When using Spring MVC it's recommended to use MvcRequestMatcher as it protects the paths Spring annotations will match on, instead of only the one provided.

• warning
• java
• Spring
• security
• Spring MVC
• Spring Security
• access control

Enabling content access in the webview could lead to misuse

• error
• java
• security
• framework specific
• Android
• mobile
• Android security set

Enabling content access in the webview could lead to misuse

• error
• java
• security
• framework specific
• Android
• mobile
• Android security set

Insecure content may be allowed to be loaded by a secure origin

• error
• java
• security
• framework specific
• Android
• mobile
• Android security set

Enabling this WebView setting has security implications

• warning
• java
• security
• framework specific
• Android
• mobile
• Android security set

WebView setting with security implications

• error
• java
• security
• framework specific
• Android
• mobile
• Android security set

appendShortText is different in java.time

• warning
• java
• java.time
• framework specific
• Joda-Time
• quality

appendTimeZoneId is now appendZoneId

• warning
• java
• java.time
• framework specific
• Joda-Time
• quality

appendTimeZoneOffset is now appendOffsetId

• warning
• java
• java.time
• framework specific
• Joda-Time
• quality

Argument needs to be migrated from DateTimeFieldType to java.time.TemporalField

• warning
• java
• java.time
• framework specific
• Joda-Time
• quality

Argument needs to be migrated from DateTimeFieldType to TemporalField

• warning
• java
• java.time
• framework specific
• Joda-Time
• quality

Argument needs to be migrated from DateTimeFieldType to TemporalField

• warning
• java
• java.time
• framework specific
• Joda-Time
• quality

Argument needs to be migrated from DateTimeParser to java.time.format.DateTimeFormatter

• warning
• java
• java.time
• framework specific
• Joda-Time
• quality

Argument needs to be migrated to java.time.format.DateTimeFormatter

• warning
• java
• java.time
• framework specific
• Joda-Time
• quality

assertThatThrownBy won't use description if the code doesn't throw

• error
• java
• AssertJ
• framework specific
• quality

Avoid throwing a UsernameNotFoundException as it could lead to username enumeration

• warning
• java
• Spring
• security
• framework specific
• web
• Spring Security
• OWASP Top 10

Prevent enumeration by not throwing an exception that reveals the existence of the username

• warning
• java
• Spring
• security
• framework specific
• web
• Spring Security
• OWASP Top 10

AWS can automatically detect the region from the environment

• marked_information
• java
• framework specific
• AWS
• quality

Secrets should not be stored in code

• error
• java
• security
• framework specific
• AWS

Using passwordencoders in combination with hardcoded secrets is security sensitive

• error
• java
• Spring
• security
• framework specific
• Spring Security

Using the Encryptors class in combination with hardcoded secrets is security sensitive

• error
• java
• Spring
• security
• framework specific
• Spring Security

Map to one HTTP request method for best practices

• info
• java
• Spring
• framework specific
• web
• Spring Web
• quality

Century of Era is not supported in java.time

• warning
• java
• java.time
• framework specific
• Joda-Time
• quality

This text will be shown as a tooltip when code violates this recipe

• error
• java
• security
• framework specific
• mobile
• Android

Do not use the createPackageContext to dynamically load code

• warning
• java
• security
• framework specific
• mobile
• Android