Explore

Filters (0) Clear filters
Languages
Level
Tags

126-150 of 589

DateTime toString() format has changed from Joda-Time to java.time

DateTime toString() format has changed from Joda-Time to java.time

  • warning
  • java
  • java.time
  • framework specific
  • Joda-Time
  • quality
Do not compare classes/types by their name

Comparing the class names is less robust than comparing the actual classes

  • warning
  • java
  • Java basic
  • SEI CERT
  • quality
  • security
Do not compare classes/types by their name (literal)

Comparing the class names is less robust than comparing the actual classes

  • warning
  • java
  • Java basic
  • SEI CERT
  • quality
  • security
Do not compare classes/types by their name (literal inverted)

Comparing the class names is less robust than comparing the actual classes

  • warning
  • java
  • Java basic
  • SEI CERT
  • quality
  • security
Do not expose internal array

Do not expose an internal array as it is mutable

  • warning
  • java
  • security
  • Java basic
  • quality
Email: Disabled SSL on Connect

When sending an email, SSL has been disabled on connection

  • error
  • java
  • security
  • Apache Commons
  • web
  • email
  • OWASP Top 10
Email: Disabled SSL Server Identity check

When sending an email, the setSSLCheckServerIdentity has been set to false

  • error
  • java
  • security
  • Apache Commons
  • web
  • email
  • OWASP Top 10
Encryptors requires the use of a random 8-byte salt

The salt should be random, 8-bytes and in hex-encoded String

  • error
  • java
  • Spring
  • security
  • framework specific
  • Spring Security
EnvironmentTestUtils is deprecated

EnvironmentTestUtils is deprecated

  • warning
  • java
  • Spring Boot
  • Spring
Exception: Created but not thrown

Exceptions should be thrown, not just created

  • warning
  • java
  • Java basic
  • quality
FEST Assertion method removed in AssertJ

FEST Assertion method removed in AssertJ

  • warning
  • java
  • AssertJ
  • framework specific
Field injection is not recommended

Field injection is not recommended, because the list of required dependencies are unclear during instance creation. This makes testing more difficult and could lead to runtime exceptions when the bean is instantiated without spring.

  • info
  • java
  • kotlin
  • Spring
  • Spring Core
  • dependency injection
  • framework specific
  • quality
Field injection is not recommended (lombok)

Field injection is not recommended, because the list of required dependencies are unclear during instance creation. This makes testing more difficult and could lead to runtime exceptions when the bean is instantiated without spring.

  • info
  • java
  • kotlin
  • Spring
  • Spring Core
  • dependency injection
  • framework specific
  • Lombok
  • quality
Guice Injected Field Not Public

If the Injected field is not public then the code might not be wired up.

  • warning
  • java
  • Guice
  • dependency injection
  • framework specific
  • quality
Hardcoded Credentials: AWS Key

AWS credentials should not be hardcoded.

  • warning
  • java
  • security
  • framework specific
  • AWS
Hibernate: Missing transport-level security: No SSL for database connection

Use transport level security to connect to the database

  • warning
  • xml
  • database
  • security
  • Hibernate
  • framework specific
  • OWASP Top 10
  • TLS
Incorrect equality check of wrapper values (equals)

Use equals method to compare wrapped values

  • error
  • java
  • Java basic
  • quality
  • SEI CERT
Incorrect equality check of wrapper values (not equals)

Use equals method to compare wrapped values

  • error
  • java
  • Java basic
  • quality
  • SEI CERT
Incorrect use of Objects.equals

Comparing a non-unboxable object and a primitive will always return false

  • warning
  • java
  • Java basic
  • quality
Inefficient use of String.indexOf

Inefficient use of String.indexOf

  • warning
  • java
  • Java basic
  • quality
Info Leakage: Throwable.printStacktrace leaks valuable program structure information

Printing a stack trace gives valuable information about software internals, including library/framework names and versions, to an attacker

  • warning
  • java
  • security
  • framework specific
  • logging
  • Logger
Information Exposure: Avoid DeviceEncryptedStorage for Sensitive Information

Using DeviceEncryptedStorage for Sensitive information is insecure

  • warning
  • java
  • security
  • framework specific
  • mobile
  • Android
Information Exposure: Avoid using hardware identifiers - Compliant

Using hardware identifiers is not recommended - compliant

  • error
  • java
  • security
  • framework specific
  • mobile
  • Android
Information Exposure: Do not place sensitive information on ClipBoard

Never copy sensitive information to the ClipBoard

  • info
  • java
  • security
  • framework specific
  • mobile
  • Android
Information Exposure: Sensitive information

Do not send sensitive information or put it on the clipboard

  • warning
  • java
  • security
  • framework specific
  • mobile
  • Android