Showing all detectors for the Java language.
Browse by tags
Browse all detectors by tags.
Browse by severity
Browse all detectors by severity.
Browse by category
Browse all detectors by category.
Browse all detectors
Relying on potentially untrusted user inputs when constructing web application outputs can lead to cross-site scripting vulnerabilities.
Unauthenticated LDAP requests can allow untrusted access to LDAP servers.
==, when checking if two strings are equal.
Calls to mutually exclusive methods were found in the code.
If a method that uses an input parameter to update an output value throws an exception, then the output value is not updated.
The chain of API calls can be replaced with a single, more efficient API call.
Outputs of AWS DynamoDB's
GetItem method are not null checked.
Constructing operating system or shell commands with unsanitized user input can lead to inadvertently running malicious code.
Atomicity violations caused by improper usage of
ConcurrentLinkedQueue can result in crashses or incorrect program results.
Blocking calls in a user interface thread can lead to the application becoming unresponsive.
Using untrusted inputs in a log statement can enable attackers to break the log's format, forge log entries, and bypass log monitors.
Sensitive information should not be exposed through log files or stack traces.
Mandatory methods must be called after object creation.
Catching generic exceptions might hide issues when specific exceptions are thrown.
TRUE during Kinesis Client Library (KCL) initialization will treat empty records differently.
Similar code fragments were detected in the same file.
Use loop control flow to ensure that loops are exited, even if exceptional behaviors are encountered.
Improper use of locks in a multi-threaded program can lead to deadlock and cause the program to be unresponsive.
Encryption that is dependent on conditional logic, such as an
if...then clause, might cause unencrypted sensitive data to be stored.
Use of untrusted inputs in SQL database query can enable attackers to read, modify, or delete sensitive data in the database
Creating file paths from untrusted input might give a malicious actor access to sensitive files.
Improper filtering of Amazon Machine Images (AMIs) can result in loading an untrusted image, a potential security vulnerability.
Overriding environment variables that are reserved by AWS Lambda might lead to unexpected behavior.
Specify the length of the input byte array when creating a
JSON parser to avoid a deserialization problem.
Batch operations are more efficient than looping to process several items at the same time.
Synchronous publication of AWS Lambda metrics is inefficient.
Manually performing an object existence check is inefficient when a built-in operation is available.
Comment parsing for OpenSAML2 might enable an attacker to bypass authentication.
APIs that are not recommended were found.
Weak obfuscation while configuring a web request
Improper use of thread-unsafe classes in multi-threaded programs can cause the programs to be unstable.
Hardcoded credentials can be intercepted by malicious actors.
When a variable is assigned a value after checking if it's not
null (for example,
x != null insead of
x == null), it might be inadvertently overwritten.
Insecure configuration can lead to a cross-site request forgery (CRSF) vulnerability.
User metadata keys are case insensitive and are returned as lowercase strings, even if they were originally specified with uppercase strings.
Failure to specify a content length causes the contents of the input stream to buffer locally in memory in order to calculate its length. This can result in performance problems.
Credentials that are stored in clear text can be intercepted by a malicious actor.
Security decisions should not depend on branching that can be influenced by untrusted or client-provided data.
Insecure cookies can lead to unencrypted transmission of sensitive data.
Synchronized objects should not be re-assigned in the same
synchronized block because the references to the synchronized object would be lost.
ShutdownNow when you use
TransferManager to manage transfers to Amazon S3.
Session fixation might allow an attacker to steal authenticated session IDs.
Deserialization of untrusted objects can lead to security vulnerabilities such as inadvertently running remote code.
When re-throwing an exception, make sure to include the stack trace.
A thread safety violation might indicate a data race which can put the system into an inconsistent state.
Potentially unsanitized user input in XPath queries can allow an attacker to control the query in unwanted or insecure ways.
Weak, broken, or misconfigured cryptography can lead to security vulnerabilities.
Allocated resources are not released properly.
Set an explicit AWS Region to avoid cold start delays in AWS client initialization.
SimpleDateFormat object without setting its timezone can result in unexpected date and time.
Deserializing objects from relational databases should allocate a 64-bit, not 32-bit, type for the auto-incremented identifier.
Insufficiently random generators (or hardcoded seeds) can make pseudorandom sequences predictable.
Cross-Origin Resource Sharing policies that are too permissive may lead to security vulnerabilities.
Provide the full URL for the Amazon SQS queue.
Custom manual retries of calls to AWS SDK APIs are inefficient.
Some files contain syntax errors.
Objects that parse or handle XML can lead to XML External Entity (XXE) attacks when misconfigured.
Client constructors are now deprecated in favor of using builders to create the client.
When you change Amazon SQS message visibility, check for
Unhandled failures of deleting files can exhaust file handles.
Accessing the cache response metadata without performing a
null check might cause a null dereference error.
The AWS Labs Transactions Library is a client-side solution and less efficient compared to DynamoDB native transactions.
Recreating AWS clients in each Lambda function invocation is expensive.
Connections that use insecure protocols transmit data in cleartext, which can leak sensitive information.
An outdated or bad parameters were detected in calls to some AWS API methods.
Getting a substring outside the range of a string can cause an index-out-of-bounds exception.
Encryption can be improved by using Additional authenticated data (AAD).
Client-side decryption followed by reencryption is inefficient and can lead to sensitive data leaks.
Check if errors are returned by
LDAP queries that rely on potentially untrusted inputs can allow attackers to read or modify sensitive data, run code, and perform other unwanted actions.
Scripts generated from unsanitized inputs can lead to malicious behavior and inadvertently running code remotely.
Stream::max is more efficient than sorting and getting the first element in a stream.
Check the return value of AWS batch APIs for failures to identify data loss.
Enable long polling for efficiency.
Stream::anyMatch is more readable and convenient than using a chain of
Weak file permissions can lead to privilege escalation.
To minimize the risk of error, use an enum instead of a string to specify an AWS Region.
Uploading objects to Amazon S3 by using streams (either through an AmazonS3 client or
TransferManager) might encounter network connectivity or timeout issues.
Insecure ways of creating temporary files and directories can lead to race conditions, privilege escalation, and other security vulnerabilities.
Improper use of locks can lead to deadlocks and the application becoming unresponsive.
This code uses deprecated methods, which suggests that it has not been recently reviewed or maintained.
Manually creating text-based IAM policies is error-prone.
S3Objects.withPrefix() instead of manually paginating results.
Passing data from an untrusted source into a cookie or web response might expose the user to HTTP response splitting attacks.
ConcurrentLinkedQueue can reduce program performance.
Maintain your code's backward compatibility by checking the status code instead of parsing the error message.
Map entries is more efficient than iterating on the keys and asking for their respective values.
Not setting the S3 bucket owner condition might introduce a risk of accidentally using a wrong bucket.
Dereferencing a null pointer can lead to unexpected null pointer exceptions.
Format strings appropriately for their argument types. For example, use
%s, for integers.