Explore

Filters (0) Clear filters
Languages
Level
Tags

76-100 of 379

Convert toTimeZone to TimeZone.getTimeZone(ZoneId)

Convert toTimeZone to TimeZone.getTimeZone(ZoneId)

  • warning
  • java
  • java.time
  • framework specific
  • Joda-Time
  • quality
CSRF: Disabled CSRF protection (AbstractHttpConfigurer)

Disabling Spring Security's CSRF protection makes the application vulnerable

  • error
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Security
  • CSRF
  • OWASP Top 10
CSRF: Disabled CSRF protection (HttpSecurity)

Disabling Spring Security's CSRF protection makes the application vulnerable

  • error
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Security
  • CSRF
  • OWASP Top 10
Data Protection: Avoid Data Exposure - Avoid Device Protected Storage - Compliant

Compliant

  • compliant
  • java
  • security
  • framework specific
  • mobile
  • Android
  • Android security set
Data Protection - Secure Data Display: Avoid Data Exposure: set FLAG_SECURE

Could leak sensitive information

  • error
  • java
  • security
  • mobile
  • framework specific
  • Android
  • Android security set
Data Protection - Secure Data Display: Avoid Data Exposure: Use FlagSecureHelper to create toasts

Could lead to Data Exposure

  • error
  • java
  • security
  • framework specific
  • mobile
  • Android
  • Android security set
Data Protection - Secure Data Display: Avoid Data Exposure: Use FlagSecureHelper to create toasts Compliant

Could lead to Data Exposure - Compliant

  • compliant
  • java
  • security
  • framework specific
  • mobile
  • Android
  • Android security set
Data Protection: Secure Data Storage: Avoid Data Exposure: Do not use NoOpPasswordEncoder

Could lead to data exposure

  • error
  • java
  • Spring
  • security
  • framework specific
  • Spring Security
Data Protection: Secure Data Storage: Avoid Data Exposure: Hash passwords using strong hashing algorithms

Could lead to data exposure

  • error
  • java
  • Spring
  • security
  • framework specific
  • Spring Security
Data Protection: Secure Data Storage: Avoid Data Exposure: Hash passwords using strong hashing algorithms

Could lead to data exposure

  • error
  • java
  • security
  • framework specific
  • Spring
  • Spring Security
DateTimeFormatterBuilder Joda-Time method is obsolete in java.time

DateTimeFormatterBuilder Joda-Time method is obsolete in java.time

  • warning
  • java
  • java.time
  • framework specific
  • Joda-Time
  • quality
DateTimeFormatterBuilder Joda-Time toParser/toPrinter is obsolete in java.time

DateTimeFormatterBuilder Joda-Time toParser/toPrinter is obsolete in java.time

  • warning
  • java
  • java.time
  • framework specific
  • Joda-Time
  • quality
DateTimeFormatter deprecated getChronolgy

DateTimeFormatter deprecated getChronolgy

  • error
  • java
  • framework specific
  • java.time
  • Joda-Time
  • quality
DateTimeFormatter has no equivalent method in java.time

DateTimeFormatter has no equivalent method in java.time

  • marked_information
  • java
  • framework specific
  • java.time
  • Joda-Time
  • quality
DateTime toString() format has changed from Joda-Time to java.time

DateTime toString() format has changed from Joda-Time to java.time

  • warning
  • java
  • java.time
  • framework specific
  • Joda-Time
  • quality
Encryptors requires the use of a random 8-byte salt

The salt should be random, 8-bytes and in hex-encoded String

  • error
  • java
  • Spring
  • security
  • framework specific
  • Spring Security
FEST Assertion method removed in AssertJ

FEST Assertion method removed in AssertJ

  • warning
  • java
  • AssertJ
  • framework specific
Field injection is not recommended

Field injection is not recommended, because the list of required dependencies are unclear during instance creation. This makes testing more difficult and could lead to runtime exceptions when the bean is instantiated without spring.

  • info
  • java
  • kotlin
  • Spring
  • Spring Core
  • dependency injection
  • framework specific
  • quality
Field injection is not recommended (lombok)

Field injection is not recommended, because the list of required dependencies are unclear during instance creation. This makes testing more difficult and could lead to runtime exceptions when the bean is instantiated without spring.

  • info
  • java
  • kotlin
  • Spring
  • Spring Core
  • dependency injection
  • framework specific
  • Lombok
  • quality
Guice Injected Field Not Public

If the Injected field is not public then the code might not be wired up.

  • warning
  • java
  • Guice
  • dependency injection
  • framework specific
  • quality
Hardcoded Credentials: AWS Key

AWS credentials should not be hardcoded.

  • warning
  • java
  • security
  • framework specific
  • AWS
Hibernate: Missing transport-level security: No SSL for database connection

Use transport level security to connect to the database

  • warning
  • xml
  • database
  • security
  • Hibernate
  • framework specific
  • OWASP Top 10
  • TLS
Info Leakage: Throwable.printStacktrace leaks valuable program structure information

Printing a stack trace gives valuable information about software internals, including library/framework names and versions, to an attacker

  • warning
  • java
  • security
  • framework specific
  • logging
  • Logger
Information Exposure: Avoid DeviceEncryptedStorage for Sensitive Information

Using DeviceEncryptedStorage for Sensitive information is insecure

  • warning
  • java
  • security
  • framework specific
  • mobile
  • Android