
- java
- AssertJ
- framework specific
- quality
Authentication: Username Enumeration: avoid UsernameNotFoundException
Avoid throwing a UsernameNotFoundException as it could lead to username enumeration
- warning
- java
- Spring
- security
- framework specific
- web
- Spring Security
- OWASP Top 10
Authentication: Username Enumeration: setHideUserNotFoundExceptions should be set to true
Prevent enumeration by not throwing an exception that reveals the existence of the username
- warning
- java
- Spring
- security
- framework specific
- web
- Spring Security
- OWASP Top 10
Automatic region detection by AWS
AWS can automatically detect the region from the environment
- marked_information
- java
- framework specific
- AWS
- quality
Avoid hardcoded secrets
Secrets should not be stored in code
- error
- java
- security
- framework specific
- AWS
Avoid hardcoded secrets when using password encoders
Using passwordencoders in combination with hardcoded secrets is security sensitive
- error
- java
- Spring
- security
- framework specific
- Spring Security
Avoid hardcoded secrets when using the Encryptors class
Using the Encryptors class in combination with hardcoded secrets is security sensitive
- error
- java
- Spring
- security
- framework specific
- Spring Security
Avoid mapping to multiple HTTP request methods
Map to one HTTP request method for best practices
- info
- java
- Spring
- framework specific
- web
- Spring Web
- quality
Century of Era is not supported in java.time
Century of Era is not supported in java.time
- warning
- java
- java.time
- framework specific
- Joda-Time
- quality
Code Injection: ExifInterface can lead to DoS or RCE
This text will be shown as a tooltip when code violates this recipe
- error
- java
- security
- framework specific
- mobile
- Android
Code Injection: Prevent use of CreatePackageContext
Do not use the createPackageContext to dynamically load code
- warning
- java
- security
- framework specific
- mobile
- Android