# Enables Java warning classes that are related to CWE:660. # # Enable the advanced injection engine for deeper taint propagation. # JAVA_ANALYSIS_ADVANCED_INJECTION = Yes # # These warning classes are disabled by default. # WARNING_FILTER += allow class="Actual Parameter Element may be null (Java)" WARNING_FILTER += allow class="Android Message Injection (Java)" WARNING_FILTER += allow class="Android URL Injection (Java)" WARNING_FILTER += allow class="Deprecated Transfer Protocol (Java)" WARNING_FILTER += allow class="Deserializable Class (Java)" WARNING_FILTER += allow class="Field Element may be null (deep) (Java)" WARNING_FILTER += allow class="Field Too Visible (Java)" WARNING_FILTER += allow class="Field may be null (deep) (Java)" WARNING_FILTER += allow class="Method Should be final (Java)" WARNING_FILTER += allow class="Method Should be private (Java)" WARNING_FILTER += allow class="Missing synchronized Statement (Java)" WARNING_FILTER += allow class="Mutable Constant Field (Java)" WARNING_FILTER += allow class="Null Pointer Dereference (deep) (Java)" WARNING_FILTER += allow class="Return Value may Contain null Element (Java)" WARNING_FILTER += allow class="Return Value may be null (Java)" WARNING_FILTER += allow class="Serialization Not Disabled (Java)" WARNING_FILTER += allow class="Static Field Too Visible (Java)" WARNING_FILTER += allow class="Unchecked Parameter Dereference (deep) (Java)" WARNING_FILTER += allow class="Unchecked Parameter Element Dereference (deep) (Java)" WARNING_FILTER += allow class="Unguarded Field (Java)" WARNING_FILTER += allow class="Unguarded Method (Java)" WARNING_FILTER += allow class="Unguarded Parameter (Java)" WARNING_FILTER += allow class="clone Subclass of Non-clonable (Java)" WARNING_FILTER += allow class="null Passed to Method (deep) (Java)" # Classes below are enabled by default: they are included for # completeness, in case they have been disabled by a previous rule. # Note that this default enabling means that a class may remain # enabled even if its WARNING_FILTER rule is commented out below. WARNING_FILTER += allow class="Approximate e Constant (Java)" WARNING_FILTER += allow class="Approximate pi Constant (Java)" WARNING_FILTER += allow class="Assignment in Conditional (Java)" WARNING_FILTER += allow class="Broad Throws Clause (Java)" WARNING_FILTER += allow class="Cast: Integer to Floating Point (Java)" WARNING_FILTER += allow class="Cast: int Computation to long (Java)" WARNING_FILTER += allow class="Class Enables Debug Features (Java)" WARNING_FILTER += allow class="Clone Call to Super is Missing (Java)" WARNING_FILTER += allow class="Code Injection (Java)" WARNING_FILTER += allow class="Command Injection (Java)" WARNING_FILTER += allow class="Comparison to Class Names (Java)" WARNING_FILTER += allow class="Comparison to Empty String (Java)" WARNING_FILTER += allow class="Cross Site Scripting (Java)" WARNING_FILTER += allow class="Cross Site Scripting In Error Message Web Page (Java)" WARNING_FILTER += allow class="DLL Injection (Java)" WARNING_FILTER += allow class="DOS Injection (Java)" WARNING_FILTER += allow class="Debug Call (Java)" WARNING_FILTER += allow class="Debug Warning (Java)" WARNING_FILTER += allow class="Defines equals but not hashCode (Java)" WARNING_FILTER += allow class="Defines hashCode but not equals (Java)" WARNING_FILTER += allow class="Direct Thread Usage in Http Servlet (Java)" WARNING_FILTER += allow class="Double-Checked Locking (Java)" WARNING_FILTER += allow class="Exception Information Disclosure (Java)" WARNING_FILTER += allow class="Explicit Finalize (Java)" WARNING_FILTER += allow class="Format String Injection (Java)" WARNING_FILTER += allow class="Fragment Injection (Java)" WARNING_FILTER += allow class="Generic Exception Handler (Java)" WARNING_FILTER += allow class="Inappropriate Exception Handler (Java)" WARNING_FILTER += allow class="Inefficient Box-Unbox (Java)" WARNING_FILTER += allow class="Inner Class Should be Static (Java)" WARNING_FILTER += allow class="Method Should Not Return null (Java)" WARNING_FILTER += allow class="Missing Call to super (Java)" WARNING_FILTER += allow class="Mutable Enumeration (Java)" WARNING_FILTER += allow class="Mutable Public Static Final Array (Java)" WARNING_FILTER += allow class="Non-Object compareTo Parameter (Java)" WARNING_FILTER += allow class="Null Parameter Dereference (Java)" WARNING_FILTER += allow class="Null Pointer Dereference (Java)" WARNING_FILTER += allow class="Open Redirect (Java)" WARNING_FILTER += allow class="Reflection Injection (Java)" WARNING_FILTER += allow class="Return null Array (Java)" WARNING_FILTER += allow class="Return null Boolean (Java)" WARNING_FILTER += allow class="Return null Optional (Java)" WARNING_FILTER += allow class="SQL Injection (Java)" WARNING_FILTER += allow class="Should Use equals() Instead of == (Java)" WARNING_FILTER += allow class="Synchronization on Interned String (Java)" WARNING_FILTER += allow class="Synchronization on static (Java)" WARNING_FILTER += allow class="Synchronous Call to Thread Body (Java)" WARNING_FILTER += allow class="Tainted @Trusted Value (Java)" WARNING_FILTER += allow class="Tainted Allocation Size (Java)" WARNING_FILTER += allow class="Tainted Bundle (Java)" WARNING_FILTER += allow class="Tainted Control (Java)" WARNING_FILTER += allow class="Tainted Data in Vulnerable Method (Java)" WARNING_FILTER += allow class="Tainted Expression Evaluation (Java)" WARNING_FILTER += allow class="Tainted HTTP Response (Java)" WARNING_FILTER += allow class="Tainted Hardware Device Property (Java)" WARNING_FILTER += allow class="Tainted LDAP Attribute (Java)" WARNING_FILTER += allow class="Tainted LDAP Filter (Java)" WARNING_FILTER += allow class="Tainted Log (Java)" WARNING_FILTER += allow class="Tainted Message (Java)" WARNING_FILTER += allow class="Tainted Network Address (Java)" WARNING_FILTER += allow class="Tainted Path (Java)" WARNING_FILTER += allow class="Tainted Regular Expression (Java)" WARNING_FILTER += allow class="Tainted Resource (Java)" WARNING_FILTER += allow class="Tainted Session (Java)" WARNING_FILTER += allow class="Tainted URL (Java)" WARNING_FILTER += allow class="Tainted XAML (Java)" WARNING_FILTER += allow class="Tainted XML (Java)" WARNING_FILTER += allow class="Tainted Xpath (Java)" WARNING_FILTER += allow class="Unchecked Parameter Dereference (Java)" WARNING_FILTER += allow class="Useless Synchronization (Java)" WARNING_FILTER += allow class="Useless volatile Modifier (Java)" WARNING_FILTER += allow class="clone Non-cloneable (Java)" WARNING_FILTER += allow class="clone not final (Java)" WARNING_FILTER += allow class="equals Parameter Should Be Object (Java)" WARNING_FILTER += allow class="equals on Array (Java)"