📄️ Prevent database resource leaks (CodeQL)
codeql:java/database-resource-leak
📄️ Prevent resource leaks (CodeQL)
codeql:java/input-resource-leak
📄️ Added secure flag to HTTP cookies (CodeQL)
codeql:java/insecure-cookie
📄️ Expression language injection (JEXL) (CodeQL)
codeql:java/jexl-expression-injection
📄️ Failure to use HTTPS or SFTP URL in Maven artifact upload/download (CodeQL)
codeql:java/maven/non-https-url
📄️ Switch JWT calls to versions that enforce signature validity (CodeQL)
codeql:java/missing-jwt-signature-check
📄️ Prevent resource leaks (CodeQL)
codeql:java/output-resource-leak
📄️ Prevent information leak of stack trace details to HTTP responses (CodeQL)
codeql:java/stack-trace-exposure
📄️ Add clarifying braces to misleading code
pixee:java/add-clarifying-braces
📄️ Hardened LDAP call against deserialization attacks
pixee:java/disable-dircontext-deserialization
📄️ Introduced protections against XSS attacks in JSP scriptlets
pixee:java/encode-jsp-scriptlet
📄️ Introduced protections against verb tampering attacks (authN/authZ bypass)
pixee:java/fix-verb-tampering
📄️ Introduced protections against deserialization attacks
pixee:java/harden-java-deserialization
📄️ Introduced protections against system command injection
pixee:java/harden-process-creation
📄️ Hardened XMLDecoder usage to prevent common attacks
pixee:java/harden-xmldecoder-stream
📄️ Introduced protections against XXE attacks
pixee:java/harden-xmlinputfactory
📄️ Hardened XStream with a converter to prevent exploitation
pixee:java/harden-xstream
📄️ Introduced protections against "zip slip" attacks
pixee:java/harden-zip-entry-paths
📄️ Refactored to use parameterized HQL APIs
pixee:java/hql-parameterizer
📄️ Protect `readLine()` against DoS
pixee:java/limit-readline
📄️ Strengthened cipher seed with more unpredictable value
pixee:java/make-prng-seed-unpredictable
📄️ Prevent file descriptor leak and modernize BufferedWriter creation
pixee:java/prevent-filewriter-leak-with-nio
📄️ Replaced deprecated and insecure Apache HTTP client
pixee:java/replace-apache-defaulthttpclient
📄️ Sandboxed URL creation to prevent SSRF attacks
pixee:java/sandbox-url-creation
📄️ Sanitized user-provided file names in HTTP multipart uploads
pixee:java/sanitize-apache-multipart-filename
📄️ Sanitized user-provided file names in HTTP multipart uploads
pixee:java/sanitize-spring-multipart-filename
📄️ Introduced protections against predictable RNG abuse
pixee:java/secure-random
📄️ Refactored to use parameterized SQL APIs
pixee:java/sql-parameterizer
📄️ Introduced protections against HTTP header injection / smuggling attacks
pixee:java/strip-http-header-newlines
📄️ Switch order of literals to prevent NullPointerException
pixee:java/switch-literal-first
📄️ Switch to StandardCharsets fields instead of strings
pixee:java/switch-to-standard-charsets
📄️ Upgraded SSLContext#getInstance() TLS versions to match current best practices
pixee:java/upgrade-sslcontext-tls
📄️ Upgraded SSLEngine#setEnabledProtocols() TLS versions to match current best practices
pixee:java/upgrade-sslengine-tls
📄️ Upgraded SSLParameters#setProtocols() TLS versions to match current best practices
pixee:java/upgrade-sslparameters-tls
📄️ Upgraded SSLSocket#setEnabledProtocols() TLS versions to match current best practices
pixee:java/upgrade-sslsocket-tls
📄️ Modernize and secure temp file creation
pixee:java/upgrade-tempfile-to-nio
📄️ Use empty for Collection#toArray([])
pixee:java/use-empty-for-toarray
📄️ Introduced protections against user-controlled internal request forwarding
pixee:java/validate-jakarta-forward-path
📄️ Replaced @RequestMapping annotation with shortcut annotation for requested HTTP Method
pixee:java/verbose-request-mapping
📄️ Fixed overly permissive file permissions (issue discovered by Semgrep)
semgrep:java/java.lang.security.audit.overly-permissive-file-permission.overly-permissive-file-permission
📄️ Added missing @Override parameter (Sonar)
sonar:java/add-missing-override-s1161
📄️ Set private constructor to hide implicit public constructor (Sonar)
sonar:java/avoid-implicit-public-constructor-s1118
📄️ Split variable declarations into their own statements (Sonar)
sonar:java/declare-variable-on-separate-line-s1659
📄️ Define a constant for a literal string that is duplicated n times (Sonar)
sonar:java/define-constant-for-duplicate-literal-s1192
📄️ Implemented parsing usage when converting Strings to primitives (Sonar)
sonar:java/harden-string-parse-to-primitives-s2130
📄️ Added missing synchronized keyword (Sonar)
sonar:java/overrides-match-synchronization-s3551
📄️ Removed block of commented-out lines of code (Sonar)
sonar:java/remove-commented-code-s125
📄️ Removed redundant static flag on enum (Sonar)
sonar:java/remove-redundant-static-s2786
📄️ Remove redundant variable creation expression when it is only returned/thrown (Sonar)
sonar:java/remove-redundant-variable-creation-s1488
📄️ Removed unused local variable (Sonar)
sonar:java/remove-unused-local-variable-s1481
📄️ Removed unused private method (Sonar)
sonar:java/remove-unused-private-method-s1144
📄️ Remove useless parentheses (Sonar)
sonar:java/remove-useless-parentheses-s1110
📄️ Replaced `Stream.collect(Collectors.toList())` with `Stream.toList()` (Sonar)
sonar:java/replace-stream-collectors-to-list-s6204
📄️ Replace `@Controller` with `@RestController` and remove `@ResponseBody` annotations (Sonar)
sonar:java/simplify-rest-controller-annotations-s6833
📄️ Fixed inefficient usage of `String#replaceAll()` (Sonar)
sonar:java/substitute-replaceAll-s5361