Explore
1-22 of 22
Collections: Do not expose internal Lists
Do not expose an internal List as it is mutable. Return a copy or immutable view.
- marked_information
- java
- security
- Java basic
- quality
Collections: Do not expose internal Sets
Do not expose an internal Set as it is mutable. Return a copy or immutable view.
- marked_information
- java
- security
- Java basic
- quality
Command Injection: Untrusted data in ProcessBuilder command
This call to ProcessBuilder#command contains untrusted input. Consider sanitizing the untrusted input.
- error
- java
- security
- Java basic
- injection
Command Injection: Untrusted data in ProcessBuilder command - Add
This call to ProcessBuilder#command contains untrusted input. Consider sanitizing the untrusted input.
- error
- java
- security
- Java basic
- injection
Create private constructor for utility class (all fields/methods are static)
This utility class only contains static fields and methods. Consider protecting against accidental instantiation.
- info
- java
- Java basic
- quality
Do not compare classes/types by their name
Comparing the class names is less robust than comparing the actual classes
- warning
- java
- Java basic
- SEI CERT
- quality
- security
Do not compare classes/types by their name (literal)
Comparing the class names is less robust than comparing the actual classes
- warning
- java
- Java basic
- SEI CERT
- quality
- security
Do not compare classes/types by their name (literal inverted)
Comparing the class names is less robust than comparing the actual classes
- warning
- java
- Java basic
- SEI CERT
- quality
- security
Do not expose internal array
Do not expose an internal array as it is mutable
- warning
- java
- security
- Java basic
- quality
Exception: Created but not thrown
Exceptions should be thrown, not just created
- warning
- java
- Java basic
- quality
Incorrect equality check of wrapper values (equals)
Use equals method to compare wrapped values
- error
- java
- Java basic
- quality
- SEI CERT
Incorrect equality check of wrapper values (not equals)
Use equals method to compare wrapped values
- error
- java
- Java basic
- quality
- SEI CERT
Incorrect use of Objects.equals
Comparing a non-unboxable object and a primitive will always return false
- warning
- java
- Java basic
- quality
Invalid comparison of String to number primitive
This comparison of a String to a number will always return false
- error
- java
- Java basic
- quality
Invalid comparison of String to number wrapper
This comparison of a String to a number will always return false
- error
- java
- Java basic
- quality
Portability Flaw: Avoid locale dependent comparisons: equals after case conversion
This comparison is sensitive to the system's locale. Ignore the case or add a locale.
- warning
- java
- security
- Java basic
- quality
- SEI CERT
Regex Injection
Use Pattern#quote to include untrusted input in regexes.
- error
- java
- security
- SEI CERT
- Java basic
- injection
- OWASP Top 10
String.format return value being ignored
A call to String.format is being made without the return value being used
- warning
- java
- Java basic
- quality
Strings: Regex Use: Escape Regex Special Character for Any Char Matching
First argument is a regular expression, matching with dot might have unintended behaviour.
- error
- java
- security
- Java basic
URLClassloader: Call super when overriding getPermissions
Custom permissions should be based on those of the super class using super.getPermissions
- warning
- java
- security
- Java basic
- SEI CERT
Validate Zip Entries
Ensure the zip entry is validated for nesting depth and size
- warning
- java
- security
- Java basic