| APP2060.4 |
JD.THREAD.RUN
Explicit call to a 'Thread.run' method
JD.UMC.FINALIZE
Explicit call to method 'Object.finalize'
JD.UMC.RUNFIN
runFinalizersOnExit() is called
|
| APP3050 |
JD.UN.MET
Unused non-private method
JD.UN.PMET
Unused private method
JD.VNU
Variable was never read after being assigned
JD.VNU.NULL
Variable was never read after null being assigned
SV.UMD.MAIN
Leftover debug code - main method
|
| APP3080 |
SV.PATH
Path and file name injection
|
| APP3100 |
SV.DOS.TMPFILEDEL
Leaving temporary file for lifetime of JVM
SV.DOS.TMPFILEEXIT
Leaving temporary file
|
| APP3120 |
ECC.EMPTY
Empty catch clause
EXC.BROADTHROWS
Method has an overly broad throws declaration
JD.CATCH
Catching runtime exception
JD.UNCAUGHT
Uncaught exception
RI.IGNOREDCALL
The value returned by a method called on immutable object is ignored
RI.IGNOREDNEW
Newly created object is ignored
RR.IGNORED
The returned value is ignored
|
| APP3150.2 |
SV.RANDOM
Use of insecure Random number generator
|
| APP3310 |
SV.PASSWD.PLAIN
Plain-text Password
|
| APP3320.1 |
SV.PASSWD.HC.EMPTY
Empty Password
|
| APP3330 |
SV.PASSWD.PLAIN
Plain-text Password
|
| APP3340 |
SV.PASSWD.HC
Hardcoded Password
SV.PASSWD.PLAIN
Plain-text Password
|
| APP3350 |
SV.PASSWD.HC
Hardcoded Password
SV.PASSWD.HC.EMPTY
Empty Password
|
| APP3510 |
SV.DATA.BOUND
Untrusted Data leaks into trusted storage
SV.LDAP
Unvalidated user input is used as LDAP filter
SV.XPATH
Unvalidated user input is used as an XPath expression
|
| APP3530 |
SV.DATA.DB
Data injection
SV.SQL
Sql Injection
SV.SQL.DBSOURCE
Unchecked information from the database is used in SQL statements
SV.STRUTS.NOTVALID
Struts Forms: inconsistent validate
SV.STRUTS.VALIDMET
Struts Forms: validate method
|
| APP3540.1 |
SV.DATA.DB
Data injection
SV.SQL
Sql Injection
SV.SQL.DBSOURCE
Unchecked information from the database is used in SQL statements
SV.STRUTS.NOTVALID
Struts Forms: inconsistent validate
SV.STRUTS.VALIDMET
Struts Forms: validate method
|
| APP3540.4 |
SV.SQL.DBSOURCE
Unchecked information from the database is used in SQL statements
|
| APP3550 |
SV.INT_OVF
Tainted data may lead to Integer Overflow
|
| APP3570 |
SV.DATA.BOUND
Untrusted Data leaks into trusted storage
SV.EMAIL
Unchecked e-mail
SV.EXEC
Process Injection
SV.EXEC.DIR
Process Injection. Working Directory
SV.EXEC.ENV
Process Injection. Environment Variables
SV.LDAP
Unvalidated user input is used as LDAP filter
SV.PATH
Path and file name injection
SV.PATH.INJ
File injection
|
| APP3580 |
SV.DATA.DB
Data injection
SV.HTTP_SPLIT
Http Response Splitting
SV.STRUTS.NOTVALID
Struts Forms: inconsistent validate
SV.STRUTS.VALIDMET
Struts Forms: validate method
SV.XSS.DB
Cross Site Scripting (Stored XSS)
SV.XSS.REF
Cross Site Scripting (Reflected XSS)
|
| APP3590.1 |
SV.TAINT_NATIVE
Tainted data goes to native code
|
| APP3620 |
SV.IL.DEV
Design information leakage
SV.IL.FILE
File Name Leaking
SV.STRUTS.NOTRESET
Struts Forms: inconsistent reset
|
| APP3630.1 |
JD.NEXT
Possible 'NoSuchElementException'
JD.SYNC.IN
Inconsistent synchronization
SV.STRUTS.STATIC
Struts Forms: static fields
|
| APP3630.3 |
JD.THREAD.RUN
Explicit call to a 'Thread.run' method
SV.SHARED.VAR
Unsynchronized access to static variable from servlet
SV.UMC.THREADS
Bad practices: use of thread management
|
| APP3630.4 |
JD.LOCK
Lock without unlock
JD.LOCK.NOTIFY
Method 'notify' called with locks held
JD.LOCK.SLEEP
Method 'sleep' called with locks held
JD.LOCK.WAIT
Method 'wait' called with locks held
|
| APP3760 |
SV.DOS.ARRSIZE
Tainted size used for array allocation
SV.DOS.TMPFILEDEL
Leaving temporary file for lifetime of JVM
SV.DOS.TMPFILEEXIT
Leaving temporary file
SV.SHARED.VAR
Unsynchronized access to static variable from servlet
SV.TAINT_NATIVE
Tainted data goes to native code
SV.TMPFILE
Temporary file path tampering
SV.UMC.EXIT
The System.exit() and Runtime.exit() method calls should not be used in servlets code
|
| APP3780 |
SV.DOS.ARRINDEX
Tainted index used for array access
SV.DOS.ARRSIZE
Tainted size used for array allocation
SV.DOS.TMPFILEDEL
Leaving temporary file for lifetime of JVM
SV.DOS.TMPFILEEXIT
Leaving temporary file
SV.SHARED.VAR
Unsynchronized access to static variable from servlet
SV.TAINT_NATIVE
Tainted data goes to native code
SV.TMPFILE
Temporary file path tampering
SV.UMC.EXIT
The System.exit() and Runtime.exit() method calls should not be used in servlets code
|
| APP3800 |
JD.INF.AREC
Apparent infinite recursion
JD.LOCK
Lock without unlock
JD.LOCK.NOTIFY
Method 'notify' called with locks held
JD.LOCK.SLEEP
Method 'sleep' called with locks held
JD.LOCK.WAIT
Method 'wait' called with locks held
|
| APP3810 |
SV.XPATH
Unvalidated user input is used as an XPath expression
|
