Explore
126-150 of 579
Do not compare classes/types by their name (literal)
Comparing the class names is less robust than comparing the actual classes
- warning
- java
- Java basic
- SEI CERT
- quality
- security
Do not compare classes/types by their name (literal inverted)
Comparing the class names is less robust than comparing the actual classes
- warning
- java
- Java basic
- SEI CERT
- quality
- security
Do not expose internal array
Do not expose an internal array as it is mutable
- warning
- java
- security
- Java basic
- quality
Email: Disabled SSL on Connect
When sending an email, SSL has been disabled on connection
- error
- java
- security
- Apache Commons
- web
- OWASP Top 10
Email: Disabled SSL Server Identity check
When sending an email, the setSSLCheckServerIdentity has been set to false
- error
- java
- security
- Apache Commons
- web
- OWASP Top 10
Encryptors requires the use of a random 8-byte salt
The salt should be random, 8-bytes and in hex-encoded String
- error
- java
- Spring
- security
- framework specific
- Spring Security
EnvironmentTestUtils is deprecated
EnvironmentTestUtils is deprecated
- warning
- java
- Spring Boot
- Spring
Exception: Created but not thrown
Exceptions should be thrown, not just created
- warning
- java
- Java basic
- quality
FEST Assertion method removed in AssertJ
FEST Assertion method removed in AssertJ
- warning
- java
- AssertJ
- framework specific
Field injection is not recommended
Field injection is not recommended, because the list of required dependencies are unclear during instance creation. This makes testing more difficult and could lead to runtime exceptions when the bean is instantiated without spring.
- info
- java
- kotlin
- Spring
- Spring Core
- dependency injection
- framework specific
- quality
Field injection is not recommended (lombok)
Field injection is not recommended, because the list of required dependencies are unclear during instance creation. This makes testing more difficult and could lead to runtime exceptions when the bean is instantiated without spring.
- info
- java
- kotlin
- Spring
- Spring Core
- dependency injection
- framework specific
- Lombok
- quality
Guice Injected Field Not Public
If the Injected field is not public then the code might not be wired up.
- warning
- java
- Guice
- dependency injection
- framework specific
- quality
Hardcoded Credentials: AWS Key
AWS credentials should not be hardcoded.
- warning
- java
- security
- framework specific
- AWS
Incorrect equality check of wrapper values (equals)
Use equals method to compare wrapped values
- error
- java
- Java basic
- quality
- SEI CERT
Incorrect equality check of wrapper values (not equals)
Use equals method to compare wrapped values
- error
- java
- Java basic
- quality
- SEI CERT
Incorrect use of Objects.equals
Comparing a non-unboxable object and a primitive will always return false
- warning
- java
- Java basic
- quality
Info Leakage: Throwable.printStacktrace leaks valuable program structure information
Printing a stack trace gives valuable information about software internals, including library/framework names and versions, to an attacker
- warning
- java
- security
- framework specific
- logging
- Logger
Information Exposure: Avoid DeviceEncryptedStorage for Sensitive Information
Using DeviceEncryptedStorage for Sensitive information is insecure
- warning
- java
- security
- framework specific
- mobile
- Android
Information Exposure: Avoid using hardware identifiers - Compliant
Using hardware identifiers is not recommended - compliant
- error
- java
- security
- framework specific
- mobile
- Android
Information Exposure: Do not place sensitive information on ClipBoard
Never copy sensitive information to the ClipBoard
- info
- java
- security
- framework specific
- mobile
- Android
Information Exposure: Sensitive information
Do not send sensitive information or put it on the clipboard
- warning
- java
- security
- framework specific
- mobile
- Android
Injection: Avoid Code Injection: Use SafeConstructor: 1st argument of type Constructor
Could lead to Remote Code Execution
- error
- java
- security
- basic protection set
- injection
- YAML
- OWASP Top 10
Injection: Avoid Code Injection: Use SafeConstructor: arguments, but no Constructor argument
Could lead to Remote Code Execution
- error
- java
- security
- basic protection set
- injection
- YAML
- OWASP Top 10
Injection: Avoid Code Injection: Use SafeConstructor: no arguments
Could lead to Remote Code Execution
- error
- java
- security
- basic protection set
- injection
- YAML
- OWASP Top 10