# This file was generated from template 'codesonar/presets/certjava.conf.in' # # enables warning classes related to the guidelines in the SEI CERT Oracle Coding Standard for Java # # This part of this file was generated from 'cso_wcmanifest.py' # # CERT-Java:NUM00-J: Detect or prevent integer overflow # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Abs on random (Java)" # CERT-Java:ENV03-J: Do not grant dangerous combinations of permissions # CERT-Java:FIO01-J: Create files with appropriate access permissions # CERT-Java:SEC01-J: Do not allow tainted variables in privileged blocks # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Accessing File in Permissive Mode (Java)" # CERT-Java:EXP01-J: Do not use a null in a case where an object is required WARNING_FILTER += allow class="Actual Parameter Element may be null (Java)" # CERT-Java:SER02-J: Sign then seal objects before sending them outside a trust boundary WARNING_FILTER += allow class="Android Message Injection (Java)" # CERT-Java:NUM12-J: Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Approximate e Constant (Java)" # CERT-Java:NUM12-J: Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Approximate pi Constant (Java)" # CERT-Java:DCL00-J: Prevent class initialization cycles # CERT-Java:EXP06-J: Expressions used in assertions must not produce side effects # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Assertion Contains Side Effects (Java)" # CERT-Java:MET08-J: Preserve the equality contract when overriding the equals() method # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Asymmetric compareTo (Java)" # CERT-Java:LCK09-J: Do not perform operations that can block while holding a lock # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Blocking in Critical Section (Java)" # CERT-Java:ERR07-J: Do not throw RuntimeException, Exception, or Throwable # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Broad Throws Clause (Java)" # CERT-Java:EXP00-J: Do not ignore values returned by methods # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Call Might Return Null (Java)" # CERT-Java:NUM12-J: Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data # CERT-Java:NUM13-J: Avoid loss of precision when converting primitive integers to floating-point # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Cast: Integer to Floating Point (Java)" # CERT-Java:NUM00-J: Detect or prevent integer overflow # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Cast: int Computation to long (Java)" # CERT-Java:ENV06-J: Production code must not contain debugging entry points # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Class Enables Debug Features (Java)" # CERT-Java:MET53-J: Ensure that the clone() method calls super.clone() # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Clone Call to Super is Missing (Java)" # CERT-Java:FIO04-J: Release resources when they are no longer needed # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Closeable Not Closed (Java)" # CERT-Java:FIO04-J: Release resources when they are no longer needed # CERT-Java:MSC05-J: Do not exhaust heap space # CERT-Java:SER10-J: Avoid memory and resource leaks during serialization # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Closeable Not Stored (Java)" # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Code Injection (Java)" # CERT-Java:IDS07-J: Sanitize untrusted data passed to the Runtime.exec() method # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Command Injection (Java)" # CERT-Java:EXP03-J: Do not use the equality operators when comparing values of boxed primitives # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Comparison to Empty String (Java)" # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Cross Site Scripting (Java)" # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Cross Site Scripting In Error Message Web Page (Java)" # CERT-Java:DRD18: Do not use the default behavior in a cryptographic library if it does not use recommended practices # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Cryptographic Algorithm with Risky Default Cipher (Java)" # CERT-Java:DRD18: Do not use the default behavior in a cryptographic library if it does not use recommended practices # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Cryptographic Algorithm with Weak Cipher (Java)" # CERT-Java:DRD18: Do not use the default behavior in a cryptographic library if it does not use recommended practices # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Cryptographic Algorithm with Weak Hash (Java)" # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="DLL Injection (Java)" # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="DOS Injection (Java)" # CERT-Java:ERR09-J: Do not allow untrusted code to terminate the JVM # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Debug Call (Java)" # CERT-Java:ERR02-J: Prevent exceptions while logging data # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Debug Warning (Java)" # CERT-Java:MET09-J: Classes that define an equals() method must also define a hashCode() method # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Defines equals but not hashCode (Java)" # CERT-Java:MET09-J: Classes that define an equals() method must also define a hashCode() method # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Defines hashCode but not equals (Java)" # CERT-Java:DRD17-J: Do not use the Android cryptographic security provider encryption default for AES # CERT-Java:DRD18: Do not use the default behavior in a cryptographic library if it does not use recommended practices # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Deprecated Cryptography Provider (Java)" # CERT-Java:LCK10-J: Use a correct form of the double-checked locking idiom # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Double-Checked Locking (Java)" # CERT-Java:ERR00-J: Do not suppress or ignore checked exceptions # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Empty Exception Handler (Java)" # CERT-Java:EXP01-J: Do not use a null in a case where an object is required WARNING_FILTER += allow class="Field Element may be null (deep) (Java)" # CERT-Java:EXP01-J: Do not use a null in a case where an object is required WARNING_FILTER += allow class="Field may be null (deep) (Java)" # CERT-Java:NUM12-J: Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Floating Point Equality (Java)" # CERT-Java:ERR08-J: Do not catch NullPointerException or any of its ancestors # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Generic Exception Handler (Java)" # CERT-Java:MSC03-J: Never hard code sensitive information # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Hardcoded Password (Java)" # CERT-Java:MSC02-J: Generate strong random numbers # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Hardcoded Random Seed (Java)" # CERT-Java:EXP00-J: Do not ignore values returned by methods # CERT-Java:FIO02-J: Detect and handle file-related errors # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Ignored Return Value (Java)" # CERT-Java:VNA00-J: Ensure visibility when accessing shared primitive variables # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Impossible Client Side Locking (Java)" # CERT-Java:DRD18: Do not use the default behavior in a cryptographic library if it does not use recommended practices WARNING_FILTER += allow class="Inadequate Salt (Java)" # CERT-Java:ERR08-J: Do not catch NullPointerException or any of its ancestors # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Inappropriate Exception Handler (Java)" # CERT-Java:MSC05-J: Do not exhaust heap space # CERT-Java:SER10-J: Avoid memory and resource leaks during serialization # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Inefficient Instantiation (Java)" # CERT-Java:OBJ08-J: Do not expose private members of an outer class from within a nested class # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Inner Class Should be Static (Java)" # CERT-Java:DRD18: Do not use the default behavior in a cryptographic library if it does not use recommended practices # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Insecure Key Derivation (Java)" # CERT-Java:MSC02-J: Generate strong random numbers # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Insecure Random Number Generator (Java)" # CERT-Java:ENV01-J: Place all security-sensitive code in a single JAR and sign and seal it # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="LDAP Authentication Disabled (Java)" # CERT-Java:MSC02-J: Generate strong random numbers # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Legacy Random Generator (Java)" # CERT-Java:ENV06-J: Production code must not contain debugging entry points # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Method Enables Debug Features (Java)" # CERT-Java:MET53-J: Ensure that the clone() method calls super.clone() # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Missing Call to super (Java)" # CERT-Java:MET08-J: Preserve the equality contract when overriding the equals() method # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Missing Equals Override (Java)" # CERT-Java:SER00-J: Enable serialization compatibility during class evolution # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Missing Serial Version Field (Java)" # CERT-Java:VNA00-J: Ensure visibility when accessing shared primitive variables WARNING_FILTER += allow class="Missing synchronized Statement (Java)" # CERT-Java:EXP01-J: Do not use a null in a case where an object is required # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Null Parameter Dereference (Java)" # CERT-Java:EXP01-J: Do not use a null in a case where an object is required # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Null Pointer Dereference (Java)" # CERT-Java:EXP01-J: Do not use a null in a case where an object is required WARNING_FILTER += allow class="Null Pointer Dereference (deep) (Java)" # CERT-Java:ENV03-J: Do not grant dangerous combinations of permissions # CERT-Java:FIO01-J: Create files with appropriate access permissions # CERT-Java:SEC01-J: Do not allow tainted variables in privileged blocks # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Permissive File Mode (Java)" # CERT-Java:SEC05-J: Do not use reflection to increase accessibility of classes, methods, or fields # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Reflection Bypasses Member Accessibility (Java)" # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Reflection Injection (Java)" # CERT-Java:SEC05-J: Do not use reflection to increase accessibility of classes, methods, or fields # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Reflection Modifies Member Accessibility (Java)" # CERT-Java:EXP01-J: Do not use a null in a case where an object is required WARNING_FILTER += allow class="Return Value may Contain null Element (Java)" # CERT-Java:EXP01-J: Do not use a null in a case where an object is required WARNING_FILTER += allow class="Return Value may be null (Java)" # CERT-Java:EXP01-J: Do not use a null in a case where an object is required # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Return null Array (Java)" # CERT-Java:EXP01-J: Do not use a null in a case where an object is required # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Return null Boolean (Java)" # CERT-Java:EXP01-J: Do not use a null in a case where an object is required # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Return null Optional (Java)" # CERT-Java:DRD18: Do not use the default behavior in a cryptographic library if it does not use recommended practices # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Risky Cipher Algorithm (Java)" # CERT-Java:DRD18: Do not use the default behavior in a cryptographic library if it does not use recommended practices # CERT-Java:MSC02-J: Generate strong random numbers # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Risky Cipher Field (Java)" # CERT-Java:MSC02-J: Generate strong random numbers # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Risky Cryptographic Algorithm (Java)" # CERT-Java:DRD18: Do not use the default behavior in a cryptographic library if it does not use recommended practices # CERT-Java:MSC02-J: Generate strong random numbers # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Risky Cryptographic Field (Java)" # CERT-Java:DRD13: Do not provide addJavascriptInterface method access in a WebView which could contain untrusted content. (API level JELLY_BEAN or below) # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Risky JavaScript Interface (Java)" # CERT-Java:IDS00-J: Prevent SQL injection # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="SQL Injection (Java)" # CERT-Java:DRD22: Do not cache sensitive information WARNING_FILTER += allow class="Sensitive Data Cached (Java)" # CERT-Java:DRD00: Do not store sensitive information on external storage (SD card) unless encrypted first # CERT-Java:DRD22: Do not cache sensitive information # CERT-Java:MSC03-J: Never hard code sensitive information WARNING_FILTER += allow class="Sensitive Data Written to External Storage (Java)" # CERT-Java:DRD22: Do not cache sensitive information WARNING_FILTER += allow class="Sensitive Data Written to Local File (Java)" # CERT-Java:SER01-J: Do not deviate from the proper signatures of serialization methods # CERT-Java:SER03-J: Do not serialize unencrypted sensitive data # CERT-Java:SER06-J: Make defensive copies of private mutable components during deserialization # CERT-Java:SER07-J: Do not use the default serialized form for classes with implementation-defined invariants # CERT-Java:SER12-J: Prevent deserialization of untrusted data WARNING_FILTER += allow class="Serialization Not Disabled (Java)" # CERT-Java:EXP02-J: Do not use the Object.equals() method to compare two arrays # CERT-Java:EXP03-J: Do not use the equality operators when comparing values of boxed primitives # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Should Use equals() Instead of == (Java)" # CERT-Java:LCK00-J: Use private final lock objects to synchronize classes that may interact with untrusted code # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Synchronization on Interned String (Java)" # CERT-Java:VNA00-J: Ensure visibility when accessing shared primitive variables # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Synchronization on static (Java)" # CERT-Java:THI00-J: Do not invoke Thread.run() # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Synchronous Call to Thread Body (Java)" # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted @Trusted Value (Java)" # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Bundle (Java)" # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Control (Java)" # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Expression Evaluation (Java)" # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted HTTP Response (Java)" # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Hardware Device Property (Java)" # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted LDAP Attribute (Java)" # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted LDAP Filter (Java)" # CERT-Java:IDS03-J: Do not log unsanitized user input # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Log (Java)" # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # CERT-Java:SEC06-J: Do not rely on the default automatic signature verification provided by URLClassLoader and java.util.jar # CERT-Java:SER02-J: Sign then seal objects before sending them outside a trust boundary # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Message (Java)" # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Network Address (Java)" # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Path (Java)" # CERT-Java:IDS08-J: Sanitize untrusted data included in a regular expression # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Regular Expression (Java)" # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Resource (Java)" # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Session (Java)" # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted URL (Java)" # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted XAML (Java)" # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted XML (Java)" # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Xpath (Java)" # CERT-Java:EXP01-J: Do not use a null in a case where an object is required # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Unchecked Parameter Dereference (Java)" # CERT-Java:EXP01-J: Do not use a null in a case where an object is required WARNING_FILTER += allow class="Unchecked Parameter Dereference (deep) (Java)" # CERT-Java:EXP01-J: Do not use a null in a case where an object is required WARNING_FILTER += allow class="Unchecked Parameter Element Dereference (deep) (Java)" # CERT-Java:VNA00-J: Ensure visibility when accessing shared primitive variables WARNING_FILTER += allow class="Unguarded Field (Java)" # CERT-Java:LCK05-J: Synchronize access to static fields that can be modified by untrusted code WARNING_FILTER += allow class="Unguarded Method (Java)" # CERT-Java:VNA00-J: Ensure visibility when accessing shared primitive variables WARNING_FILTER += allow class="Unguarded Parameter (Java)" # CERT-Java:DRD18: Do not use the default behavior in a cryptographic library if it does not use recommended practices # CERT-Java:MSC02-J: Generate strong random numbers WARNING_FILTER += allow class="Unsafe Base64 Encoding (Java)" # CERT-Java:VNA00-J: Ensure visibility when accessing shared primitive variables # CERT-Java:VNA03-J: Do not assume that a group of calls to independently atomic methods is atomic # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Useless volatile Modifier (Java)" # CERT-Java:DRD18: Do not use the default behavior in a cryptographic library if it does not use recommended practices # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Weak Cryptographic Value (Java)" # CERT-Java:DRD18: Do not use the default behavior in a cryptographic library if it does not use recommended practices # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Weak Hash Algorithm (Java)" # CERT-Java:MSC02-J: Generate strong random numbers # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Weak Hash Algorithm Field (Java)" # CERT-Java:DRD18: Do not use the default behavior in a cryptographic library if it does not use recommended practices # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Weak Initialization Vector Field (Java)" # CERT-Java:DRD18: Do not use the default behavior in a cryptographic library if it does not use recommended practices # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Weak Initialization Vector Value (Java)" # CERT-Java:OBJ07-J: Sensitive classes must not let themselves be copied # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="clone Non-cloneable (Java)" # CERT-Java:OBJ07-J: Sensitive classes must not let themselves be copied WARNING_FILTER += allow class="clone Subclass of Non-clonable (Java)" # CERT-Java:OBJ07-J: Sensitive classes must not let themselves be copied # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="clone not final (Java)" # CERT-Java:MET08-J: Preserve the equality contract when overriding the equals() method # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="compareTo without equals (Java)" # CERT-Java:MET08-J: Preserve the equality contract when overriding the equals() method # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="compareTo/equals mismatch (Java)" # CERT-Java:EXP02-J: Do not use the Object.equals() method to compare two arrays # CERT-Java:EXP03-J: Do not use the equality operators when comparing values of boxed primitives # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="equals on Array (Java)" # CERT-Java:EXP01-J: Do not use a null in a case where an object is required WARNING_FILTER += allow class="null Passed to Method (deep) (Java)"