org.sonar.plugins.findbugs.profile-findbugs-security-audit.xml Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of sonar-findbugs-plugin Show documentation
Show all versions of sonar-findbugs-plugin Show documentation
FindBugs is a program that uses static analysis to look for bugs in Java code. It can detect a variety of common coding mistakes, including thread synchronization problems, misuse of API methods.
The newest version!
<FindBugsFilter><!-- This file is auto-generated. -->
<Match>
<Bug pattern='PREDICTABLE_RANDOM' />
</Match>
<Match>
<Bug pattern='SERVLET_PARAMETER' />
</Match>
<Match>
<Bug pattern='SERVLET_CONTENT_TYPE' />
</Match>
<Match>
<Bug pattern='SERVLET_SERVER_NAME' />
</Match>
<Match>
<Bug pattern='SERVLET_SESSION_ID' />
</Match>
<Match>
<Bug pattern='SERVLET_QUERY_STRING' />
</Match>
<Match>
<Bug pattern='SERVLET_HEADER' />
</Match>
<Match>
<Bug pattern='SERVLET_HEADER_REFERER' />
</Match>
<Match>
<Bug pattern='SERVLET_HEADER_USER_AGENT' />
</Match>
<Match>
<Bug pattern='COOKIE_USAGE' />
</Match>
<Match>
<Bug pattern='PATH_TRAVERSAL_IN' />
</Match>
<Match>
<Bug pattern='PATH_TRAVERSAL_OUT' />
</Match>
<Match>
<Bug pattern='COMMAND_INJECTION' />
</Match>
<Match>
<Bug pattern='WEAK_FILENAMEUTILS' />
</Match>
<Match>
<Bug pattern='WEAK_TRUST_MANAGER' />
</Match>
<Match>
<Bug pattern='JAXWS_ENDPOINT' />
</Match>
<Match>
<Bug pattern='JAXRS_ENDPOINT' />
</Match>
<Match>
<Bug pattern='TAPESTRY_ENDPOINT' />
</Match>
<Match>
<Bug pattern='WICKET_ENDPOINT' />
</Match>
<Match>
<Bug pattern='WEAK_MESSAGE_DIGEST' />
</Match>
<Match>
<Bug pattern='CUSTOM_MESSAGE_DIGEST' />
</Match>
<Match>
<Bug pattern='FILE_UPLOAD_FILENAME' />
</Match>
<Match>
<Bug pattern='REDOS' />
</Match>
<Match>
<Bug pattern='XXE_SAXPARSER' />
</Match>
<Match>
<Bug pattern='XXE_XMLREADER' />
</Match>
<Match>
<Bug pattern='XXE_DOCUMENT' />
</Match>
<Match>
<Bug pattern='XPATH_INJECTION' />
</Match>
<Match>
<Bug pattern='STRUTS1_ENDPOINT' />
</Match>
<Match>
<Bug pattern='STRUTS2_ENDPOINT' />
</Match>
<Match>
<Bug pattern='SPRING_ENDPOINT' />
</Match>
<Match>
<Bug pattern='SQL_INJECTION_HIBERNATE' />
</Match>
<Match>
<Bug pattern='SQL_INJECTION_JDO' />
</Match>
<Match>
<Bug pattern='SQL_INJECTION_JPA' />
</Match>
<Match>
<Bug pattern='LDAP_INJECTION' />
</Match>
<Match>
<Bug pattern='SCRIPT_ENGINE_INJECTION' />
</Match>
<Match>
<Bug pattern='SPEL_INJECTION' />
</Match>
<Match>
<Bug pattern='BAD_HEXA_CONVERSION' />
</Match>
<Match>
<Bug pattern='HAZELCAST_SYMMETRIC_ENCRYPTION' />
</Match>
<Match>
<Bug pattern='NULL_CIPHER' />
</Match>
<Match>
<Bug pattern='UNENCRYPTED_SOCKET' />
</Match>
<Match>
<Bug pattern='DES_USAGE' />
</Match>
<Match>
<Bug pattern='RSA_NO_PADDING' />
</Match>
<Match>
<Bug pattern='HARD_CODE_PASSWORD' />
</Match>
<Match>
<Bug pattern='STRUTS_FORM_VALIDATION' />
</Match>
<Match>
<Bug pattern='XSS_REQUEST_WRAPPER' />
</Match>
<Match>
<Bug pattern='BLOWFISH_KEY_SIZE' />
</Match>
<Match>
<Bug pattern='RSA_KEY_SIZE' />
</Match>
<Match>
<Bug pattern='UNVALIDATED_REDIRECT' />
</Match>
<Match>
<Bug pattern='XSS_JSP_PRINT' />
</Match>
<Match>
<Bug pattern='XSS_SERVLET' />
</Match>
<Match>
<Bug pattern='XML_DECODER' />
</Match>
<Match>
<Bug pattern='STATIC_IV' />
</Match>
<Match>
<Bug pattern='ECB_MODE' />
</Match>
<Match>
<Bug pattern='PADDING_ORACLE' />
</Match>
<Match>
<Bug pattern='CIPHER_INTEGRITY' />
</Match>
<Match>
<Bug pattern='ESAPI_ENCRYPTOR' />
</Match>
<Match>
<Bug pattern='XSS_REQUEST_PARAMETER_TO_SEND_ERROR' />
</Match>
<Match>
<Bug pattern='XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER' />
</Match>
<Match>
<Bug pattern='XSS_REQUEST_PARAMETER_TO_JSP_WRITER' />
</Match>
<Match>
<Bug pattern='HRS_REQUEST_PARAMETER_TO_HTTP_HEADER' />
</Match>
<Match>
<Bug pattern='HRS_REQUEST_PARAMETER_TO_COOKIE' />
</Match>
<Match>
<Bug pattern='DMI_CONSTANT_DB_PASSWORD' />
</Match>
<Match>
<Bug pattern='DMI_EMPTY_DB_PASSWORD' />
</Match>
<Match>
<Bug pattern='SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE' />
</Match>
<Match>
<Bug pattern='SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING' />
</Match>
</FindBugsFilter>