org.sonar.plugins.findbugs.profile-findbugs-security-audit.xml Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of sonar-findbugs-plugin Show documentation
Show all versions of sonar-findbugs-plugin Show documentation
SpotBugs is a program that uses static analysis to look for bugs in Java code. It can detect a variety of common coding mistakes, including thread synchronization problems, misuse of API methods.
<FindBugsFilter><!-- This file is auto-generated. -->
<Match>
<Bug pattern='PREDICTABLE_RANDOM' />
</Match>
<Match>
<Bug pattern='SERVLET_PARAMETER' />
</Match>
<Match>
<Bug pattern='SERVLET_CONTENT_TYPE' />
</Match>
<Match>
<Bug pattern='SERVLET_SERVER_NAME' />
</Match>
<Match>
<Bug pattern='SERVLET_SESSION_ID' />
</Match>
<Match>
<Bug pattern='SERVLET_QUERY_STRING' />
</Match>
<Match>
<Bug pattern='SERVLET_HEADER' />
</Match>
<Match>
<Bug pattern='SERVLET_HEADER_REFERER' />
</Match>
<Match>
<Bug pattern='SERVLET_HEADER_USER_AGENT' />
</Match>
<Match>
<Bug pattern='COOKIE_USAGE' />
</Match>
<Match>
<Bug pattern='PATH_TRAVERSAL_IN' />
</Match>
<Match>
<Bug pattern='PATH_TRAVERSAL_OUT' />
</Match>
<Match>
<Bug pattern='COMMAND_INJECTION' />
</Match>
<Match>
<Bug pattern='WEAK_FILENAMEUTILS' />
</Match>
<Match>
<Bug pattern='WEAK_TRUST_MANAGER' />
</Match>
<Match>
<Bug pattern='WEAK_HOSTNAME_VERIFIER' />
</Match>
<Match>
<Bug pattern='JAXWS_ENDPOINT' />
</Match>
<Match>
<Bug pattern='JAXRS_ENDPOINT' />
</Match>
<Match>
<Bug pattern='TAPESTRY_ENDPOINT' />
</Match>
<Match>
<Bug pattern='WICKET_ENDPOINT' />
</Match>
<Match>
<Bug pattern='WEAK_MESSAGE_DIGEST_MD5' />
</Match>
<Match>
<Bug pattern='WEAK_MESSAGE_DIGEST_SHA1' />
</Match>
<Match>
<Bug pattern='DEFAULT_HTTP_CLIENT' />
</Match>
<Match>
<Bug pattern='SSL_CONTEXT' />
</Match>
<Match>
<Bug pattern='CUSTOM_MESSAGE_DIGEST' />
</Match>
<Match>
<Bug pattern='FILE_UPLOAD_FILENAME' />
</Match>
<Match>
<Bug pattern='REDOS' />
</Match>
<Match>
<Bug pattern='XXE_XMLSTREAMREADER' />
</Match>
<Match>
<Bug pattern='XXE_XPATH' />
</Match>
<Match>
<Bug pattern='XXE_SAXPARSER' />
</Match>
<Match>
<Bug pattern='XXE_XMLREADER' />
</Match>
<Match>
<Bug pattern='XXE_DOCUMENT' />
</Match>
<Match>
<Bug pattern='XXE_DTD_TRANSFORM_FACTORY' />
</Match>
<Match>
<Bug pattern='XXE_XSLT_TRANSFORM_FACTORY' />
</Match>
<Match>
<Bug pattern='XPATH_INJECTION' />
</Match>
<Match>
<Bug pattern='STRUTS1_ENDPOINT' />
</Match>
<Match>
<Bug pattern='STRUTS2_ENDPOINT' />
</Match>
<Match>
<Bug pattern='SPRING_ENDPOINT' />
</Match>
<Match>
<Bug pattern='SPRING_CSRF_PROTECTION_DISABLED' />
</Match>
<Match>
<Bug pattern='SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING' />
</Match>
<Match>
<Bug pattern='SQL_INJECTION' />
</Match>
<Match>
<Bug pattern='SQL_INJECTION_TURBINE' />
</Match>
<Match>
<Bug pattern='SQL_INJECTION_HIBERNATE' />
</Match>
<Match>
<Bug pattern='SQL_INJECTION_JDO' />
</Match>
<Match>
<Bug pattern='SQL_INJECTION_JPA' />
</Match>
<Match>
<Bug pattern='SQL_INJECTION_SPRING_JDBC' />
</Match>
<Match>
<Bug pattern='SQL_INJECTION_JDBC' />
</Match>
<Match>
<Bug pattern='SQL_INJECTION_VERTX' />
</Match>
<Match>
<Bug pattern='SQL_INJECTION_ANDROID' />
</Match>
<Match>
<Bug pattern='LDAP_INJECTION' />
</Match>
<Match>
<Bug pattern='SCRIPT_ENGINE_INJECTION' />
</Match>
<Match>
<Bug pattern='SPEL_INJECTION' />
</Match>
<Match>
<Bug pattern='EL_INJECTION' />
</Match>
<Match>
<Bug pattern='SEAM_LOG_INJECTION' />
</Match>
<Match>
<Bug pattern='OGNL_INJECTION' />
</Match>
<Match>
<Bug pattern='GROOVY_SHELL' />
</Match>
<Match>
<Bug pattern='HTTP_RESPONSE_SPLITTING' />
</Match>
<Match>
<Bug pattern='CRLF_INJECTION_LOGS' />
</Match>
<Match>
<Bug pattern='EXTERNAL_CONFIG_CONTROL' />
</Match>
<Match>
<Bug pattern='BAD_HEXA_CONVERSION' />
</Match>
<Match>
<Bug pattern='HAZELCAST_SYMMETRIC_ENCRYPTION' />
</Match>
<Match>
<Bug pattern='NULL_CIPHER' />
</Match>
<Match>
<Bug pattern='UNENCRYPTED_SOCKET' />
</Match>
<Match>
<Bug pattern='UNENCRYPTED_SERVER_SOCKET' />
</Match>
<Match>
<Bug pattern='DES_USAGE' />
</Match>
<Match>
<Bug pattern='TDES_USAGE' />
</Match>
<Match>
<Bug pattern='RSA_NO_PADDING' />
</Match>
<Match>
<Bug pattern='HARD_CODE_PASSWORD' />
</Match>
<Match>
<Bug pattern='HARD_CODE_KEY' />
</Match>
<Match>
<Bug pattern='UNSAFE_HASH_EQUALS' />
</Match>
<Match>
<Bug pattern='STRUTS_FORM_VALIDATION' />
</Match>
<Match>
<Bug pattern='XSS_REQUEST_WRAPPER' />
</Match>
<Match>
<Bug pattern='BLOWFISH_KEY_SIZE' />
</Match>
<Match>
<Bug pattern='RSA_KEY_SIZE' />
</Match>
<Match>
<Bug pattern='UNVALIDATED_REDIRECT' />
</Match>
<Match>
<Bug pattern='PLAY_UNVALIDATED_REDIRECT' />
</Match>
<Match>
<Bug pattern='SPRING_UNVALIDATED_REDIRECT' />
</Match>
<Match>
<Bug pattern='ENTITY_LEAK' />
</Match>
<Match>
<Bug pattern='ENTITY_MASS_ASSIGNMENT' />
</Match>
<Match>
<Bug pattern='XSS_SERVLET' />
</Match>
<Match>
<Bug pattern='XML_DECODER' />
</Match>
<Match>
<Bug pattern='STATIC_IV' />
</Match>
<Match>
<Bug pattern='ECB_MODE' />
</Match>
<Match>
<Bug pattern='PADDING_ORACLE' />
</Match>
<Match>
<Bug pattern='CIPHER_INTEGRITY' />
</Match>
<Match>
<Bug pattern='ESAPI_ENCRYPTOR' />
</Match>
<Match>
<Bug pattern='ANDROID_EXTERNAL_FILE_ACCESS' />
</Match>
<Match>
<Bug pattern='ANDROID_BROADCAST' />
</Match>
<Match>
<Bug pattern='ANDROID_WORLD_WRITABLE' />
</Match>
<Match>
<Bug pattern='ANDROID_GEOLOCATION' />
</Match>
<Match>
<Bug pattern='ANDROID_WEB_VIEW_JAVASCRIPT' />
</Match>
<Match>
<Bug pattern='ANDROID_WEB_VIEW_JAVASCRIPT_INTERFACE' />
</Match>
<Match>
<Bug pattern='INSECURE_COOKIE' />
</Match>
<Match>
<Bug pattern='HTTPONLY_COOKIE' />
</Match>
<Match>
<Bug pattern='OBJECT_DESERIALIZATION' />
</Match>
<Match>
<Bug pattern='JACKSON_UNSAFE_DESERIALIZATION' />
</Match>
<Match>
<Bug pattern='DESERIALIZATION_GADGET' />
</Match>
<Match>
<Bug pattern='TRUST_BOUNDARY_VIOLATION' />
</Match>
<Match>
<Bug pattern='MALICIOUS_XSLT' />
</Match>
<Match>
<Bug pattern='URLCONNECTION_SSRF_FD' />
</Match>
<Match>
<Bug pattern='TEMPLATE_INJECTION_VELOCITY' />
</Match>
<Match>
<Bug pattern='TEMPLATE_INJECTION_FREEMARKER' />
</Match>
<Match>
<Bug pattern='TEMPLATE_INJECTION_PEBBLE' />
</Match>
<Match>
<Bug pattern='PERMISSIVE_CORS' />
</Match>
<Match>
<Bug pattern='LDAP_ANONYMOUS' />
</Match>
<Match>
<Bug pattern='LDAP_ENTRY_POISONING' />
</Match>
<Match>
<Bug pattern='COOKIE_PERSISTENT' />
</Match>
<Match>
<Bug pattern='URL_REWRITING' />
</Match>
<Match>
<Bug pattern='INSECURE_SMTP_SSL' />
</Match>
<Match>
<Bug pattern='AWS_QUERY_INJECTION' />
</Match>
<Match>
<Bug pattern='BEAN_PROPERTY_INJECTION' />
</Match>
<Match>
<Bug pattern='STRUTS_FILE_DISCLOSURE' />
</Match>
<Match>
<Bug pattern='SPRING_FILE_DISCLOSURE' />
</Match>
<Match>
<Bug pattern='REQUESTDISPATCHER_FILE_DISCLOSURE' />
</Match>
<Match>
<Bug pattern='FORMAT_STRING_MANIPULATION' />
</Match>
<Match>
<Bug pattern='HTTP_PARAMETER_POLLUTION' />
</Match>
<Match>
<Bug pattern='INFORMATION_EXPOSURE_THROUGH_AN_ERROR_MESSAGE' />
</Match>
<Match>
<Bug pattern='SMTP_HEADER_INJECTION' />
</Match>
<Match>
<Bug pattern='RPC_ENABLED_EXTENSIONS' />
</Match>
<Match>
<Bug pattern='WICKET_XSS1' />
</Match>
<Match>
<Bug pattern='SAML_IGNORE_COMMENTS' />
</Match>
<Match>
<Bug pattern='OVERLY_PERMISSIVE_FILE_PERMISSION' />
</Match>
<Match>
<Bug pattern='IMPROPER_UNICODE' />
</Match>
<Match>
<Bug pattern='MODIFICATION_AFTER_VALIDATION' />
</Match>
<Match>
<Bug pattern='NORMALIZATION_AFTER_VALIDATION' />
</Match>
<Match>
<Bug pattern='DANGEROUS_PERMISSION_COMBINATION' />
</Match>
<Match>
<Bug pattern='XSS_REQUEST_PARAMETER_TO_SEND_ERROR' />
</Match>
<Match>
<Bug pattern='XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER' />
</Match>
<Match>
<Bug pattern='HRS_REQUEST_PARAMETER_TO_HTTP_HEADER' />
</Match>
<Match>
<Bug pattern='HRS_REQUEST_PARAMETER_TO_COOKIE' />
</Match>
<Match>
<Bug pattern='DMI_CONSTANT_DB_PASSWORD' />
</Match>
<Match>
<Bug pattern='DMI_EMPTY_DB_PASSWORD' />
</Match>
<Match>
<Bug pattern='SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE' />
</Match>
<Match>
<Bug pattern='SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING' />
</Match>
</FindBugsFilter> © 2015 - 2025 Weber Informatics LLC | Privacy Policy