Showing all detectors for the Java language with medium severity.

Process empty record list in Amazon KCL

Setting withCallProcessRecordsEvenForEmptyRecordList to TRUE during Kinesis Client Library (KCL) initialization will treat empty records differently.

Device Permission Usage.

Do not use API that requests system permission directly. Please onboard mShop Permission Service first.

Missing check on the value returned by moveToFirst API

Missing check on the value returned by moveToFirst API can cause your application to crash.

Overflow when deserializing relational database objects

Deserializing objects from relational databases should allocate a 64-bit, not 32-bit, type for the auto-incremented identifier.

Custom manual retries of AWS SDK calls

Custom manual retries of calls to AWS SDK APIs are inefficient.

Use of a deprecated method

This code uses deprecated methods, which suggests that it has not been recently reviewed or maintained.

AWS Lambda client not reused

Reuse AWS clients in Lambda.

Sensitive data stored unencrypted due to partial encryption

Encryption that is dependent on conditional logic, such as an if...then clause, might cause unencrypted sensitive data to be stored.

AWS client not reused in a Lambda function

Recreating AWS clients in each Lambda function invocation is expensive.

Long polling is not enabled in Amazon SQS

Enable long polling for efficiency.

Insecure temporary file or directory

Insecure ways of creating temporary files and directories can lead to race conditions, privilege escalation, and other security vulnerabilities.

Concurrency deadlock

Improper use of locks in a multi-threaded program can lead to deadlock and cause the program to be unresponsive.

Missing byte array length of JSON parser

Specify the length of the input byte array when creating a JSON parser to avoid a deserialization problem.

Not calling finalize causes skipped cleanup steps

Always call super.finalize explicitly.

Resource leak

Allocated resources are not released properly.

Bad parameters used with AWS API methods

An outdated or bad parameters were detected in calls to some AWS API methods.

Missing position check before getting substring

Getting a substring outside the range of a string can cause an index-out-of-bounds exception.

Avoid reset exception in Amazon S3

Uploading objects to Amazon S3 by using streams (either through an AmazonS3 client or TransferManager) might encounter network connectivity or timeout issues.

Insecure hashing

Obsolete, broken, or weak hashing algorithms can lead to security vulnerabilities.

AWS DynamoDB getItem output is not null checked

Outputs of AWS DynamoDB's GetItem method are not null checked.

Improper use of classes that aren't thread-safe

Improper use of thread-unsafe classes in multi-threaded programs can cause the programs to be unstable.

Incorrect null check before setting a value

When a variable is assigned a value after checking if it's not null (for example, x != null insead of x == null), it might be inadvertently overwritten.

Untrusted AMI images

Improper filtering of Amazon Machine Images (AMIs) can result in loading an untrusted image, a potential security vulnerability.

Stack trace not included in re-thrown exception

When re-throwing an exception, make sure to include the stack trace.

Insufficient number of PBEKeySpec iterations

Using less than 1,000 PBEKeySpec iterations is insecure.

Use of inefficient APIs

Performance of this code can be enhanced by using alternative APIs.

Low maintainability with old Android features

Code uses older Android features.

Catching and not re-throwing or logging exceptions

It's not good practice to catch an exception and then re-throw or log it.

Inefficient use of stream sorting

Using Stream::min or Stream::max is more efficient than sorting and getting the first element in a stream.

Arithmetic overflow or underflow

Use numeric types that are large enough to hold the result of arithmetic operations.

Incorrect string equality operator

Use equals(), not ==, when checking if two strings are equal.

Inefficient chain of AWS API calls

The chain of API calls can be replaced with a single, more efficient API call.


Improper use of locals prevent internationalization.

Code clone

Similar code fragments were detected in the same file.

Missing pagination

Additional results are not checked for a paginated API call. This might produce inaccurate results.

Resources used by an Amazon S3 TransferManager are not released

Call ShutdownNow when you use TransferManager to manage transfers to Amazon S3.

Missing timezone of SimpleDateFormat

Using a SimpleDateFormat object without setting its timezone can result in unexpected date and time.

Low maintainability with low class cohesion

Classes with low class cohesion contain unrelated operations which make them difficult to understand and less likely to be used.

Infinite loop

Use loop control flow to ensure that loops are exited, even if exceptional behaviors are encountered.

Insecure CORS policy

Cross-Origin Resource Sharing policies that are too permissive may lead to security vulnerabilities.

Missing handling of file deletion result

Unhandled failures of deleting files can exhaust file handles.

Batch request with unchecked failures

Not checking which items have failed can lead to loss of data.