- #INITIALIZATION IN SWITCH CASE JAVA GENERATOR#
- #INITIALIZATION IN SWITCH CASE JAVA ARCHIVE#
- #INITIALIZATION IN SWITCH CASE JAVA ANDROID#
- #INITIALIZATION IN SWITCH CASE JAVA VERIFICATION#
Whitespace contradicts operator precedence. 
Using a static initialization vector for encryption. User-controlled data used in permissions check. User-controlled data in arithmetic expression. User-controlled bypass of sensitive method. Use of externally-controlled format string. #INITIALIZATION IN SWITCH CASE JAVA GENERATOR#
Use of a predictable seed in a secure random number generator. Use of a potentially dangerous function. Use of a potentially broken or risky cryptographic algorithm. Use of a cryptographic algorithm with insufficient key size. Use of a broken or risky cryptographic algorithm. #INITIALIZATION IN SWITCH CASE JAVA ANDROID#
Unsafe resource fetching in Android WebView.Uncontrolled data used in path expression.Uncontrolled data used in content resolution.Uncontrolled data in arithmetic expression.Type mismatch on container modification.Time-of-check time-of-use race condition.Synchronization on boxed types or strings.Serialization methods do not match required signature.Serializable inner class of non-serializable class.Result of multiplication cast to wider type.Resolving XML external entity in user-controlled data.ReadResolve must have Object return type, not void.
Race condition in socket authentication. Race condition in double-checked locking object initialization. Query built from user-controlled sources. Query built by concatenation with a possibly-untrusted string. Polynomial regular expression used on uncontrolled data. Partial path traversal vulnerability from remote. 
Overly permissive regular expression range.OGNL Expression Language statement with user-controlled input.Non-synchronized override of synchronized method.Non-final method invocation in constructor.Missing read or write permission in a content provider.Local information disclosure in a temporary directory.Leaking sensitive information through an implicit Intent.Leaking sensitive information through a ResultReceiver.LDAP query built from user-controlled sources.Insertion of sensitive information into log files.Information exposure through a stack trace.Incorrect absolute value of random number.Inconsistent synchronization of getter and setter.Inconsistent synchronization for writeObject().
#INITIALIZATION IN SWITCH CASE JAVA VERIFICATION#
Improper verification of intent by broadcast receiver. Improper validation of user-provided size used for array construction. Improper validation of user-provided array index. Implicit narrowing conversion in compound assignment. Implicit conversion from array to string. Hashed value without hashCode definition. Failure to use HTTPS or SFTP URL in Maven artifact upload/download. Externalizable but no public no-argument constructor. Expression always evaluates to the same value. Executing a command with a relative path. Equals method does not inspect argument type. Double-checked locking is not thread-safe. Detect JHipster Generator Vulnerability CVE-2019-16303. Deserialization of user-controlled data. Deprecated method or constructor invocation. Depending upon JCenter/Bintray as an artifact repository. Continue statement that does not continue. Container contents are never initialized. Confusing non-overriding of package-private method. Confusing method names because of capitalization. Comparison of narrow type with wide type in loop condition. Cleartext storage of sensitive information using a local database on Android. Cleartext storage of sensitive information using SharedPreferences on Android. Cleartext storage of sensitive information using ‘Properties’ class. Cleartext storage of sensitive information in the Android filesystem. Cleartext storage of sensitive information in cookie. Character passed to StringBuffer or StringBuilder constructor. Cast from abstract to concrete collection. Building a command line with string concatenation. #INITIALIZATION IN SWITCH CASE JAVA ARCHIVE#
Arbitrary file write during archive extraction (”Zip Slip”).Android fragment injection in PreferenceActivity.Android WebView that accepts all certificates.Android WebView settings allows access to content links.Access Java object methods through JavaScript exposure.
0 kommentar(er)
