# This preset enables all Java warning classes # # Enable the advanced injection engine for deeper taint propagation. # JAVA_ANALYSIS_ADVANCED_INJECTION = Yes # # These warning classes are disabled by default. # WARNING_FILTER += allow class="Actual Parameter Element may be null (Java)" WARNING_FILTER += allow class="Android Message Injection (Java)" WARNING_FILTER += allow class="Android URL Injection (Java)" WARNING_FILTER += allow class="Certificate Added to Root Store (Java)" WARNING_FILTER += allow class="Deprecated Transfer Protocol (Java)" WARNING_FILTER += allow class="Deserializable Class (Java)" WARNING_FILTER += allow class="Deserializing Non-Serializable Class (Java)" WARNING_FILTER += allow class="Field Element may be null (deep) (Java)" WARNING_FILTER += allow class="Field Too Visible (Java)" WARNING_FILTER += allow class="Field may be null (deep) (Java)" WARNING_FILTER += allow class="Hardcoded IP Address (Java)" WARNING_FILTER += allow class="Inadequate Salt (Java)" WARNING_FILTER += allow class="Insecure Class Loader (Java)" WARNING_FILTER += allow class="Method Disables Security Setting (Java)" WARNING_FILTER += allow class="Method Should be final (Java)" WARNING_FILTER += allow class="Method Should be private (Java)" WARNING_FILTER += allow class="Missing synchronized Statement (Java)" WARNING_FILTER += allow class="Mutable Constant Field (Java)" WARNING_FILTER += allow class="Naming Style Violation (Java)" WARNING_FILTER += allow class="Null Pointer Dereference (deep) (Java)" WARNING_FILTER += allow class="Return Value may Contain null Element (Java)" WARNING_FILTER += allow class="Return Value may be null (Java)" WARNING_FILTER += allow class="Security Annotation Conflict (Java)" WARNING_FILTER += allow class="Sensitive Data Cached (Java)" WARNING_FILTER += allow class="Sensitive Data Written to External Storage (Java)" WARNING_FILTER += allow class="Sensitive Data Written to Local File (Java)" WARNING_FILTER += allow class="Serialization Not Disabled (Java)" WARNING_FILTER += allow class="Static Field Too Visible (Java)" WARNING_FILTER += allow class="Unchecked Parameter Dereference (deep) (Java)" WARNING_FILTER += allow class="Unchecked Parameter Element Dereference (deep) (Java)" WARNING_FILTER += allow class="Unguarded Field (Java)" WARNING_FILTER += allow class="Unguarded Method (Java)" WARNING_FILTER += allow class="Unguarded Parameter (Java)" WARNING_FILTER += allow class="Unsafe Base64 Encoding (Java)" WARNING_FILTER += allow class="Useless null Test (Java)" WARNING_FILTER += allow class="Useless null Test of Field (Java)" WARNING_FILTER += allow class="Useless null Test of Parameter (Java)" WARNING_FILTER += allow class="Useless null Test of Return Value (Java)" WARNING_FILTER += allow class="clone Subclass of Non-clonable (Java)" WARNING_FILTER += allow class="null Passed to Method (deep) (Java)" # Classes below are enabled by default: they are included for # completeness, in case they have been disabled by a previous rule. # Note that this default enabling means that a class may remain # enabled even if its WARNING_FILTER rule is commented out below. WARNING_FILTER += allow class="== Always Fails Because Types Always Different (Java)" WARNING_FILTER += allow class="Abs on random (Java)" WARNING_FILTER += allow class="Accessing File in Permissive Mode (Java)" WARNING_FILTER += allow class="Ambiguous Call from Inner Class (Java)" WARNING_FILTER += allow class="Android Leak (Java)" WARNING_FILTER += allow class="Anonymous LDAP Authentication (Java)" WARNING_FILTER += allow class="Approximate e Constant (Java)" WARNING_FILTER += allow class="Approximate pi Constant (Java)" WARNING_FILTER += allow class="Array Parameter Empty (Java)" WARNING_FILTER += allow class="Assertion Contains Side Effects (Java)" WARNING_FILTER += allow class="Assignment in Conditional (Java)" WARNING_FILTER += allow class="Asymmetric compareTo (Java)" WARNING_FILTER += allow class="Bitwise AND on Boolean (Java)" WARNING_FILTER += allow class="Bitwise AND on Boolean Constant (Java)" WARNING_FILTER += allow class="Bitwise OR on Boolean (Java)" WARNING_FILTER += allow class="Bitwise OR on Boolean Constant (Java)" WARNING_FILTER += allow class="Blocking in Critical Section (Java)" WARNING_FILTER += allow class="Broad Throws Clause (Java)" WARNING_FILTER += allow class="Call Might Return Null (Java)" WARNING_FILTER += allow class="Cast: Integer to Floating Point (Java)" WARNING_FILTER += allow class="Cast: int Computation to long (Java)" WARNING_FILTER += allow class="Class Enables Debug Features (Java)" WARNING_FILTER += allow class="Clone Call to Super is Missing (Java)" WARNING_FILTER += allow class="Closeable Not Closed (Java)" WARNING_FILTER += allow class="Closeable Not Stored (Java)" WARNING_FILTER += allow class="Code Injection (Java)" WARNING_FILTER += allow class="Command Injection (Java)" WARNING_FILTER += allow class="Comparison to Class Names (Java)" WARNING_FILTER += allow class="Comparison to Empty String (Java)" WARNING_FILTER += allow class="Copy-Paste Error" WARNING_FILTER += allow class="Cross Site Scripting (Java)" WARNING_FILTER += allow class="Cross Site Scripting In Error Message Web Page (Java)" WARNING_FILTER += allow class="Cryptographic Algorithm with Risky Default Cipher (Java)" WARNING_FILTER += allow class="Cryptographic Algorithm with Weak Cipher (Java)" WARNING_FILTER += allow class="Cryptographic Algorithm with Weak Hash (Java)" WARNING_FILTER += allow class="DLL Injection (Java)" WARNING_FILTER += allow class="DOS Injection (Java)" WARNING_FILTER += allow class="Debug Call (Java)" WARNING_FILTER += allow class="Debug Warning (Java)" WARNING_FILTER += allow class="Defines equals but not hashCode (Java)" WARNING_FILTER += allow class="Defines hashCode but not equals (Java)" WARNING_FILTER += allow class="Deprecated Cryptography Provider (Java)" WARNING_FILTER += allow class="Direct Thread Usage in Http Servlet (Java)" WARNING_FILTER += allow class="Double-Checked Locking (Java)" WARNING_FILTER += allow class="Empty Branch Statement (Java)" WARNING_FILTER += allow class="Empty Exception Handler (Java)" WARNING_FILTER += allow class="Empty jar File Archived (Java)" WARNING_FILTER += allow class="Empty zip File Archived (Java)" WARNING_FILTER += allow class="Exception Information Disclosure (Java)" WARNING_FILTER += allow class="Execution After Redirect (Java)" WARNING_FILTER += allow class="Explicit Finalize (Java)" WARNING_FILTER += allow class="Field Never Read (Java)" WARNING_FILTER += allow class="Field Never Written (Java)" WARNING_FILTER += allow class="Floating Point Equality (Java)" WARNING_FILTER += allow class="Format String Injection (Java)" WARNING_FILTER += allow class="Fragment Injection (Java)" WARNING_FILTER += allow class="Generic Exception Handler (Java)" WARNING_FILTER += allow class="Hardcoded Cryptographic Key (Java)" WARNING_FILTER += allow class="Hardcoded Filename (Java)" WARNING_FILTER += allow class="Hardcoded Password (Java)" WARNING_FILTER += allow class="Hardcoded Random Seed (Java)" WARNING_FILTER += allow class="Hostname in Condition (Java)" WARNING_FILTER += allow class="Ignored Return Value (Java)" WARNING_FILTER += allow class="Ignored Return Value for Pure Function (Java)" WARNING_FILTER += allow class="Impossible Client Side Locking (Java)" WARNING_FILTER += allow class="Impossible reference comparison (Java)" WARNING_FILTER += allow class="Inappropriate Exception Handler (Java)" WARNING_FILTER += allow class="Inappropriate Instanceof (Java)" WARNING_FILTER += allow class="Ineffective Cleansing of Fragment Taint (Java)" WARNING_FILTER += allow class="Inefficient Bitwise AND (Java)" WARNING_FILTER += allow class="Inefficient Bitwise OR (Java)" WARNING_FILTER += allow class="Inefficient Box-Unbox (Java)" WARNING_FILTER += allow class="Inefficient Instantiation (Java)" WARNING_FILTER += allow class="Inner Class Should be Static (Java)" WARNING_FILTER += allow class="Insecure Cookie (Java)" WARNING_FILTER += allow class="Insecure Key Derivation (Java)" WARNING_FILTER += allow class="Insecure Random Number Generator (Java)" WARNING_FILTER += allow class="Insecure Socket Factory (Java)" WARNING_FILTER += allow class="Insecure XSLT Execution (Java)" WARNING_FILTER += allow class="Insecure verifier Override for Hostname (Java)" WARNING_FILTER += allow class="Insecure verify Override for Certificate (Java)" WARNING_FILTER += allow class="Instanceof Always False (Java)" WARNING_FILTER += allow class="Instanceof Always True (Java)" WARNING_FILTER += allow class="JavaScript Enabled (Java)" WARNING_FILTER += allow class="JavaScript File Access from File URLs (Java)" WARNING_FILTER += allow class="LDAP Authentication Disabled (Java)" WARNING_FILTER += allow class="Lambda Parameter may be null (Java)" WARNING_FILTER += allow class="Legacy Random Generator (Java)" WARNING_FILTER += allow class="Method Enables Debug Features (Java)" WARNING_FILTER += allow class="Method Names Differ Only in Case (Java)" WARNING_FILTER += allow class="Method Should Not Return null (Java)" WARNING_FILTER += allow class="Missing Authentication Annotation (Java)" WARNING_FILTER += allow class="Missing Call to super (Java)" WARNING_FILTER += allow class="Missing Equals Override (Java)" WARNING_FILTER += allow class="Missing JavaScript Entry Point (Java)" WARNING_FILTER += allow class="Missing JavaScript Execution (Java)" WARNING_FILTER += allow class="Missing Required Cryptographic Step (Java)" WARNING_FILTER += allow class="Missing Serial Version Field (Java)" WARNING_FILTER += allow class="Missing isValidFragment Override (Java)" WARNING_FILTER += allow class="Mutable Enumeration (Java)" WARNING_FILTER += allow class="Mutable Public Static Final Array (Java)" WARNING_FILTER += allow class="Non-Object compareTo Parameter (Java)" WARNING_FILTER += allow class="Non-overriding Method Signature (Java)" WARNING_FILTER += allow class="Nonserializable Field (Java)" WARNING_FILTER += allow class="Nonserializable Field Element (Java)" WARNING_FILTER += allow class="Nonserializable Outer Class (Java)" WARNING_FILTER += allow class="Null Parameter Dereference (Java)" WARNING_FILTER += allow class="Null Pointer Dereference (Java)" WARNING_FILTER += allow class="Open Redirect (Java)" WARNING_FILTER += allow class="Password in Property File (Java)" WARNING_FILTER += allow class="Permissive File Mode (Java)" WARNING_FILTER += allow class="Possible XML External Entity Reference (Java)" WARNING_FILTER += allow class="Potential Infinite Recursion (Java)" WARNING_FILTER += allow class="Potential LDAP Poisoning (Java)" WARNING_FILTER += allow class="Redundant Call for Integral Argument (Java)" WARNING_FILTER += allow class="Redundant Call for String Argument (Java)" WARNING_FILTER += allow class="Redundant Condition (Java)" WARNING_FILTER += allow class="Redundant Implements Clause (Java)" WARNING_FILTER += allow class="Reflection Bypasses Member Accessibility (Java)" WARNING_FILTER += allow class="Reflection Injection (Java)" WARNING_FILTER += allow class="Reflection Modifies Member Accessibility (Java)" WARNING_FILTER += allow class="Return null Array (Java)" WARNING_FILTER += allow class="Return null Boolean (Java)" WARNING_FILTER += allow class="Return null Optional (Java)" WARNING_FILTER += allow class="Risky Cipher Algorithm (Java)" WARNING_FILTER += allow class="Risky Cipher Field (Java)" WARNING_FILTER += allow class="Risky Class Cast (Java)" WARNING_FILTER += allow class="Risky Cryptographic Algorithm (Java)" WARNING_FILTER += allow class="Risky Cryptographic Field (Java)" WARNING_FILTER += allow class="Risky JavaScript Interface (Java)" WARNING_FILTER += allow class="Risky array store (Java)" WARNING_FILTER += allow class="SQL Injection (Java)" WARNING_FILTER += allow class="Shadowed Identifier (Java)" WARNING_FILTER += allow class="Should Use == Instead of equals() (Java)" WARNING_FILTER += allow class="Should Use equals() Instead of == (Java)" WARNING_FILTER += allow class="Single-use Random Number Generator (Java)" WARNING_FILTER += allow class="Static Field Assigned Non-Static (Java)" WARNING_FILTER += allow class="Synchronization on Interned String (Java)" WARNING_FILTER += allow class="Synchronization on static (Java)" WARNING_FILTER += allow class="Synchronous Call to Thread Body (Java)" WARNING_FILTER += allow class="Tainted @Trusted Value (Java)" WARNING_FILTER += allow class="Tainted Allocation Size (Java)" WARNING_FILTER += allow class="Tainted Bundle (Java)" WARNING_FILTER += allow class="Tainted Control (Java)" WARNING_FILTER += allow class="Tainted Data in Vulnerable Method (Java)" WARNING_FILTER += allow class="Tainted Expression Evaluation (Java)" WARNING_FILTER += allow class="Tainted HTTP Response (Java)" WARNING_FILTER += allow class="Tainted Hardware Device Property (Java)" WARNING_FILTER += allow class="Tainted LDAP Attribute (Java)" WARNING_FILTER += allow class="Tainted LDAP Filter (Java)" WARNING_FILTER += allow class="Tainted Log (Java)" WARNING_FILTER += allow class="Tainted Message (Java)" WARNING_FILTER += allow class="Tainted Network Address (Java)" WARNING_FILTER += allow class="Tainted Path (Java)" WARNING_FILTER += allow class="Tainted Regular Expression (Java)" WARNING_FILTER += allow class="Tainted Resource (Java)" WARNING_FILTER += allow class="Tainted Session (Java)" WARNING_FILTER += allow class="Tainted URL (Java)" WARNING_FILTER += allow class="Tainted XAML (Java)" WARNING_FILTER += allow class="Tainted XML (Java)" WARNING_FILTER += allow class="Tainted Xpath (Java)" WARNING_FILTER += allow class="Unchecked Parameter Dereference (Java)" WARNING_FILTER += allow class="Unexpected Serial Version Field (Java)" WARNING_FILTER += allow class="Universal JavaScript Access to File URLs (Java)" WARNING_FILTER += allow class="Unnecessary Field (Java)" WARNING_FILTER += allow class="Unnecessary Instantiation for GetClass (Java)" WARNING_FILTER += allow class="Unreachable Instruction (Java)" WARNING_FILTER += allow class="Unsafe Session Expiration Time (Java)" WARNING_FILTER += allow class="Unsafe hash comparison (Java)" WARNING_FILTER += allow class="Untrusted Network Host (Java)" WARNING_FILTER += allow class="Unused Class (Java)" WARNING_FILTER += allow class="Unused Field (Java)" WARNING_FILTER += allow class="Unused Method (Java)" WARNING_FILTER += allow class="Unused Object (Java)" WARNING_FILTER += allow class="Unused Value: Actual Parameter (Java)" WARNING_FILTER += allow class="Unused Value: Variable (Java)" WARNING_FILTER += allow class="Unused Value: Write to Parameter (Java)" WARNING_FILTER += allow class="Use of Hardware ID (Java)" WARNING_FILTER += allow class="Use of Hash without a Salt (Java)" WARNING_FILTER += allow class="Use of Insecure verify for Certificate (Java)" WARNING_FILTER += allow class="Use of Insecure verify for Hostname (Java)" WARNING_FILTER += allow class="Use of Same Seed (Java)" WARNING_FILTER += allow class="Useless Assignment (Java)" WARNING_FILTER += allow class="Useless Assignment to Default (Java)" WARNING_FILTER += allow class="Useless Class Cast (Java)" WARNING_FILTER += allow class="Useless Synchronization (Java)" WARNING_FILTER += allow class="Useless volatile Modifier (Java)" WARNING_FILTER += allow class="Weak Cryptographic Value (Java)" WARNING_FILTER += allow class="Weak Hash Algorithm (Java)" WARNING_FILTER += allow class="Weak Hash Algorithm Field (Java)" WARNING_FILTER += allow class="Weak Initialization Vector Field (Java)" WARNING_FILTER += allow class="Weak Initialization Vector Value (Java)" WARNING_FILTER += allow class="clone Non-cloneable (Java)" WARNING_FILTER += allow class="clone not final (Java)" WARNING_FILTER += allow class="compareTo in Non-Comparable Class (Java)" WARNING_FILTER += allow class="compareTo without equals (Java)" WARNING_FILTER += allow class="compareTo/equals mismatch (Java)" WARNING_FILTER += allow class="equals Always Fails (Java)" WARNING_FILTER += allow class="equals Parameter Should Be Object (Java)" WARNING_FILTER += allow class="equals on Array (Java)" WARNING_FILTER += allow class="toString on Array (Java)"