CodeGuru
Detector Library
Kotlin detectors (23/23)
Insecure cookieCookie Without Http Only FlagImproper AuthenticationCryptographic key generatorWeak pseudorandom number generationPath traversalCross-site scriptingReusing Nonce and key in encryptionCode InjectionServer-side request forgeryCross-site request forgeryLog injectionHardcoded credentialsEnabling and overriding debug featureNull Pointer DereferenceInsecure hashingMissing encryption of sensitive dataImproper verification of IntentInsecure connection using unencrypted protocolOS Command InjectionInsecure Bean ValidationSQL injectionIncorrect Type Conversion
Kotlin detectors
Showing all detectors for the Kotlin language.
Browse all detectors
Insecure cookie
Insecure cookies can lead to unencrypted transmission of sensitive data.
Cookie Without Http Only Flag
Sensitive cookie without 'HttpOnly' flag
Improper Authentication
Improper authentication from insufficient identity verification.
Cryptographic key generator
Insufficient key sizes can lead to brute force attacks.
Weak pseudorandom number generation
Insufficiently random generators (or hardcoded seeds) can make pseudorandom sequences predictable.
Path traversal
Creating file paths from untrusted input might give a malicious actor access to sensitive files.
Cross-site scripting
Relying on potentially untrusted user inputs when constructing web application outputs can lead to cross-site scripting vulnerabilities.
Reusing Nonce and key in encryption
GCM Cipher with reused initialization vector is detected.
Code Injection
Code injection occurs when an application executes untrusted code from an attacker.
Server-side request forgery
Server-side request forgery (SSRF) is a vulnerability that allows an attacker to manipulate a web application to make unintended requests from the server.
Cross-site request forgery
Insecure configuration can lead to a cross-site request forgery (CSRF) vulnerability.
Log injection
Using untrusted inputs in a log statement can enable attackers to break the log's format, forge log entries, and bypass log monitors.
Hardcoded credentials
Hardcoded credentials can be intercepted by malicious actors.
Enabling and overriding debug feature
The Debug feature should not be enabled or overridden.
Null Pointer Dereference
Dereferencing a null pointer can lead to unexpected null pointer exceptions.
Insecure hashing
Obsolete, broken, or weak hashing algorithms can lead to security vulnerabilities.
Missing encryption of sensitive data
The product does not encrypt sensitive or critical information before storage or transmission.
Improper verification of Intent
Intent receiver method is registered without specifying any broadcast permission.
Insecure connection using unencrypted protocol
Connections that use insecure protocols transmit data in cleartext, which can leak sensitive information.
OS Command Injection
Possible unintended system commands could be executed through user input.
Insecure Bean Validation
Passing user-controlled input directly to bean validation APIs can lead to code injection attacks.
SQL injection
Use of untrusted inputs in SQL database query can enable attackers to read, modify, or delete sensitive data in the database
Incorrect Type Conversion
Failure to properly transform an object, resource, or structure from one type to a safer one.