Convert toTimeZone to TimeZone.getTimeZone(ZoneId)

• warning
• java
• java.time
• framework specific
• Joda-Time
• quality

Disabling Spring Security's CSRF protection makes the application vulnerable

• error
• java
• Spring
• security
• framework specific
• web
• Spring Security
• CSRF
• OWASP Top 10

Disabling Spring Security's CSRF protection makes the application vulnerable

• error
• java
• Spring
• security
• framework specific
• web
• Spring Security
• CSRF
• OWASP Top 10

Compliant

• compliant
• java
• security
• framework specific
• mobile
• Android
• Android security set

Could leak sensitive information

• error
• java
• security
• mobile
• framework specific
• Android
• Android security set

Could lead to Data Exposure

• error
• java
• security
• framework specific
• mobile
• Android
• Android security set

Could lead to Data Exposure - Compliant

• compliant
• java
• security
• framework specific
• mobile
• Android
• Android security set

Compliant

• compliant
• java
• security
• framework specific
• mobile
• Android

Could lead to data exposure

• error
• java
• Spring
• security
• framework specific
• Spring Security

Could lead to data exposure

• error
• java
• Spring
• security
• framework specific
• Spring Security

Could lead to data exposure

• error
• java
• security
• framework specific
• Spring
• Spring Security

DateTimeFormatterBuilder Joda-Time method is obsolete in java.time

• warning
• java
• java.time
• framework specific
• Joda-Time
• quality

DateTimeFormatterBuilder Joda-Time toParser/toPrinter is obsolete in java.time

• warning
• java
• java.time
• framework specific
• Joda-Time
• quality

DateTimeFormatter deprecated getChronolgy

• error
• java
• framework specific
• java.time
• Joda-Time
• quality

DateTimeFormatter has no equivalent method in java.time

• marked_information
• java
• framework specific
• java.time
• Joda-Time
• quality

DateTime toString() format has changed from Joda-Time to java.time

• warning
• java
• java.time
• framework specific
• Joda-Time
• quality

The salt should be random, 8-bytes and in hex-encoded String

• error
• java
• Spring
• security
• framework specific
• Spring Security

FEST Assertion method removed in AssertJ

• warning
• java
• AssertJ
• framework specific

Field injection is not recommended, because the list of required dependencies are unclear during instance creation. This makes testing more difficult and could lead to runtime exceptions when the bean is instantiated without spring.

• info
• java
• kotlin
• Spring
• Spring Core
• dependency injection
• framework specific
• quality

Field injection is not recommended, because the list of required dependencies are unclear during instance creation. This makes testing more difficult and could lead to runtime exceptions when the bean is instantiated without spring.

• info
• java
• kotlin
• Spring
• Spring Core
• dependency injection
• framework specific
• Lombok
• quality

If the Injected field is not public then the code might not be wired up.

• warning
• java
• Guice
• dependency injection
• framework specific
• quality

AWS credentials should not be hardcoded.

• warning
• java
• security
• framework specific
• AWS

Use transport level security to connect to the database

• warning
• xml
• database
• security
• Hibernate
• framework specific
• OWASP Top 10
• TLS

Printing a stack trace gives valuable information about software internals, including library/framework names and versions, to an attacker

• warning
• java
• security
• framework specific
• logging
• Logger

Using DeviceEncryptedStorage for Sensitive information is insecure

• warning
• java
• security
• framework specific
• mobile
• Android