When using Spring MVC it's recommended to use MvcRequestMatcher as it protects the paths Spring annotations will match on, instead of only the one provided.

• warning
• java
• Spring
• security
• Spring MVC
• Spring Security
• access control

Enabling content access in the webview could lead to misuse

• error
• java
• security
• framework specific
• Android
• mobile
• Android security set

Enabling content access in the webview could lead to misuse

• error
• java
• security
• framework specific
• Android
• mobile
• Android security set

Insecure content may be allowed to be loaded by a secure origin

• error
• java
• security
• framework specific
• Android
• mobile
• Android security set

Enabling this WebView setting has security implications

• warning
• java
• security
• framework specific
• Android
• mobile
• Android security set

WebView setting with security implications

• error
• java
• security
• framework specific
• Android
• mobile
• Android security set

Avoid throwing a UsernameNotFoundException as it could lead to username enumeration

• warning
• java
• Spring
• security
• framework specific
• web
• Spring Security
• OWASP Top 10

Prevent enumeration by not throwing an exception that reveals the existence of the username

• warning
• java
• Spring
• security
• framework specific
• web
• Spring Security
• OWASP Top 10

Secrets should not be stored in code

• error
• java
• security
• framework specific
• AWS

Using passwordencoders in combination with hardcoded secrets is security sensitive

• error
• java
• Spring
• security
• framework specific
• Spring Security

Using the Encryptors class in combination with hardcoded secrets is security sensitive

• error
• java
• Spring
• security
• framework specific
• Spring Security

This text will be shown as a tooltip when code violates this recipe

• error
• java
• security
• framework specific
• mobile
• Android

Do not use the createPackageContext to dynamically load code

• warning
• java
• security
• framework specific
• mobile
• Android

Do not use the DexClassLoader to dynamically load code

• error
• java
• security
• framework specific
• mobile
• Android

Do not expose an internal List as it is mutable. Return a copy or immutable view.

• marked_information
• java
• security
• Java basic
• quality

Do not expose an internal Set as it is mutable. Return a copy or immutable view.

• marked_information
• java
• security
• Java basic
• quality

This call to ProcessBuilder#command contains untrusted input. Consider sanitizing the untrusted input.

• error
• java
• security
• Java basic
• injection

This call to ProcessBuilder#command contains untrusted input. Consider sanitizing the untrusted input.

• error
• java
• security
• Java basic
• injection

Not setting filterTouchesWhenObscured to true allows adversaries to hijack users' taps.

• warning
• xml
• security
• framework specific
• mobile
• Android

Setting filterTouchesWhenObscured to false allows adversaries to hijack users' taps.

• warning
• xml
• security
• mobile
• framework specific
• Android

This cryptographic algorithm is not recommended

• error
• java
• security
• basic protection set

This cryptographic algorithm is not recommended

• marked_information
• java
• security
• basic protection set

This cryptographic algorithm is insecure

• error
• java
• security
• basic protection set

This cryptographic algorithm is not recommended

• error
• java
• security
• basic protection set

This cryptographic algorithm is insecure

• error
• java
• security
• basic protection set