Medium
Showing all detectors for the Java language with medium severity.
Setting withCallProcessRecordsEvenForEmptyRecordList
to TRUE
during Kinesis Client Library (KCL) initialization will treat empty records differently.
Do not use API that requests system permission directly. Please onboard mShop Permission Service first.
Missing check on the value returned by moveToFirst API can cause your application to crash.
Deserializing objects from relational databases should allocate a 64-bit, not 32-bit, type for the auto-incremented identifier.
Custom manual retries of calls to AWS SDK APIs are inefficient.
This code uses deprecated methods, which suggests that it has not been recently reviewed or maintained.
Reuse AWS clients in Lambda.
Encryption that is dependent on conditional logic, such as an if...then
clause, might cause unencrypted sensitive data to be stored.
Recreating AWS clients in each Lambda function invocation is expensive.
Enable long polling for efficiency.
Insecure ways of creating temporary files and directories can lead to race conditions, privilege escalation, and other security vulnerabilities.
Improper use of locks in a multi-threaded program can lead to deadlock and cause the program to be unresponsive.
Specify the length of the input byte array when creating a JSON
parser to avoid a deserialization problem.
Always call super.finalize
explicitly.
Allocated resources are not released properly.
An outdated or bad parameters were detected in calls to some AWS API methods.
Getting a substring outside the range of a string can cause an index-out-of-bounds exception.
Uploading objects to Amazon S3 by using streams (either through an AmazonS3 client or TransferManager
) might encounter network connectivity or timeout issues.
Obsolete, broken, or weak hashing algorithms can lead to security vulnerabilities.
Outputs of AWS DynamoDB's GetItem
method are not null checked.
Public method parameters should be validated for nullness, unexpected values, and malicious values.
Improper use of thread-unsafe classes in multi-threaded programs can cause the programs to be unstable.
When a variable is assigned a value after checking if it's not null
(for example, x != null
insead of x == null
), it might be inadvertently overwritten.
Improper filtering of Amazon Machine Images (AMIs) can result in loading an untrusted image, a potential security vulnerability.
When re-throwing an exception, make sure to include the stack trace.
Using less than 1,000 PBEKeySpec iterations is insecure.
Dereferencing a null pointer can lead to unexpected null pointer exceptions.
Performance of this code can be enhanced by using alternative APIs.
Code uses older Android features.
It's not good practice to catch an exception and then re-throw or log it.
Using Stream::min
or Stream::max
is more efficient than sorting and getting the first element in a stream.
Use numeric types that are large enough to hold the result of arithmetic operations.
Use equals()
, not ==
, when checking if two strings are equal.
The chain of API calls can be replaced with a single, more efficient API call.
Improper use of locals prevent internationalization.
Similar code fragments were detected in the same file.
Additional results are not checked for a paginated API call. This might produce inaccurate results.
Call ShutdownNow
when you use TransferManager
to manage transfers to Amazon S3.
Using a SimpleDateFormat
object without setting its timezone can result in unexpected date and time.
Classes with low class cohesion contain unrelated operations which make them difficult to understand and less likely to be used.
Use loop control flow to ensure that loops are exited, even if exceptional behaviors are encountered.
Cross-Origin Resource Sharing policies that are too permissive may lead to security vulnerabilities.
Unhandled failures of deleting files can exhaust file handles.
Not checking which items have failed can lead to loss of data.