JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

CodeSonar® 9.2p0 CONFIDENTIAL CodeSecure Inc
Java

Java Warning Classes

This page lists the built-in Java warning classes for CodeSonar.

Some of these warning classes are additionally available for Kotlin source code (when analyzed with cs-java-scan).

See also C/C++ Warning Classes, C# Warning Classes.

Introduction

The Java warning classes are detected in code analyzed with cs-java-scan.

All of the Java warning classes are supported for Java, and some of them are additionally supported for Kotlin.

Java Java warnings can be issued when you analyze Java components with java-scan.

Important Java Note: CodeSonar projects are built from Java bytecode (.class or archive files). However, CodeSonar will only analyze those parts of the project for which corresponding source code (.java files) is also available, because warning reports are not useful or comprehensible without source information.
Kotlin Java warning classes that are also supported for Kotlin are identified in the tables below. Warnings of these classes can be issued when you analyze Kotlin source code with java-scan.
Note that warnings of these classes are not issued if you only analyze Kotlin code with codesonar kotlin_scan.py and do not invoke cs-java-scan on the Kotlin sources.

Java Versions

The CodeSonar Java analysis is suitable for Java source and binaries targeting the following.

Warning Class Overview

The Java warning classes can be divided into four groups.

The table of Java warning classes that are disabled by default, below, specifies the security/deep/pedantic designation for each warning class.

Configuration Presets

There are several configuration presets that are specific to the Java analysis, as well as a number of presets that apply across all analyzed source languages.

Preset Notes
java_complete Enables all Java warning classes
java_security, java_deep, java_pedantic Enable the security, deep, and pedantic Java warning classes, respectively.
certjava Enable all warning classes associated with rules and recommendations in the SEI CERT Oracle Coding Standard for Java.

Enabled By Default

CodeSonar will perform checks for warnings in these classes by default. If there are classes on this list for which you do not wish to see warnings, use WARNING_FILTER discard rules to instruct CodeSonar accordingly.

日本語クラス名クラス名 ニーモニックEnhanced Kotlin reporting?
== Always Fails Because Types Always Different (Java) == Always Fails Because Types Always Different (Java) JAVA.REDUNDANT.EQF.TYPE no
Abs on random (Java) Abs on random (Java) JAVA.MATH.ABSRAND no
Accessing File in Permissive Mode (Java) Accessing File in Permissive Mode (Java) JAVA.IO.PERM.ACCESS no
Ambiguous Call from Inner Class (Java) Ambiguous Call from Inner Class (Java) JAVA.CLASS.ACIC no
Android Leak (Java) Android Leak (Java) JAVA.ALLOC.LEAK.ANDROID no
Anonymous LDAP Authentication (Java) Anonymous LDAP Authentication (Java) JAVA.INSEC.LDAP.ANON no
Approximate e Constant (Java) Approximate e Constant (Java) JAVA.MATH.APPROX.E no
Approximate pi Constant (Java) Approximate pi Constant (Java) JAVA.MATH.APPROX.PI no
Array Parameter Empty (Java) Array Parameter Empty (Java) JAVA.FUNCS.APE no
Assertion Contains Side Effects (Java) Assertion Contains Side Effects (Java) JAVA.STRUCT.SE.ASSERT no
Assignment in Conditional (Java) Assignment in Conditional (Java) JAVA.STRUCT.CONDASSIG no
Asymmetric compareTo (Java) Asymmetric compareTo (Java) JAVA.COMPARE.CTO.ASSYM no
Bitwise AND on Boolean (Java) Bitwise AND on Boolean (Java) JAVA.STRUCT.BW.AND no
Bitwise AND on Boolean Constant (Java) Bitwise AND on Boolean Constant (Java) JAVA.STRUCT.BW.ANDC no
Bitwise OR on Boolean (Java) Bitwise OR on Boolean (Java) JAVA.STRUCT.BW.OR no
Bitwise OR on Boolean Constant (Java) Bitwise OR on Boolean Constant (Java) JAVA.STRUCT.BW.ORC no
Blocking in Critical Section (Java) Blocking in Critical Section (Java) JAVA.CONCURRENCY.STARVE.BLOCKING no
Broad Throws Clause (Java) Broad Throws Clause (Java) JAVA.STRUCT.EXCP.BROAD no
Call Might Return Null (Java) Call Might Return Null (Java) JAVA.NULL.RET.UNCHECKED no
Cast: Integer to Floating Point (Java) Cast: Integer to Floating Point (Java) JAVA.CAST.FTRUNC no
Cast: int Computation to long (Java) Cast: int Computation to long (Java) JAVA.ARITH.OFLOW no
Class Enables Debug Features (Java) Class Enables Debug Features (Java) JAVA.DEBUG.CEDF no
Clone Call to Super is Missing (Java) Clone Call to Super is Missing (Java) JAVA.CLASS.CLONE.CCSM no
Closeable Not Closed (Java) Closeable Not Closed (Java) JAVA.ALLOC.LEAK.NOTCLOSED no
Closeable Not Stored (Java) Closeable Not Stored (Java) JAVA.ALLOC.LEAK.NOTSTORED no
Code Injection (Java) Code Injection (Java) JAVA.IO.INJ.CODE YES
Command Injection (Java) Command Injection (Java) JAVA.IO.INJ.COMMAND YES
Comparison to Class Names (Java) Comparison to Class Names (Java) JAVA.COMPARE.EQUALS.CN no
Comparison to Empty String (Java) Comparison to Empty String (Java) JAVA.COMPARE.EMPTYSTR no
Cross Site Scripting (Java) Cross Site Scripting (Java) JAVA.IO.INJ.XSS no
Cross Site Scripting In Error Message Web Page (Java) Cross Site Scripting In Error Message Web Page (Java) JAVA.IO.INJ.XSS.EMWP no
Cryptographic Algorithm with Risky Default Cipher (Java) Cryptographic Algorithm with Risky Default Cipher (Java) JAVA.CRYPTO.CADRC YES
Cryptographic Algorithm with Weak Cipher (Java) Cryptographic Algorithm with Weak Cipher (Java) JAVA.CRYPTO.CARC YES
Cryptographic Algorithm with Weak Hash (Java) Cryptographic Algorithm with Weak Hash (Java) JAVA.CRYPTO.CAWH YES
DLL Injection (Java) DLL Injection (Java) JAVA.IO.INJ.DLL no
DOS Injection (Java) DOS Injection (Java) JAVA.IO.INJ.DENIAL no
Debug Call (Java) Debug Call (Java) JAVA.DEBUG.CALL no
Debug Warning (Java) Debug Warning (Java) JAVA.DEBUG.LOG no
Defines equals but not hashCode (Java) Defines equals but not hashCode (Java) JAVA.IDEF.EQUALSNOHC no
Defines hashCode but not equals (Java) Defines hashCode but not equals (Java) JAVA.IDEF.HCNOEQUALS no
Deprecated Cryptography Provider (Java) Deprecated Cryptography Provider (Java) JAVA.CRYPTO.DEPRECATED YES
Direct Thread Usage in Http Servlet (Java) Direct Thread Usage in Http Servlet (Java) JAVA.INSEC.HTTP.DTU no
Double-Checked Locking (Java) Double-Checked Locking (Java) JAVA.CONCURRENCY.LOCK.DCL no
Empty Branch Statement (Java) Empty Branch Statement (Java) JAVA.STRUCT.EBS no
Empty Exception Handler (Java) Empty Exception Handler (Java) JAVA.STRUCT.EXCP.EEH no
Empty jar File Archived (Java) Empty jar File Archived (Java) JAVA.STRUCT.ARCHIVE.EJF no
Empty zip File Archived (Java) Empty zip File Archived (Java) JAVA.STRUCT.ARCHIVE.EZF no
Exception Information Disclosure (Java) Exception Information Disclosure (Java) JAVA.DEBUG.ID no
Execution After Redirect (Java) Execution After Redirect (Java) JAVA.INSEC.EAR no
Explicit Finalize (Java) Explicit Finalize (Java) JAVA.FUNCS.EF no
Field Never Read (Java) Field Never Read (Java) JAVA.STRUCT.URFIELD no
Field Never Written (Java) Field Never Written (Java) JAVA.STRUCT.UWFIELD no
Floating Point Equality (Java) Floating Point Equality (Java) JAVA.ARITH.FPEQUAL no
Format String Injection (Java) Format String Injection (Java) JAVA.IO.INJ.FMT no
Fragment Injection (Java) Fragment Injection (Java) JAVA.IO.INJ.FRAGMENT no
Generic Exception Handler (Java) Generic Exception Handler (Java) JAVA.STRUCT.EXCP.GEH no
Hardcoded Cryptographic Key (Java) Hardcoded Cryptographic Key (Java) JAVA.HARDCODED.KEY YES
Hardcoded Filename (Java) Hardcoded Filename (Java) JAVA.HARDCODED.FNAME no
Hardcoded Password (Java) Hardcoded Password (Java) JAVA.HARDCODED.PASSWD YES
Hardcoded Random Seed (Java) Hardcoded Random Seed (Java) JAVA.HARDCODED.SEED no
Hostname in Condition (Java) Hostname in Condition (Java) JAVA.INSEC.HIC no
Ignored Return Value (Java) Ignored Return Value (Java) JAVA.FUNCS.IRV no
Ignored Return Value for Pure Function (Java) Ignored Return Value for Pure Function (Java) JAVA.FUNCS.IRV.PURE no
Impossible Client Side Locking (Java) Impossible Client Side Locking (Java) JAVA.CONCURRENCY.LOCK.ICS no
Impossible reference comparison (Java) Impossible reference comparison (Java) JAVA.REDUNDANT.EQF no
Inappropriate Exception Handler (Java) Inappropriate Exception Handler (Java) JAVA.STRUCT.EXCP.INAPP no
Inappropriate Instanceof (Java) Inappropriate Instanceof (Java) JAVA.CLASS.IOF.BAD no
Ineffective Cleansing of Fragment Taint (Java) Ineffective Cleansing of Fragment Taint (Java) JAVA.IO.TAINT.IC.FRAGMENT no
Inefficient Bitwise AND (Java) Inefficient Bitwise AND (Java) JAVA.STRUCT.BW.ANDI no
Inefficient Bitwise OR (Java) Inefficient Bitwise OR (Java) JAVA.STRUCT.BW.ORI no
Inefficient Box-Unbox (Java) Inefficient Box-Unbox (Java) JAVA.CLASS.BUB no
Inefficient Instantiation (Java) Inefficient Instantiation (Java) JAVA.CLASS.UI no
Inner Class Should be Static (Java) Inner Class Should be Static (Java) JAVA.CLASS.ICSBS no
Insecure Cookie (Java) Insecure Cookie (Java) JAVA.LIB.HTTP.COOKIE no
Insecure Key Derivation (Java) Insecure Key Derivation (Java) JAVA.CRYPTO.KEY YES
Insecure Random Number Generator (Java) Insecure Random Number Generator (Java) JAVA.LIB.RAND.FUNC no
Insecure Socket Factory (Java) Insecure Socket Factory (Java) JAVA.INSEC.SF no
Insecure XSLT Execution (Java) Insecure XSLT Execution (Java) JAVA.LIB.XML.INSEC_XSLT no
Insecure verifier Override for Hostname (Java) Insecure verifier Override for Hostname (Java) JAVA.INSEC.HVO no
Insecure verify Override for Certificate (Java) Insecure verify Override for Certificate (Java) JAVA.INSEC.CVO no
Instanceof Always False (Java) Instanceof Always False (Java) JAVA.CLASS.IOF.F no
Instanceof Always True (Java) Instanceof Always True (Java) JAVA.CLASS.IOF.T no
JavaScript Enabled (Java) JavaScript Enabled (Java) JAVA.JS.JSE no
JavaScript File Access from File URLs (Java) JavaScript File Access from File URLs (Java) JAVA.JS.FAFU no
LDAP Authentication Disabled (Java) LDAP Authentication Disabled (Java) JAVA.INSEC.LDAP.DA no
Lambda Parameter may be null (Java) Lambda Parameter may be null (Java) JAVA.NULL.PARAM.LAMBDA no
Legacy Random Generator (Java) Legacy Random Generator (Java) JAVA.LIB.RAND.LEGACY.GEN no
Method Enables Debug Features (Java) Method Enables Debug Features (Java) JAVA.DEBUG.MEDF no
Method Names Differ Only in Case (Java) Method Names Differ Only in Case (Java) JAVA.ID.CASE.METHOD no
Method Should Not Return null (Java) Method Should Not Return null (Java) JAVA.NULL.RET.NONNULL no
Missing Authentication Annotation (Java) Missing Authentication Annotation (Java) JAVA.INSEC.MAA no
Missing Call to super (Java) Missing Call to super (Java) JAVA.CLASS.MCS no
Missing Equals Override (Java) Missing Equals Override (Java) JAVA.IDEF.NOEQUALS no
Missing JavaScript Entry Point (Java) Missing JavaScript Entry Point (Java) JAVA.JS.MEP no
Missing JavaScript Execution (Java) Missing JavaScript Execution (Java) JAVA.JS.ME no
Missing Required Cryptographic Step (Java) Missing Required Cryptographic Step (Java) JAVA.CRYPTO.MRCS YES
Missing Serial Version Field (Java) Missing Serial Version Field (Java) JAVA.CLASS.SER.UIDM no
Missing isValidFragment Override (Java) Missing isValidFragment Override (Java) JAVA.CLASS.OR.ISVALIDFRAGMENT no
Mutable Enumeration (Java) Mutable Enumeration (Java) JAVA.TYPE.ME no
Mutable Public Static Final Array (Java) Mutable Public Static Final Array (Java) JAVA.TYPE.MPSFA no
Non-Object compareTo Parameter (Java) Non-Object compareTo Parameter (Java) JAVA.COMPARE.CTO.NONOBJ no
Non-overriding Method Signature (Java) Non-overriding Method Signature (Java) JAVA.ID.BADOVERRIDE no
Nonserializable Field (Java) Nonserializable Field (Java) JAVA.CLASS.SER.FNON no
Nonserializable Field Element (Java) Nonserializable Field Element (Java) JAVA.CLASS.SER.ENON no
Nonserializable Outer Class (Java) Nonserializable Outer Class (Java) JAVA.CLASS.SER.OCNON no
Null Parameter Dereference (Java) Null Parameter Dereference (Java) JAVA.NULL.PARAM.ACTUAL no
Null Pointer Dereference (Java) Null Pointer Dereference (Java) JAVA.NULL.DEREF no
Open Redirect (Java) Open Redirect (Java) JAVA.IO.TAINT.HTTP.OR no
Password in Property File (Java) Password in Property File (Java) JAVA.HARDCODED.PASSWD.FILE no
Permissive File Mode (Java) Permissive File Mode (Java) JAVA.IO.PERM no
Possible XML External Entity Reference (Java) Possible XML External Entity Reference (Java) JAVA.LIB.XML.XXE YES
Potential Infinite Recursion (Java) Potential Infinite Recursion (Java) JAVA.FUNCS.INFREC no
Potential LDAP Poisoning (Java) Potential LDAP Poisoning (Java) JAVA.INSEC.LDAP.POISON no
Redundant Call for Integral Argument (Java) Redundant Call for Integral Argument (Java) JAVA.FUNCS.RED.INT no
Redundant Call for String Argument (Java) Redundant Call for String Argument (Java) JAVA.FUNCS.RED.STR no
Redundant Condition (Java) Redundant Condition (Java) JAVA.STRUCT.RC no
Redundant Implements Clause (Java) Redundant Implements Clause (Java) JAVA.CLASS.RI no
Reflection Bypasses Member Accessibility (Java) Reflection Bypasses Member Accessibility (Java) JAVA.CLASS.ACCESS.BYPASS no
Reflection Injection (Java) Reflection Injection (Java) JAVA.IO.TAINT.REFLECTION YES
Reflection Modifies Member Accessibility (Java) Reflection Modifies Member Accessibility (Java) JAVA.CLASS.ACCESS.MODIFY no
Return null Array (Java) Return null Array (Java) JAVA.NULL.RET.ARRAY no
Return null Boolean (Java) Return null Boolean (Java) JAVA.NULL.RET.BOOL no
Return null Optional (Java) Return null Optional (Java) JAVA.NULL.RET.OPT no
Risky Cipher Algorithm (Java) Risky Cipher Algorithm (Java) JAVA.CRYPTO.RCA YES
Risky Cipher Field (Java) Risky Cipher Field (Java) JAVA.CRYPTO.RCF YES
Risky Class Cast (Java) Risky Class Cast (Java) JAVA.CLASS.CAST no
Risky Cryptographic Algorithm (Java) Risky Cryptographic Algorithm (Java) JAVA.CRYPTO.RA YES
Risky Cryptographic Field (Java) Risky Cryptographic Field (Java) JAVA.CRYPTO.RF YES
Risky JavaScript Interface (Java) Risky JavaScript Interface (Java) JAVA.JS.RI no
Risky array store (Java) Risky array store (Java) JAVA.CLASS.CAST.ARRSTORE no
SQL Injection (Java) SQL Injection (Java) JAVA.IO.INJ.SQL YES
Shadowed Identifier (Java) Shadowed Identifier (Java) JAVA.ID.SHADOW no
Should Use == Instead of equals() (Java) Should Use == Instead of equals() (Java) JAVA.COMPARE.EQUALS no
Should Use equals() Instead of == (Java) Should Use equals() Instead of == (Java) JAVA.COMPARE.EQ no
Single-use Random Number Generator (Java) Single-use Random Number Generator (Java) JAVA.LIB.RAND.NEW no
Static Field Assigned Non-Static (Java) Static Field Assigned Non-Static (Java) JAVA.CLASS.STATICMOD no
Synchronization on Interned String (Java) Synchronization on Interned String (Java) JAVA.CONCURRENCY.LOCK.ISTR no
Synchronization on static (Java) Synchronization on static (Java) JAVA.CONCURRENCY.LOCK.STATIC no
Synchronous Call to Thread Body (Java) Synchronous Call to Thread Body (Java) JAVA.CONCURRENCY.LOCK.SCTB no
Tainted @Trusted Value (Java) Tainted @Trusted Value (Java) JAVA.IO.TAINT.TRUSTED YES
Tainted Allocation Size (Java) Tainted Allocation Size (Java) JAVA.IO.TAINT.SIZE YES
Tainted Bundle (Java) Tainted Bundle (Java) JAVA.IO.TAINT.BUNDLE YES
Tainted Control (Java) Tainted Control (Java) JAVA.IO.TAINT.CONTROL YES
Tainted Data in Vulnerable Method (Java) Tainted Data in Vulnerable Method (Java) JAVA.IO.TAINT.VULN YES
Tainted Expression Evaluation (Java) Tainted Expression Evaluation (Java) JAVA.IO.TAINT.EVAL YES
Tainted HTTP Response (Java) Tainted HTTP Response (Java) JAVA.IO.TAINT.HTTP YES
Tainted Hardware Device Property (Java) Tainted Hardware Device Property (Java) JAVA.IO.TAINT.DEVICE no
Tainted LDAP Attribute (Java) Tainted LDAP Attribute (Java) JAVA.IO.TAINT.LDAP.ATTR YES
Tainted LDAP Filter (Java) Tainted LDAP Filter (Java) JAVA.IO.TAINT.LDAP.FILTER YES
Tainted Log (Java) Tainted Log (Java) JAVA.IO.TAINT.LOG YES
Tainted Message (Java) Tainted Message (Java) JAVA.IO.TAINT.MESSAGE YES
Tainted Network Address (Java) Tainted Network Address (Java) JAVA.IO.TAINT.ADDR YES
Tainted Path (Java) Tainted Path (Java) JAVA.IO.TAINT.PATH YES
Tainted Regular Expression (Java) Tainted Regular Expression (Java) JAVA.IO.TAINT.REGEX YES
Tainted Resource (Java) Tainted Resource (Java) JAVA.IO.TAINT.RESOURCE YES
Tainted Session (Java) Tainted Session (Java) JAVA.IO.TAINT.SESSION YES
Tainted URL (Java) Tainted URL (Java) JAVA.IO.TAINT.URL YES
Tainted XAML (Java) Tainted XAML (Java) JAVA.IO.TAINT.XAML YES
Tainted XML (Java) Tainted XML (Java) JAVA.IO.TAINT.XML YES
Tainted Xpath (Java) Tainted Xpath (Java) JAVA.IO.TAINT.XPATH YES
Unchecked Parameter Dereference (Java) Unchecked Parameter Dereference (Java) JAVA.STRUCT.UPD no
Unexpected Serial Version Field (Java) Unexpected Serial Version Field (Java) JAVA.CLASS.SER.UIDU no
Universal JavaScript Access to File URLs (Java) Universal JavaScript Access to File URLs (Java) JAVA.JS.UAFU no
Unnecessary Field (Java) Unnecessary Field (Java) JAVA.STRUCT.UNFLD no
Unnecessary Instantiation for GetClass (Java) Unnecessary Instantiation for GetClass (Java) JAVA.CLASS.UIGC no
Unreachable Instruction (Java) Unreachable Instruction (Java) JAVA.STRUCT.UC.INSTR no
Unsafe Session Expiration Time (Java) Unsafe Session Expiration Time (Java) JAVA.INSEC.USET no
Unsafe hash comparison (Java) Unsafe hash comparison (Java) JAVA.CRYPTO.UHC YES
Untrusted Network Host (Java) Untrusted Network Host (Java) JAVA.IO.UT.HOST no
Unused Class (Java) Unused Class (Java) JAVA.STRUCT.UUCLASS no
Unused Field (Java) Unused Field (Java) JAVA.STRUCT.UUFIELD no
Unused Method (Java) Unused Method (Java) JAVA.STRUCT.UUMETH no
Unused Object (Java) Unused Object (Java) JAVA.STRUCT.UUOBJ YES
Unused Value: Actual Parameter (Java) Unused Value: Actual Parameter (Java) JAVA.STRUCT.UUVAL.ACTUAL YES
Unused Value: Variable (Java) Unused Value: Variable (Java) JAVA.STRUCT.UUVAL.VAR YES
Unused Value: Write to Parameter (Java) Unused Value: Write to Parameter (Java) JAVA.STRUCT.UUVAL.PARAM YES
Use of Hardware ID (Java) Use of Hardware ID (Java) JAVA.IO.HWID no
Use of Hash without a Salt (Java) Use of Hash without a Salt (Java) JAVA.CRYPTO.HWS YES
Use of Insecure verify for Certificate (Java) Use of Insecure verify for Certificate (Java) JAVA.INSEC.CVU no
Use of Insecure verify for Hostname (Java) Use of Insecure verify for Hostname (Java) JAVA.INSEC.HVU no
Use of Same Seed (Java) Use of Same Seed (Java) JAVA.INSEC.SS no
Useless Assignment (Java) Useless Assignment (Java) JAVA.STRUCT.UA YES
Useless Assignment to Default (Java) Useless Assignment to Default (Java) JAVA.STRUCT.UA.DEFAULT YES
Useless Class Cast (Java) Useless Class Cast (Java) JAVA.CLASS.CAST.USELESS no
Useless Synchronization (Java) Useless Synchronization (Java) JAVA.CONCURRENCY.LOCK.USELESS no
Useless volatile Modifier (Java) Useless volatile Modifier (Java) JAVA.CONCURRENCY.VOLATILE no
Weak Cryptographic Value (Java) Weak Cryptographic Value (Java) JAVA.CRYPTO.VALUE YES
Weak Hash Algorithm (Java) Weak Hash Algorithm (Java) JAVA.CRYPTO.WHA YES
Weak Hash Algorithm Field (Java) Weak Hash Algorithm Field (Java) JAVA.CRYPTO.WHAF YES
Weak Initialization Vector Field (Java) Weak Initialization Vector Field (Java) JAVA.CRYPTO.WIVF YES
Weak Initialization Vector Value (Java) Weak Initialization Vector Value (Java) JAVA.CRYPTO.WIV YES
clone Non-cloneable (Java) clone Non-cloneable (Java) JAVA.CLASS.CLONE.CNC no
clone not final (Java) clone not final (Java) JAVA.CLASS.CLONE.NF no
compareTo in Non-Comparable Class (Java) compareTo in Non-Comparable Class (Java) JAVA.COMPARE.CTO.NONCOMP no
compareTo without equals (Java) compareTo without equals (Java) JAVA.IDEF.CTONOEQ no
compareTo/equals mismatch (Java) compareTo/equals mismatch (Java) JAVA.IDEF.CTOEQ no
equals Always Fails (Java) equals Always Fails (Java) JAVA.REDUNDANT.EQUALSF no
equals Parameter Should Be Object (Java) equals Parameter Should Be Object (Java) JAVA.IDEF.EQUALS.NONOBJ no
equals on Array (Java) equals on Array (Java) JAVA.COMPARE.EQARRAY no
toString on Array (Java) toString on Array (Java) JAVA.TYPE.ARRAYTOSTRING no

Disabled By Default

Reporting for these classes is disabled by default. See individual warning class documentation pages for enabling instructions: the requirements vary depending on the class.

日本語クラス名クラス名 ニーモニックSecurity/Deep/PendanticEnhanced Kotlin reporting?
Actual Parameter Element may be null (Java) Actual Parameter Element may be null (Java) JAVA.DEEPNULL.PARAM.EACTUAL deep no
Android Message Injection (Java) Android Message Injection (Java) JAVA.IO.INJ.ANDROID.MESSAGE deep, セキュリティ no
Android URL Injection (Java) Android URL Injection (Java) JAVA.IO.INJ.ANDROID.URL deep, セキュリティ no
Certificate Added to Root Store (Java) Certificate Added to Root Store (Java) JAVA.INSEC.CERT.RS セキュリティ no
Deprecated Transfer Protocol (Java) Deprecated Transfer Protocol (Java) JAVA.INSEC.DTP セキュリティ no
Deserializable Class (Java) Deserializable Class (Java) JAVA.CLASS.SER.DESER セキュリティ no
Deserializing Non-Serializable Class (Java) Deserializing Non-Serializable Class (Java) JAVA.CLASS.SER.DNS セキュリティ no
Field Element may be null (deep) (Java) Field Element may be null (deep) (Java) JAVA.DEEPNULL.EFIELD deep no
Field Too Visible (Java) Field Too Visible (Java) JAVA.CLASS.VIS.FIELD pedantic no
Field may be null (deep) (Java) Field may be null (deep) (Java) JAVA.DEEPNULL.FIELD deep no
Hardcoded IP Address (Java) Hardcoded IP Address (Java) JAVA.HARDCODED.IP セキュリティ no
Inadequate Salt (Java) Inadequate Salt (Java) JAVA.CRYPTO.SALT セキュリティ no
Insecure Class Loader (Java) Insecure Class Loader (Java) JAVA.CLASS.ICL pedantic no
Method Disables Security Setting (Java) Method Disables Security Setting (Java) JAVA.INSEC.MDSS セキュリティ no
Method Should be final (Java) Method Should be final (Java) JAVA.CLASS.METH.NF pedantic no
Method Should be private (Java) Method Should be private (Java) JAVA.CLASS.VIS.METH.PRIV pedantic no
Missing synchronized Statement (Java) Missing synchronized Statement (Java) JAVA.CONCURRENCY.SYNC.MSS deep no
Mutable Constant Field (Java) Mutable Constant Field (Java) JAVA.TYPE.MCF pedantic no
Naming Style Violation (Java) Naming Style Violation (Java) JAVA.ID.STYLE pedantic no
Null Pointer Dereference (deep) (Java) Null Pointer Dereference (deep) (Java) JAVA.DEEPNULL.DEREF deep no
Return Value may Contain null Element (Java) Return Value may Contain null Element (Java) JAVA.DEEPNULL.RET.EMETH deep no
Return Value may be null (Java) Return Value may be null (Java) JAVA.DEEPNULL.RET.METH deep no
Security Annotation Conflict (Java) Security Annotation Conflict (Java) JAVA.INSEC.SAC セキュリティ no
Sensitive Data Cached (Java) Sensitive Data Cached (Java) JAVA.MISC.SD.CACHE deep, セキュリティ no
Sensitive Data Written to External Storage (Java) Sensitive Data Written to External Storage (Java) JAVA.MISC.SD.EXT deep, セキュリティ no
Sensitive Data Written to Local File (Java) Sensitive Data Written to Local File (Java) JAVA.MISC.SD.FILE deep, セキュリティ no
Serialization Not Disabled (Java) Serialization Not Disabled (Java) JAVA.CLASS.SER.ND pedantic no
Static Field Too Visible (Java) Static Field Too Visible (Java) JAVA.CLASS.VIS.SFIELD pedantic no
Unchecked Parameter Dereference (deep) (Java) Unchecked Parameter Dereference (deep) (Java) JAVA.STRUCT.DUPD deep no
Unchecked Parameter Element Dereference (deep) (Java) Unchecked Parameter Element Dereference (deep) (Java) JAVA.STRUCT.UPED deep no
Unguarded Field (Java) Unguarded Field (Java) JAVA.CONCURRENCY.UG.FIELD deep no
Unguarded Method (Java) Unguarded Method (Java) JAVA.CONCURRENCY.UG.METH deep no
Unguarded Parameter (Java) Unguarded Parameter (Java) JAVA.CONCURRENCY.UG.PARAM deep no
Unsafe Base64 Encoding (Java) Unsafe Base64 Encoding (Java) JAVA.CRYPTO.BASE64 セキュリティ no
Useless null Test (Java) Useless null Test (Java) JAVA.DEEPNULL.UTEST deep no
Useless null Test of Field (Java) Useless null Test of Field (Java) JAVA.DEEPNULL.UTEST.FIELD deep no
Useless null Test of Parameter (Java) Useless null Test of Parameter (Java) JAVA.DEEPNULL.UTEST.PARAM deep no
Useless null Test of Return Value (Java) Useless null Test of Return Value (Java) JAVA.DEEPNULL.UTEST.RV deep no
clone Subclass of Non-clonable (Java) clone Subclass of Non-clonable (Java) JAVA.CLASS.CLONE.SCNC pedantic no
null Passed to Method (deep) (Java) null Passed to Method (deep) (Java) JAVA.DEEPNULL.PARAM.ACTUAL deep no

Supported for All Languages

The following warning classes are supported for all languages, including C#.

Class NameMnemonic
Copy-Paste ErrorMISC.CPE
 

To report problems with this documentation, please visit https://support.codesecure.com/.