Amazon CodeGuru
Detector Library
Sign in to CodeGuru
AWS
Documentation
Amazon CodeGuru
Detector Library
Java
Insufficient number of PBEKeySpec iterations
Feedback
CodeGuru
Detector Library
Java detectors
(132/132)
Reflected cross site scripting
Mandatory method not called after object creation
Process empty record list in Amazon KCL
AWS object presence check
Missing timeout check on CountDownLatch.await
Unspecified default value
Device Permission Usage.
Deserialization of untrusted object
Preserve thread interruption status rule
Missing check on the value returned by moveToFirst API
Missing timeout check on ExecutorService.awaitTermination
Overflow when deserializing relational database objects
Custom manual retries of AWS SDK calls
Missing null check for cache response metadata
Inefficient usage of Transaction library from AWS Labs
Insecure connection using unencrypted protocol
Inefficient additional authenticated data (AAD) authenticity
Use of a deprecated method
Error-prone AWS IAM policy creation
Use of externally-controlled input to build connection string
Inefficient Amazon S3 manual pagination
Mutually exclusive call
AWS Lambda client not reused
Missing check on the result of createNewFile
Sensitive data stored unencrypted due to partial encryption
Missing statement to record cause of InvocationTargetException
Misconfigured Concurrency
Inefficient polling of AWS resource
Improper Initialization
Unexpected re-assignment of synchronized objects
XPath injection
AWS client not reused in a Lambda function
Long polling is not enabled in Amazon SQS
Insecure temporary file or directory
HTTP response splitting
Input and output values become out of sync
Server-side request forgery
Missing Authorization for address id
Do not catch and throw exception
Concurrency deadlock
Not recommended aws credentials classes
Path traversal
Override of reserved variable names in a Lambda function
Missing byte array length of JSON parser
Usage of an API that is not recommended
Hardcoded credentials
Insecure JSON web token (JWT) parsing
Not calling finalize causes skipped cleanup steps
Unchecked S3 object metadata content length
Untrusted data in security decision
Permissive cors configuration rule
Insecure cookie
Resource leak
XML External Entity
Bad parameters used with AWS API methods
Missing position check before getting substring
LDAP injection
Avoid reset exception in Amazon S3
Insecure hashing
Backward compatibility breaks with error message parsing
Inefficient map entry iteration
Missing S3 bucket owner condition
AWS DynamoDB getItem output is not null checked
Invalid public method parameters
Log injection
Sensitive information leak
Usage of multiple date time pattern formatter
Synchronous publication of AWS Lambda metrics
XML External Entity Document Builder Factory
Improper use of classes that aren't thread-safe
Incorrect null check before setting a value
Insufficient use of name in Amazon SQS queue
Missing check on the value returned by ResultSet.next
Insecure TLS version
Unsanitized input is run as code
Use an enum to specify an AWS Region
Improperly formatted string arguments
Improper service shutdown
Unrestricted upload of dangerous file type
Untrusted AMI images
Insecure SAML parser configuration
Cross-site request forgery
Case sensitive keys in S3 object user metadata
Stack trace not included in re-thrown exception
Region specification missing from AWS client initialization
Insufficient number of PBEKeySpec iterations
URL redirection to untrusted site
Use of externally-controlled input to select classes or code
Missing encryption of sensitive data in storage
Ignored output of DynamoDBMapper operations
Null pointer dereference
Cross-site scripting
Unauthenticated LDAP requests
Use of inefficient APIs
Low maintainability with old Android features
Atomicity violation
Missing handling of specifically-thrown exceptions
Weak obfuscation of web request
Clear text credentials
Session fixation
Catching and not re-throwing or logging exceptions
Missing check when launching an Android activity with an implicit intent
Client constructor deprecation
Inefficient use of stream sorting
Arithmetic overflow or underflow
Simplifiable code
Loose file permissions
Manual pagination
Incorrect string equality operator
Inefficient chain of AWS API calls
OS command injection
Internationalization
Code clone
SQL injection
Missing check on method output
Missing pagination
Resources used by an Amazon S3 TransferManager are not released
Insecure cryptography
Missing timezone of SimpleDateFormat
Low maintainability with low class cohesion
Oversynchronization
Infinite loop
Batch operations preferred over looping
Object Input Stream Insecure Deserialization
Weak pseudorandom number generation
Insecure CORS policy
Missing handling of file deletion result
Amazon SQS message visibility changed without a status check
State machine execution ARN is not logged
Client-side KMS reencryption
Use Stream::anyMatch instead of Stream::findFirst or Stream::findAny
Batch request with unchecked failures
Insufficient number of PBEKeySpec iterations
Medium
PBEKeySpec must use at least 1,000 iterations to generate secure random keys.
Detector ID
java/insufficient-pbekeyspec-iterations@v1.0
Category
Security
Common Weakness Enumeration (CWE)
-
Tags
#
cryptography