Explore
76-100 of 379
Convert toTimeZone to TimeZone.getTimeZone(ZoneId)
Convert toTimeZone to TimeZone.getTimeZone(ZoneId)
- warning
- java
- java.time
- framework specific
- Joda-Time
- quality
CSRF: Disabled CSRF protection (AbstractHttpConfigurer)
Disabling Spring Security's CSRF protection makes the application vulnerable
- error
- java
- Spring
- security
- framework specific
- web
- Spring Security
- CSRF
- OWASP Top 10
CSRF: Disabled CSRF protection (HttpSecurity)
Disabling Spring Security's CSRF protection makes the application vulnerable
- error
- java
- Spring
- security
- framework specific
- web
- Spring Security
- CSRF
- OWASP Top 10
Data Protection: Avoid Data Exposure - Avoid Device Protected Storage - Compliant
Compliant
- compliant
- java
- security
- framework specific
- mobile
- Android
- Android security set
Data Protection - Secure Data Display: Avoid Data Exposure: set FLAG_SECURE
Could leak sensitive information
- error
- java
- security
- mobile
- framework specific
- Android
- Android security set
Data Protection - Secure Data Display: Avoid Data Exposure: Use FlagSecureHelper to create toasts
Could lead to Data Exposure
- error
- java
- security
- framework specific
- mobile
- Android
- Android security set
Data Protection - Secure Data Display: Avoid Data Exposure: Use FlagSecureHelper to create toasts Compliant
Could lead to Data Exposure - Compliant
- compliant
- java
- security
- framework specific
- mobile
- Android
- Android security set
Data Protection - Secure Data Display: Avoid Data Exposure: Use LayoutParams.FLAG_SECURE Compliant
Compliant
- compliant
- java
- security
- framework specific
- mobile
- Android
Data Protection: Secure Data Storage: Avoid Data Exposure: Do not use NoOpPasswordEncoder
Could lead to data exposure
- error
- java
- Spring
- security
- framework specific
- Spring Security
Data Protection: Secure Data Storage: Avoid Data Exposure: Hash passwords using strong hashing algorithms
Could lead to data exposure
- error
- java
- Spring
- security
- framework specific
- Spring Security
Data Protection: Secure Data Storage: Avoid Data Exposure: Hash passwords using strong hashing algorithms
Could lead to data exposure
- error
- java
- security
- framework specific
- Spring
- Spring Security
DateTimeFormatterBuilder Joda-Time method is obsolete in java.time
DateTimeFormatterBuilder Joda-Time method is obsolete in java.time
- warning
- java
- java.time
- framework specific
- Joda-Time
- quality
DateTimeFormatterBuilder Joda-Time toParser/toPrinter is obsolete in java.time
DateTimeFormatterBuilder Joda-Time toParser/toPrinter is obsolete in java.time
- warning
- java
- java.time
- framework specific
- Joda-Time
- quality
DateTimeFormatter deprecated getChronolgy
DateTimeFormatter deprecated getChronolgy
- error
- java
- framework specific
- java.time
- Joda-Time
- quality
DateTimeFormatter has no equivalent method in java.time
DateTimeFormatter has no equivalent method in java.time
- marked_information
- java
- framework specific
- java.time
- Joda-Time
- quality
DateTime toString() format has changed from Joda-Time to java.time
DateTime toString() format has changed from Joda-Time to java.time
- warning
- java
- java.time
- framework specific
- Joda-Time
- quality
Encryptors requires the use of a random 8-byte salt
The salt should be random, 8-bytes and in hex-encoded String
- error
- java
- Spring
- security
- framework specific
- Spring Security
FEST Assertion method removed in AssertJ
FEST Assertion method removed in AssertJ
- warning
- java
- AssertJ
- framework specific
Field injection is not recommended
Field injection is not recommended, because the list of required dependencies are unclear during instance creation. This makes testing more difficult and could lead to runtime exceptions when the bean is instantiated without spring.
- info
- java
- kotlin
- Spring
- Spring Core
- dependency injection
- framework specific
- quality
Field injection is not recommended (lombok)
Field injection is not recommended, because the list of required dependencies are unclear during instance creation. This makes testing more difficult and could lead to runtime exceptions when the bean is instantiated without spring.
- info
- java
- kotlin
- Spring
- Spring Core
- dependency injection
- framework specific
- Lombok
- quality
Guice Injected Field Not Public
If the Injected field is not public then the code might not be wired up.
- warning
- java
- Guice
- dependency injection
- framework specific
- quality
Hardcoded Credentials: AWS Key
AWS credentials should not be hardcoded.
- warning
- java
- security
- framework specific
- AWS
Hibernate: Missing transport-level security: No SSL for database connection
Use transport level security to connect to the database
- warning
- xml
- database
- security
- Hibernate
- framework specific
- OWASP Top 10
- TLS
Info Leakage: Throwable.printStacktrace leaks valuable program structure information
Printing a stack trace gives valuable information about software internals, including library/framework names and versions, to an attacker
- warning
- java
- security
- framework specific
- logging
- Logger
Information Exposure: Avoid DeviceEncryptedStorage for Sensitive Information
Using DeviceEncryptedStorage for Sensitive information is insecure
- warning
- java
- security
- framework specific
- mobile
- Android