org.sonar.plugins.findbugs.profile-findbugs-security-minimal.xml Maven / Gradle / Ivy

Go to download
Show more of this group Show more artifacts with this name
Show all versions of sonar-findbugs-plugin Show documentation
SpotBugs is a program that uses static analysis to look for bugs in Java code. It can detect a variety of common coding mistakes, including thread synchronization problems, misuse of API methods.
There is a newer version: 4.3.0
Show newest version
<FindBugsFilter><!-- This file is auto-generated. -->
  <Match>
    <Bug pattern='PREDICTABLE_RANDOM' />
  </Match>
  <Match>
    <Bug pattern='PATH_TRAVERSAL_IN' />
  </Match>
  <Match>
    <Bug pattern='PATH_TRAVERSAL_OUT' />
  </Match>
  <Match>
    <Bug pattern='COMMAND_INJECTION' />
  </Match>
  <Match>
    <Bug pattern='WEAK_TRUST_MANAGER' />
  </Match>
  <Match>
    <Bug pattern='WEAK_HOSTNAME_VERIFIER' />
  </Match>
  <Match>
    <Bug pattern='WEAK_MESSAGE_DIGEST_MD5' />
  </Match>
  <Match>
    <Bug pattern='WEAK_MESSAGE_DIGEST_SHA1' />
  </Match>
  <Match>
    <Bug pattern='DEFAULT_HTTP_CLIENT' />
  </Match>
  <Match>
    <Bug pattern='SSL_CONTEXT' />
  </Match>
  <Match>
    <Bug pattern='CUSTOM_MESSAGE_DIGEST' />
  </Match>
  <Match>
    <Bug pattern='REDOS' />
  </Match>
  <Match>
    <Bug pattern='XXE_XMLSTREAMREADER' />
  </Match>
  <Match>
    <Bug pattern='XXE_XPATH' />
  </Match>
  <Match>
    <Bug pattern='XXE_SAXPARSER' />
  </Match>
  <Match>
    <Bug pattern='XXE_XMLREADER' />
  </Match>
  <Match>
    <Bug pattern='XXE_DOCUMENT' />
  </Match>
  <Match>
    <Bug pattern='XXE_DTD_TRANSFORM_FACTORY' />
  </Match>
  <Match>
    <Bug pattern='XXE_XSLT_TRANSFORM_FACTORY' />
  </Match>
  <Match>
    <Bug pattern='XPATH_INJECTION' />
  </Match>
  <Match>
    <Bug pattern='SPRING_CSRF_PROTECTION_DISABLED' />
  </Match>
  <Match>
    <Bug pattern='SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING' />
  </Match>
  <Match>
    <Bug pattern='SQL_INJECTION' />
  </Match>
  <Match>
    <Bug pattern='SQL_INJECTION_TURBINE' />
  </Match>
  <Match>
    <Bug pattern='SQL_INJECTION_HIBERNATE' />
  </Match>
  <Match>
    <Bug pattern='SQL_INJECTION_JDO' />
  </Match>
  <Match>
    <Bug pattern='SQL_INJECTION_JPA' />
  </Match>
  <Match>
    <Bug pattern='SQL_INJECTION_SPRING_JDBC' />
  </Match>
  <Match>
    <Bug pattern='SQL_INJECTION_JDBC' />
  </Match>
  <Match>
    <Bug pattern='SQL_INJECTION_VERTX' />
  </Match>
  <Match>
    <Bug pattern='SQL_INJECTION_ANDROID' />
  </Match>
  <Match>
    <Bug pattern='LDAP_INJECTION' />
  </Match>
  <Match>
    <Bug pattern='SCRIPT_ENGINE_INJECTION' />
  </Match>
  <Match>
    <Bug pattern='SPEL_INJECTION' />
  </Match>
  <Match>
    <Bug pattern='EL_INJECTION' />
  </Match>
  <Match>
    <Bug pattern='SEAM_LOG_INJECTION' />
  </Match>
  <Match>
    <Bug pattern='OGNL_INJECTION' />
  </Match>
  <Match>
    <Bug pattern='GROOVY_SHELL' />
  </Match>
  <Match>
    <Bug pattern='BAD_HEXA_CONVERSION' />
  </Match>
  <Match>
    <Bug pattern='HAZELCAST_SYMMETRIC_ENCRYPTION' />
  </Match>
  <Match>
    <Bug pattern='NULL_CIPHER' />
  </Match>
  <Match>
    <Bug pattern='UNENCRYPTED_SOCKET' />
  </Match>
  <Match>
    <Bug pattern='UNENCRYPTED_SERVER_SOCKET' />
  </Match>
  <Match>
    <Bug pattern='DES_USAGE' />
  </Match>
  <Match>
    <Bug pattern='TDES_USAGE' />
  </Match>
  <Match>
    <Bug pattern='RSA_NO_PADDING' />
  </Match>
  <Match>
    <Bug pattern='HARD_CODE_PASSWORD' />
  </Match>
  <Match>
    <Bug pattern='HARD_CODE_KEY' />
  </Match>
  <Match>
    <Bug pattern='UNSAFE_HASH_EQUALS' />
  </Match>
  <Match>
    <Bug pattern='XSS_REQUEST_WRAPPER' />
  </Match>
  <Match>
    <Bug pattern='BLOWFISH_KEY_SIZE' />
  </Match>
  <Match>
    <Bug pattern='RSA_KEY_SIZE' />
  </Match>
  <Match>
    <Bug pattern='UNVALIDATED_REDIRECT' />
  </Match>
  <Match>
    <Bug pattern='PLAY_UNVALIDATED_REDIRECT' />
  </Match>
  <Match>
    <Bug pattern='SPRING_UNVALIDATED_REDIRECT' />
  </Match>
  <Match>
    <Bug pattern='ENTITY_LEAK' />
  </Match>
  <Match>
    <Bug pattern='ENTITY_MASS_ASSIGNMENT' />
  </Match>
  <Match>
    <Bug pattern='XSS_SERVLET' />
  </Match>
  <Match>
    <Bug pattern='XML_DECODER' />
  </Match>
  <Match>
    <Bug pattern='STATIC_IV' />
  </Match>
  <Match>
    <Bug pattern='ECB_MODE' />
  </Match>
  <Match>
    <Bug pattern='PADDING_ORACLE' />
  </Match>
  <Match>
    <Bug pattern='CIPHER_INTEGRITY' />
  </Match>
  <Match>
    <Bug pattern='ANDROID_EXTERNAL_FILE_ACCESS' />
  </Match>
  <Match>
    <Bug pattern='ANDROID_WORLD_WRITABLE' />
  </Match>
  <Match>
    <Bug pattern='INSECURE_COOKIE' />
  </Match>
  <Match>
    <Bug pattern='HTTPONLY_COOKIE' />
  </Match>
  <Match>
    <Bug pattern='OBJECT_DESERIALIZATION' />
  </Match>
  <Match>
    <Bug pattern='JACKSON_UNSAFE_DESERIALIZATION' />
  </Match>
  <Match>
    <Bug pattern='TRUST_BOUNDARY_VIOLATION' />
  </Match>
  <Match>
    <Bug pattern='MALICIOUS_XSLT' />
  </Match>
  <Match>
    <Bug pattern='URLCONNECTION_SSRF_FD' />
  </Match>
  <Match>
    <Bug pattern='TEMPLATE_INJECTION_VELOCITY' />
  </Match>
  <Match>
    <Bug pattern='TEMPLATE_INJECTION_FREEMARKER' />
  </Match>
  <Match>
    <Bug pattern='TEMPLATE_INJECTION_PEBBLE' />
  </Match>
  <Match>
    <Bug pattern='PERMISSIVE_CORS' />
  </Match>
  <Match>
    <Bug pattern='LDAP_ANONYMOUS' />
  </Match>
  <Match>
    <Bug pattern='LDAP_ENTRY_POISONING' />
  </Match>
  <Match>
    <Bug pattern='COOKIE_PERSISTENT' />
  </Match>
  <Match>
    <Bug pattern='URL_REWRITING' />
  </Match>
  <Match>
    <Bug pattern='INSECURE_SMTP_SSL' />
  </Match>
  <Match>
    <Bug pattern='AWS_QUERY_INJECTION' />
  </Match>
  <Match>
    <Bug pattern='BEAN_PROPERTY_INJECTION' />
  </Match>
  <Match>
    <Bug pattern='STRUTS_FILE_DISCLOSURE' />
  </Match>
  <Match>
    <Bug pattern='SPRING_FILE_DISCLOSURE' />
  </Match>
  <Match>
    <Bug pattern='REQUESTDISPATCHER_FILE_DISCLOSURE' />
  </Match>
  <Match>
    <Bug pattern='HTTP_PARAMETER_POLLUTION' />
  </Match>
  <Match>
    <Bug pattern='SMTP_HEADER_INJECTION' />
  </Match>
  <Match>
    <Bug pattern='RPC_ENABLED_EXTENSIONS' />
  </Match>
  <Match>
    <Bug pattern='WICKET_XSS1' />
  </Match>
  <Match>
    <Bug pattern='SAML_IGNORE_COMMENTS' />
  </Match>
  <Match>
    <Bug pattern='OVERLY_PERMISSIVE_FILE_PERMISSION' />
  </Match>
  <Match>
    <Bug pattern='IMPROPER_UNICODE' />
  </Match>
  <Match>
    <Bug pattern='MODIFICATION_AFTER_VALIDATION' />
  </Match>
  <Match>
    <Bug pattern='NORMALIZATION_AFTER_VALIDATION' />
  </Match>
  <Match>
    <Bug pattern='DANGEROUS_PERMISSION_COMBINATION' />
  </Match>
  <Match>
    <Bug pattern='XSS_REQUEST_PARAMETER_TO_SEND_ERROR' />
  </Match>
  <Match>
    <Bug pattern='XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER' />
  </Match>
  <Match>
    <Bug pattern='HRS_REQUEST_PARAMETER_TO_HTTP_HEADER' />
  </Match>
  <Match>
    <Bug pattern='HRS_REQUEST_PARAMETER_TO_COOKIE' />
  </Match>
  <Match>
    <Bug pattern='DMI_CONSTANT_DB_PASSWORD' />
  </Match>
  <Match>
    <Bug pattern='DMI_EMPTY_DB_PASSWORD' />
  </Match>
  <Match>
    <Bug pattern='SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE' />
  </Match>
  <Match>
    <Bug pattern='SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING' />
  </Match>
</FindBugsFilter>