Java Warning Classes

JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

If you access the manual through the hub's Web GUI, the functionality will not be suppressed because the hub is a web server.
Alternatively, your browser may allow you to explicitly disable the security setting that suppresses functionality. See the CodeSonar FAQ for more information.

The CodeSonar Java analysis is suitable for Java source and binaries targeting the following.

Java 1.1-22.

Android API 15-28

Important Note: CodeSonar projects are built from Java bytecode (.class or archive files). However, CodeSonar will only analyze those parts of the project for which corresponding source code (.java files) is also available, because warning reports are not useful or comprehensible without source information.

The Java warning classes can be divided into four groups.

Warning classes that are enabled by default.

Warning classes that are disabled by default, may involve complex triggering contexts, and are based on checks that are generally cost-intensive and produce many warnings.
We refer to this group as (disabled) deep Java warning classes.

You can enable all these classes with the java_deep preset.
The deep and pedantic sets are disjoint: no warning class is characterized as both deep and pedantic.

Warning classes that are disabled by default, describe issues that some users may consider safe to ignore, and are based on checks that are generally lightweight and may produce many warnings.
We refer to this group as disabled pedantic Java warning classes.

You can enable all these classes with the java_pendantic preset.
The deep and pedantic sets are disjoint: no warning class is characterized as both deep and pedantic.

Warning classes whose significance is 'security'. This is considered a fourth group in order to ensure that every Java warning class is in at least one group. In particular, there are Java warning classes that are disabled by default but considered neither deep nor pendantic, but all such classes are in the security group.
We refer to this group as Java security warning classes.

You can enable all these classes with the java_security preset.
A Java warning class that is disabled by default will always belong to at least one of {security, deep, pedantic}. However, it cannot belong to all three since the deep and pedantic sets are disjoint.
There are also security warning classes that are enabled by default.

There are several configuration presets that are specific to the Java analysis, as well as a number of presets that apply across all analyzed source languages.

Preset	Notes
java_complete	Enables all Java warning classes
java_security, java_deep, java_pedantic	Enable the security, deep, and pedantic Java warning classes, respectively.
certjava	Enable all warning classes associated with rules and recommendations in the SEI CERT Oracle Coding Standard for Java.

Preset

Notes

java_complete

Enables all Java warning classes

java_security, java_deep, java_pedantic

Enable the security, deep, and pedantic Java warning classes, respectively.

certjava

Enable all warning classes associated with rules and recommendations in the SEI CERT Oracle Coding Standard for Java.

CodeSonar will perform checks for warnings in these classes by default. If there are classes on this list for which you do not wish to see warnings, use WARNING_FILTER discard rules to instruct CodeSonar accordingly.

日本語クラス名	クラス名	ニーモニック
== Always Fails Because Types Always Different (Java)	== Always Fails Because Types Always Different (Java)	JAVA.REDUNDANT.EQF.TYPE
Abs on random (Java)	Abs on random (Java)	JAVA.MATH.ABSRAND
Accessing File in Permissive Mode (Java)	Accessing File in Permissive Mode (Java)	JAVA.IO.PERM.ACCESS
Ambiguous Call from Inner Class (Java)	Ambiguous Call from Inner Class (Java)	JAVA.CLASS.ACIC
Android Leak (Java)	Android Leak (Java)	JAVA.ALLOC.LEAK.ANDROID
Anonymous LDAP Authentication (Java)	Anonymous LDAP Authentication (Java)	JAVA.INSEC.LDAP.ANON
Approximate e Constant (Java)	Approximate e Constant (Java)	JAVA.MATH.APPROX.E
Approximate pi Constant (Java)	Approximate pi Constant (Java)	JAVA.MATH.APPROX.PI
Array Parameter Empty (Java)	Array Parameter Empty (Java)	JAVA.FUNCS.APE
Assertion Contains Side Effects (Java)	Assertion Contains Side Effects (Java)	JAVA.STRUCT.SE.ASSERT
Assignment in Conditional (Java)	Assignment in Conditional (Java)	JAVA.STRUCT.CONDASSIG
Asymmetric compareTo (Java)	Asymmetric compareTo (Java)	JAVA.COMPARE.CTO.ASSYM
Bitwise AND on Boolean (Java)	Bitwise AND on Boolean (Java)	JAVA.STRUCT.BW.AND
Bitwise AND on Boolean Constant (Java)	Bitwise AND on Boolean Constant (Java)	JAVA.STRUCT.BW.ANDC
Bitwise OR on Boolean (Java)	Bitwise OR on Boolean (Java)	JAVA.STRUCT.BW.OR
Bitwise OR on Boolean Constant (Java)	Bitwise OR on Boolean Constant (Java)	JAVA.STRUCT.BW.ORC
Blocking in Critical Section (Java)	Blocking in Critical Section (Java)	JAVA.CONCURRENCY.STARVE.BLOCKING
Broad Throws Clause (Java)	Broad Throws Clause (Java)	JAVA.STRUCT.EXCP.BROAD
Call Might Return Null (Java)	Call Might Return Null (Java)	JAVA.NULL.RET.UNCHECKED
Cast: Integer to Floating Point (Java)	Cast: Integer to Floating Point (Java)	JAVA.CAST.FTRUNC
Cast: int Computation to long (Java)	Cast: int Computation to long (Java)	JAVA.ARITH.OFLOW
Class Enables Debug Features (Java)	Class Enables Debug Features (Java)	JAVA.DEBUG.CEDF
Clone Call to Super is Missing (Java)	Clone Call to Super is Missing (Java)	JAVA.CLASS.CLONE.CCSM
Closeable Not Closed (Java)	Closeable Not Closed (Java)	JAVA.ALLOC.LEAK.NOTCLOSED
Closeable Not Stored (Java)	Closeable Not Stored (Java)	JAVA.ALLOC.LEAK.NOTSTORED
Code Injection (Java)	Code Injection (Java)	JAVA.IO.INJ.CODE
Command Injection (Java)	Command Injection (Java)	JAVA.IO.INJ.COMMAND
Comparison to Class Names (Java)	Comparison to Class Names (Java)	JAVA.COMPARE.EQUALS.CN
Comparison to Empty String (Java)	Comparison to Empty String (Java)	JAVA.COMPARE.EMPTYSTR
Cross Site Scripting (Java)	Cross Site Scripting (Java)	JAVA.IO.INJ.XSS
Cross Site Scripting In Error Message Web Page (Java)	Cross Site Scripting In Error Message Web Page (Java)	JAVA.IO.INJ.XSS.EMWP
Cryptographic Algorithm with Risky Default Cipher (Java)	Cryptographic Algorithm with Risky Default Cipher (Java)	JAVA.CRYPTO.CADRC
Cryptographic Algorithm with Weak Cipher (Java)	Cryptographic Algorithm with Weak Cipher (Java)	JAVA.CRYPTO.CARC
Cryptographic Algorithm with Weak Hash (Java)	Cryptographic Algorithm with Weak Hash (Java)	JAVA.CRYPTO.CAWH
DLL Injection (Java)	DLL Injection (Java)	JAVA.IO.INJ.DLL
DOS Injection (Java)	DOS Injection (Java)	JAVA.IO.INJ.DENIAL
Debug Call (Java)	Debug Call (Java)	JAVA.DEBUG.CALL
Debug Warning (Java)	Debug Warning (Java)	JAVA.DEBUG.LOG
Defines equals but not hashCode (Java)	Defines equals but not hashCode (Java)	JAVA.IDEF.EQUALSNOHC
Defines hashCode but not equals (Java)	Defines hashCode but not equals (Java)	JAVA.IDEF.HCNOEQUALS
Deprecated Cryptography Provider (Java)	Deprecated Cryptography Provider (Java)	JAVA.CRYPTO.DEPRECATED
Direct Thread Usage in Http Servlet (Java)	Direct Thread Usage in Http Servlet (Java)	JAVA.INSEC.HTTP.DTU
Double-Checked Locking (Java)	Double-Checked Locking (Java)	JAVA.CONCURRENCY.LOCK.DCL
Empty Branch Statement (Java)	Empty Branch Statement (Java)	JAVA.STRUCT.EBS
Empty Exception Handler (Java)	Empty Exception Handler (Java)	JAVA.STRUCT.EXCP.EEH
Empty jar File Archived (Java)	Empty jar File Archived (Java)	JAVA.STRUCT.ARCHIVE.EJF
Empty zip File Archived (Java)	Empty zip File Archived (Java)	JAVA.STRUCT.ARCHIVE.EZF
Exception Information Disclosure (Java)	Exception Information Disclosure (Java)	JAVA.DEBUG.ID
Execution After Redirect (Java)	Execution After Redirect (Java)	JAVA.INSEC.EAR
Explicit Finalize (Java)	Explicit Finalize (Java)	JAVA.FUNCS.EF
Field Never Read (Java)	Field Never Read (Java)	JAVA.STRUCT.URFIELD
Field Never Written (Java)	Field Never Written (Java)	JAVA.STRUCT.UWFIELD
Floating Point Equality (Java)	Floating Point Equality (Java)	JAVA.ARITH.FPEQUAL
Format String Injection (Java)	Format String Injection (Java)	JAVA.IO.INJ.FMT
Fragment Injection (Java)	Fragment Injection (Java)	JAVA.IO.INJ.FRAGMENT
Generic Exception Handler (Java)	Generic Exception Handler (Java)	JAVA.STRUCT.EXCP.GEH
Hardcoded Cryptographic Key (Java)	Hardcoded Cryptographic Key (Java)	JAVA.HARDCODED.KEY
Hardcoded Filename (Java)	Hardcoded Filename (Java)	JAVA.HARDCODED.FNAME
Hardcoded Password (Java)	Hardcoded Password (Java)	JAVA.HARDCODED.PASSWD
Hardcoded Random Seed (Java)	Hardcoded Random Seed (Java)	JAVA.HARDCODED.SEED
Hostname in Condition (Java)	Hostname in Condition (Java)	JAVA.INSEC.HIC
Ignored Return Value (Java)	Ignored Return Value (Java)	JAVA.FUNCS.IRV
Ignored Return Value for Pure Function (Java)	Ignored Return Value for Pure Function (Java)	JAVA.FUNCS.IRV.PURE
Impossible Client Side Locking (Java)	Impossible Client Side Locking (Java)	JAVA.CONCURRENCY.LOCK.ICS
Impossible reference comparison (Java)	Impossible reference comparison (Java)	JAVA.REDUNDANT.EQF
Inappropriate Exception Handler (Java)	Inappropriate Exception Handler (Java)	JAVA.STRUCT.EXCP.INAPP
Inappropriate Instanceof (Java)	Inappropriate Instanceof (Java)	JAVA.CLASS.IOF.BAD
Ineffective Cleansing of Fragment Taint (Java)	Ineffective Cleansing of Fragment Taint (Java)	JAVA.IO.TAINT.IC.FRAGMENT
Inefficient Bitwise AND (Java)	Inefficient Bitwise AND (Java)	JAVA.STRUCT.BW.ANDI
Inefficient Bitwise OR (Java)	Inefficient Bitwise OR (Java)	JAVA.STRUCT.BW.ORI
Inefficient Box-Unbox (Java)	Inefficient Box-Unbox (Java)	JAVA.CLASS.BUB
Inefficient Instantiation (Java)	Inefficient Instantiation (Java)	JAVA.CLASS.UI
Inner Class Should be Static (Java)	Inner Class Should be Static (Java)	JAVA.CLASS.ICSBS
Insecure Cookie (Java)	Insecure Cookie (Java)	JAVA.LIB.HTTP.COOKIE
Insecure Key Derivation (Java)	Insecure Key Derivation (Java)	JAVA.CRYPTO.KEY
Insecure Random Number Generator (Java)	Insecure Random Number Generator (Java)	JAVA.LIB.RAND.FUNC
Insecure Socket Factory (Java)	Insecure Socket Factory (Java)	JAVA.INSEC.SF
Insecure XSLT Execution (Java)	Insecure XSLT Execution (Java)	JAVA.LIB.XML.INSEC_XSLT
Insecure verifier Override for Hostname (Java)	Insecure verifier Override for Hostname (Java)	JAVA.INSEC.HVO
Insecure verify Override for Certificate (Java)	Insecure verify Override for Certificate (Java)	JAVA.INSEC.CVO
Instanceof Always False (Java)	Instanceof Always False (Java)	JAVA.CLASS.IOF.F
Instanceof Always True (Java)	Instanceof Always True (Java)	JAVA.CLASS.IOF.T
JavaScript Enabled (Java)	JavaScript Enabled (Java)	JAVA.JS.JSE
JavaScript File Access from File URLs (Java)	JavaScript File Access from File URLs (Java)	JAVA.JS.FAFU
LDAP Authentication Disabled (Java)	LDAP Authentication Disabled (Java)	JAVA.INSEC.LDAP.DA
Lambda Parameter may be null (Java)	Lambda Parameter may be null (Java)	JAVA.NULL.PARAM.LAMBDA
Legacy Random Generator (Java)	Legacy Random Generator (Java)	JAVA.LIB.RAND.LEGACY.GEN
Method Enables Debug Features (Java)	Method Enables Debug Features (Java)	JAVA.DEBUG.MEDF
Method Names Differ Only in Case (Java)	Method Names Differ Only in Case (Java)	JAVA.ID.CASE.METHOD
Method Should Not Return null (Java)	Method Should Not Return null (Java)	JAVA.NULL.RET.NONNULL
Missing Authentication Annotation (Java)	Missing Authentication Annotation (Java)	JAVA.INSEC.MAA
Missing Call to super (Java)	Missing Call to super (Java)	JAVA.CLASS.MCS
Missing Equals Override (Java)	Missing Equals Override (Java)	JAVA.IDEF.NOEQUALS
Missing JavaScript Entry Point (Java)	Missing JavaScript Entry Point (Java)	JAVA.JS.MEP
Missing JavaScript Execution (Java)	Missing JavaScript Execution (Java)	JAVA.JS.ME
Missing Required Cryptographic Step (Java)	Missing Required Cryptographic Step (Java)	JAVA.CRYPTO.MRCS
Missing Serial Version Field (Java)	Missing Serial Version Field (Java)	JAVA.CLASS.SER.UIDM
Missing isValidFragment Override (Java)	Missing isValidFragment Override (Java)	JAVA.CLASS.OR.ISVALIDFRAGMENT
Mutable Enumeration (Java)	Mutable Enumeration (Java)	JAVA.TYPE.ME
Mutable Public Static Final Array (Java)	Mutable Public Static Final Array (Java)	JAVA.TYPE.MPSFA
Non-Object compareTo Parameter (Java)	Non-Object compareTo Parameter (Java)	JAVA.COMPARE.CTO.NONOBJ
Non-overriding Method Signature (Java)	Non-overriding Method Signature (Java)	JAVA.ID.BADOVERRIDE
Nonserializable Field (Java)	Nonserializable Field (Java)	JAVA.CLASS.SER.FNON
Nonserializable Field Element (Java)	Nonserializable Field Element (Java)	JAVA.CLASS.SER.ENON
Nonserializable Outer Class (Java)	Nonserializable Outer Class (Java)	JAVA.CLASS.SER.OCNON
Null Parameter Dereference (Java)	Null Parameter Dereference (Java)	JAVA.NULL.PARAM.ACTUAL
Null Pointer Dereference (Java)	Null Pointer Dereference (Java)	JAVA.NULL.DEREF
Open Redirect (Java)	Open Redirect (Java)	JAVA.IO.TAINT.HTTP.OR
Password in Property File (Java)	Password in Property File (Java)	JAVA.HARDCODED.PASSWD.FILE
Permissive File Mode (Java)	Permissive File Mode (Java)	JAVA.IO.PERM
Possible XML External Entity Reference (Java)	Possible XML External Entity Reference (Java)	JAVA.LIB.XML.XXE
Potential Infinite Recursion (Java)	Potential Infinite Recursion (Java)	JAVA.FUNCS.INFREC
Potential LDAP Poisoning (Java)	Potential LDAP Poisoning (Java)	JAVA.INSEC.LDAP.POISON
Redundant Call for Integral Argument (Java)	Redundant Call for Integral Argument (Java)	JAVA.FUNCS.RED.INT
Redundant Call for String Argument (Java)	Redundant Call for String Argument (Java)	JAVA.FUNCS.RED.STR
Redundant Condition (Java)	Redundant Condition (Java)	JAVA.STRUCT.RC
Redundant Implements Clause (Java)	Redundant Implements Clause (Java)	JAVA.CLASS.RI
Reflection Bypasses Member Accessibility (Java)	Reflection Bypasses Member Accessibility (Java)	JAVA.CLASS.ACCESS.BYPASS
Reflection Injection (Java)	Reflection Injection (Java)	JAVA.IO.TAINT.REFLECTION
Reflection Modifies Member Accessibility (Java)	Reflection Modifies Member Accessibility (Java)	JAVA.CLASS.ACCESS.MODIFY
Return null Array (Java)	Return null Array (Java)	JAVA.NULL.RET.ARRAY
Return null Boolean (Java)	Return null Boolean (Java)	JAVA.NULL.RET.BOOL
Return null Optional (Java)	Return null Optional (Java)	JAVA.NULL.RET.OPT
Risky Cipher Algorithm (Java)	Risky Cipher Algorithm (Java)	JAVA.CRYPTO.RCA
Risky Cipher Field (Java)	Risky Cipher Field (Java)	JAVA.CRYPTO.RCF
Risky Class Cast (Java)	Risky Class Cast (Java)	JAVA.CLASS.CAST
Risky Cryptographic Algorithm (Java)	Risky Cryptographic Algorithm (Java)	JAVA.CRYPTO.RA
Risky Cryptographic Field (Java)	Risky Cryptographic Field (Java)	JAVA.CRYPTO.RF
Risky JavaScript Interface (Java)	Risky JavaScript Interface (Java)	JAVA.JS.RI
Risky array store (Java)	Risky array store (Java)	JAVA.CLASS.CAST.ARRSTORE
SQL Injection (Java)	SQL Injection (Java)	JAVA.IO.INJ.SQL
Shadowed Identifier (Java)	Shadowed Identifier (Java)	JAVA.ID.SHADOW
Should Use == Instead of equals() (Java)	Should Use == Instead of equals() (Java)	JAVA.COMPARE.EQUALS
Should Use equals() Instead of == (Java)	Should Use equals() Instead of == (Java)	JAVA.COMPARE.EQ
Single-use Random Number Generator (Java)	Single-use Random Number Generator (Java)	JAVA.LIB.RAND.NEW
Static Field Assigned Non-Static (Java)	Static Field Assigned Non-Static (Java)	JAVA.CLASS.STATICMOD
Synchronization on Interned String (Java)	Synchronization on Interned String (Java)	JAVA.CONCURRENCY.LOCK.ISTR
Synchronization on static (Java)	Synchronization on static (Java)	JAVA.CONCURRENCY.LOCK.STATIC
Synchronous Call to Thread Body (Java)	Synchronous Call to Thread Body (Java)	JAVA.CONCURRENCY.LOCK.SCTB
Tainted @Trusted Value (Java)	Tainted @Trusted Value (Java)	JAVA.IO.TAINT.TRUSTED
Tainted Allocation Size (Java)	Tainted Allocation Size (Java)	JAVA.IO.TAINT.SIZE
Tainted Bundle (Java)	Tainted Bundle (Java)	JAVA.IO.TAINT.BUNDLE
Tainted Control (Java)	Tainted Control (Java)	JAVA.IO.TAINT.CONTROL
Tainted Data in Vulnerable Method (Java)	Tainted Data in Vulnerable Method (Java)	JAVA.IO.TAINT.VULN
Tainted Expression Evaluation (Java)	Tainted Expression Evaluation (Java)	JAVA.IO.TAINT.EVAL
Tainted HTTP Response (Java)	Tainted HTTP Response (Java)	JAVA.IO.TAINT.HTTP
Tainted Hardware Device Property (Java)	Tainted Hardware Device Property (Java)	JAVA.IO.TAINT.DEVICE
Tainted LDAP Attribute (Java)	Tainted LDAP Attribute (Java)	JAVA.IO.TAINT.LDAP.ATTR
Tainted LDAP Filter (Java)	Tainted LDAP Filter (Java)	JAVA.IO.TAINT.LDAP.FILTER
Tainted Log (Java)	Tainted Log (Java)	JAVA.IO.TAINT.LOG
Tainted Message (Java)	Tainted Message (Java)	JAVA.IO.TAINT.MESSAGE
Tainted Network Address (Java)	Tainted Network Address (Java)	JAVA.IO.TAINT.ADDR
Tainted Path (Java)	Tainted Path (Java)	JAVA.IO.TAINT.PATH
Tainted Regular Expression (Java)	Tainted Regular Expression (Java)	JAVA.IO.TAINT.REGEX
Tainted Resource (Java)	Tainted Resource (Java)	JAVA.IO.TAINT.RESOURCE
Tainted Session (Java)	Tainted Session (Java)	JAVA.IO.TAINT.SESSION
Tainted URL (Java)	Tainted URL (Java)	JAVA.IO.TAINT.URL
Tainted XAML (Java)	Tainted XAML (Java)	JAVA.IO.TAINT.XAML
Tainted XML (Java)	Tainted XML (Java)	JAVA.IO.TAINT.XML
Tainted Xpath (Java)	Tainted Xpath (Java)	JAVA.IO.TAINT.XPATH
Unchecked Parameter Dereference (Java)	Unchecked Parameter Dereference (Java)	JAVA.STRUCT.UPD
Unexpected Serial Version Field (Java)	Unexpected Serial Version Field (Java)	JAVA.CLASS.SER.UIDU
Universal JavaScript Access to File URLs (Java)	Universal JavaScript Access to File URLs (Java)	JAVA.JS.UAFU
Unnecessary Field (Java)	Unnecessary Field (Java)	JAVA.STRUCT.UNFLD
Unnecessary Instantiation for GetClass (Java)	Unnecessary Instantiation for GetClass (Java)	JAVA.CLASS.UIGC
Unreachable Instruction (Java)	Unreachable Instruction (Java)	JAVA.STRUCT.UC.INSTR
Unsafe Session Expiration Time (Java)	Unsafe Session Expiration Time (Java)	JAVA.INSEC.USET
Untrusted Network Host (Java)	Untrusted Network Host (Java)	JAVA.IO.UT.HOST
Unused Class (Java)	Unused Class (Java)	JAVA.STRUCT.UUCLASS
Unused Field (Java)	Unused Field (Java)	JAVA.STRUCT.UUFIELD
Unused Method (Java)	Unused Method (Java)	JAVA.STRUCT.UUMETH
Unused Object (Java)	Unused Object (Java)	JAVA.STRUCT.UUOBJ
Unused Value: Actual Parameter (Java)	Unused Value: Actual Parameter (Java)	JAVA.STRUCT.UUVAL.ACTUAL
Unused Value: Variable (Java)	Unused Value: Variable (Java)	JAVA.STRUCT.UUVAL.VAR
Unused Value: Write to Parameter (Java)	Unused Value: Write to Parameter (Java)	JAVA.STRUCT.UUVAL.PARAM
Use of Hardware ID (Java)	Use of Hardware ID (Java)	JAVA.IO.HWID
Use of Insecure verify for Certificate (Java)	Use of Insecure verify for Certificate (Java)	JAVA.INSEC.CVU
Use of Insecure verify for Hostname (Java)	Use of Insecure verify for Hostname (Java)	JAVA.INSEC.HVU
Use of Same Seed (Java)	Use of Same Seed (Java)	JAVA.INSEC.SS
Useless Assignment (Java)	Useless Assignment (Java)	JAVA.STRUCT.UA
Useless Assignment to Default (Java)	Useless Assignment to Default (Java)	JAVA.STRUCT.UA.DEFAULT
Useless Class Cast (Java)	Useless Class Cast (Java)	JAVA.CLASS.CAST.USELESS
Useless Synchronization (Java)	Useless Synchronization (Java)	JAVA.CONCURRENCY.LOCK.USELESS
Useless volatile Modifier (Java)	Useless volatile Modifier (Java)	JAVA.CONCURRENCY.VOLATILE
Weak Cryptographic Value (Java)	Weak Cryptographic Value (Java)	JAVA.CRYPTO.VALUE
Weak Hash Algorithm (Java)	Weak Hash Algorithm (Java)	JAVA.CRYPTO.WHA
Weak Hash Algorithm Field (Java)	Weak Hash Algorithm Field (Java)	JAVA.CRYPTO.WHAF
Weak Initialization Vector Field (Java)	Weak Initialization Vector Field (Java)	JAVA.CRYPTO.WIVF
Weak Initialization Vector Value (Java)	Weak Initialization Vector Value (Java)	JAVA.CRYPTO.WIV
clone Non-cloneable (Java)	clone Non-cloneable (Java)	JAVA.CLASS.CLONE.CNC
clone not final (Java)	clone not final (Java)	JAVA.CLASS.CLONE.NF
compareTo in Non-Comparable Class (Java)	compareTo in Non-Comparable Class (Java)	JAVA.COMPARE.CTO.NONCOMP
compareTo without equals (Java)	compareTo without equals (Java)	JAVA.IDEF.CTONOEQ
compareTo/equals mismatch (Java)	compareTo/equals mismatch (Java)	JAVA.IDEF.CTOEQ
equals Always Fails (Java)	equals Always Fails (Java)	JAVA.REDUNDANT.EQUALSF
equals Parameter Should Be Object (Java)	equals Parameter Should Be Object (Java)	JAVA.IDEF.EQUALS.NONOBJ
equals on Array (Java)	equals on Array (Java)	JAVA.COMPARE.EQARRAY
toString on Array (Java)	toString on Array (Java)	JAVA.TYPE.ARRAYTOSTRING

日本語クラス名

クラス名

ニーモニック

== Always Fails Because Types Always Different (Java)

JAVA.REDUNDANT.EQF.TYPE

Abs on random (Java)

JAVA.MATH.ABSRAND

Accessing File in Permissive Mode (Java)

JAVA.IO.PERM.ACCESS

Ambiguous Call from Inner Class (Java)

JAVA.CLASS.ACIC

Android Leak (Java)

JAVA.ALLOC.LEAK.ANDROID

Anonymous LDAP Authentication (Java)

JAVA.INSEC.LDAP.ANON

Approximate e Constant (Java)

JAVA.MATH.APPROX.E

Approximate pi Constant (Java)

JAVA.MATH.APPROX.PI

Array Parameter Empty (Java)

JAVA.FUNCS.APE

Assertion Contains Side Effects (Java)

JAVA.STRUCT.SE.ASSERT

Assignment in Conditional (Java)

JAVA.STRUCT.CONDASSIG

Asymmetric compareTo (Java)

JAVA.COMPARE.CTO.ASSYM

Bitwise AND on Boolean (Java)

JAVA.STRUCT.BW.AND

Bitwise AND on Boolean Constant (Java)

JAVA.STRUCT.BW.ANDC

Bitwise OR on Boolean (Java)

JAVA.STRUCT.BW.OR

Bitwise OR on Boolean Constant (Java)

JAVA.STRUCT.BW.ORC

Blocking in Critical Section (Java)

JAVA.CONCURRENCY.STARVE.BLOCKING

Broad Throws Clause (Java)

JAVA.STRUCT.EXCP.BROAD

Call Might Return Null (Java)

JAVA.NULL.RET.UNCHECKED

Cast: Integer to Floating Point (Java)

JAVA.CAST.FTRUNC

Cast: int Computation to long (Java)

JAVA.ARITH.OFLOW

Class Enables Debug Features (Java)

JAVA.DEBUG.CEDF

Clone Call to Super is Missing (Java)

JAVA.CLASS.CLONE.CCSM

Closeable Not Closed (Java)

JAVA.ALLOC.LEAK.NOTCLOSED

Closeable Not Stored (Java)

JAVA.ALLOC.LEAK.NOTSTORED

Code Injection (Java)

JAVA.IO.INJ.CODE

Command Injection (Java)

JAVA.IO.INJ.COMMAND

Comparison to Class Names (Java)

JAVA.COMPARE.EQUALS.CN

Comparison to Empty String (Java)

JAVA.COMPARE.EMPTYSTR

Cross Site Scripting (Java)

JAVA.IO.INJ.XSS

Cross Site Scripting In Error Message Web Page (Java)

JAVA.IO.INJ.XSS.EMWP

Cryptographic Algorithm with Risky Default Cipher (Java)

JAVA.CRYPTO.CADRC

Cryptographic Algorithm with Weak Cipher (Java)

JAVA.CRYPTO.CARC

Cryptographic Algorithm with Weak Hash (Java)

Defines equals but not hashCode (Java)

JAVA.IDEF.EQUALSNOHC

Defines hashCode but not equals (Java)

JAVA.IDEF.HCNOEQUALS

Deprecated Cryptography Provider (Java)

JAVA.CRYPTO.DEPRECATED

Direct Thread Usage in Http Servlet (Java)

JAVA.INSEC.HTTP.DTU

Double-Checked Locking (Java)

JAVA.CONCURRENCY.LOCK.DCL

Empty Branch Statement (Java)

JAVA.STRUCT.EBS

Empty Exception Handler (Java)

JAVA.STRUCT.EXCP.EEH

Empty jar File Archived (Java)

JAVA.STRUCT.ARCHIVE.EJF

Empty zip File Archived (Java)

JAVA.STRUCT.ARCHIVE.EZF

Exception Information Disclosure (Java)

JAVA.DEBUG.ID

Execution After Redirect (Java)

JAVA.INSEC.EAR

Explicit Finalize (Java)

JAVA.FUNCS.EF

Field Never Read (Java)

JAVA.STRUCT.URFIELD

Field Never Written (Java)

JAVA.STRUCT.UWFIELD

Floating Point Equality (Java)

JAVA.ARITH.FPEQUAL

Format String Injection (Java)

JAVA.IO.INJ.FMT

Fragment Injection (Java)

JAVA.IO.INJ.FRAGMENT

Generic Exception Handler (Java)

JAVA.STRUCT.EXCP.GEH

Hardcoded Cryptographic Key (Java)

JAVA.HARDCODED.KEY

Hardcoded Filename (Java)

JAVA.HARDCODED.FNAME

Hardcoded Password (Java)

JAVA.HARDCODED.PASSWD

Hardcoded Random Seed (Java)

JAVA.HARDCODED.SEED

Hostname in Condition (Java)

JAVA.INSEC.HIC

Ignored Return Value (Java)

JAVA.FUNCS.IRV

Ignored Return Value for Pure Function (Java)

JAVA.FUNCS.IRV.PURE

Impossible Client Side Locking (Java)

JAVA.CONCURRENCY.LOCK.ICS

Impossible reference comparison (Java)

JAVA.REDUNDANT.EQF

Inappropriate Exception Handler (Java)

JAVA.STRUCT.EXCP.INAPP

Inappropriate Instanceof (Java)

JAVA.CLASS.IOF.BAD

Ineffective Cleansing of Fragment Taint (Java)

JAVA.IO.TAINT.IC.FRAGMENT

Inefficient Bitwise AND (Java)

JAVA.STRUCT.BW.ANDI

Inefficient Bitwise OR (Java)

JAVA.STRUCT.BW.ORI

Inefficient Box-Unbox (Java)

JAVA.CLASS.BUB

Inefficient Instantiation (Java)

JAVA.CLASS.UI

Inner Class Should be Static (Java)

JAVA.CLASS.ICSBS

Insecure Cookie (Java)

JAVA.LIB.HTTP.COOKIE

Insecure Key Derivation (Java)

JAVA.CRYPTO.KEY

Insecure Random Number Generator (Java)

JAVA.LIB.RAND.FUNC

Insecure Socket Factory (Java)

JAVA.INSEC.SF

Insecure XSLT Execution (Java)

JAVA.LIB.XML.INSEC_XSLT

Insecure verifier Override for Hostname (Java)

JAVA.INSEC.HVO

Insecure verify Override for Certificate (Java)

JAVA.INSEC.CVO

Instanceof Always False (Java)

JAVA.CLASS.IOF.F

Instanceof Always True (Java)

JAVA.CLASS.IOF.T

JavaScript Enabled (Java)

JAVA.JS.JSE

JavaScript File Access from File URLs (Java)

JAVA.JS.FAFU

LDAP Authentication Disabled (Java)

JAVA.INSEC.LDAP.DA

Lambda Parameter may be null (Java)

JAVA.NULL.PARAM.LAMBDA

Legacy Random Generator (Java)

JAVA.LIB.RAND.LEGACY.GEN

Method Enables Debug Features (Java)

JAVA.DEBUG.MEDF

Method Names Differ Only in Case (Java)

JAVA.ID.CASE.METHOD

Method Should Not Return null (Java)

JAVA.NULL.RET.NONNULL

Missing Authentication Annotation (Java)

JAVA.INSEC.MAA

Missing Call to super (Java)

JAVA.CLASS.MCS

Missing Equals Override (Java)

JAVA.IDEF.NOEQUALS

Missing JavaScript Entry Point (Java)

JAVA.JS.MEP

Missing JavaScript Execution (Java)

JAVA.JS.ME

Missing Required Cryptographic Step (Java)

JAVA.CRYPTO.MRCS

Missing Serial Version Field (Java)

JAVA.CLASS.SER.UIDM

Missing isValidFragment Override (Java)

JAVA.CLASS.OR.ISVALIDFRAGMENT

Mutable Enumeration (Java)

JAVA.TYPE.ME

Mutable Public Static Final Array (Java)

JAVA.TYPE.MPSFA

Non-Object compareTo Parameter (Java)

JAVA.COMPARE.CTO.NONOBJ

Non-overriding Method Signature (Java)

JAVA.ID.BADOVERRIDE

Nonserializable Field (Java)

JAVA.CLASS.SER.FNON

Nonserializable Field Element (Java)

JAVA.CLASS.SER.ENON

Nonserializable Outer Class (Java)

JAVA.CLASS.SER.OCNON

Null Parameter Dereference (Java)

JAVA.NULL.PARAM.ACTUAL

Null Pointer Dereference (Java)

JAVA.NULL.DEREF

Open Redirect (Java)

JAVA.IO.TAINT.HTTP.OR

Password in Property File (Java)

JAVA.HARDCODED.PASSWD.FILE

Permissive File Mode (Java)

JAVA.IO.PERM

Possible XML External Entity Reference (Java)

JAVA.LIB.XML.XXE

Potential Infinite Recursion (Java)

JAVA.FUNCS.INFREC

Potential LDAP Poisoning (Java)

JAVA.INSEC.LDAP.POISON

Redundant Call for Integral Argument (Java)

JAVA.FUNCS.RED.INT

Redundant Call for String Argument (Java)

JAVA.FUNCS.RED.STR

Redundant Condition (Java)

JAVA.STRUCT.RC

Redundant Implements Clause (Java)

JAVA.CLASS.RI

Reflection Bypasses Member Accessibility (Java)

JAVA.CLASS.ACCESS.BYPASS

Reflection Injection (Java)

JAVA.IO.TAINT.REFLECTION

Reflection Modifies Member Accessibility (Java)

JAVA.CLASS.ACCESS.MODIFY

Return null Array (Java)

JAVA.NULL.RET.ARRAY

Return null Boolean (Java)

JAVA.NULL.RET.BOOL

Return null Optional (Java)

JAVA.NULL.RET.OPT

Risky Cipher Algorithm (Java)

JAVA.CRYPTO.RCA

Risky Cipher Field (Java)

JAVA.CRYPTO.RCF

Risky Class Cast (Java)

JAVA.CLASS.CAST

Risky Cryptographic Algorithm (Java)

JAVA.CRYPTO.RA

Risky Cryptographic Field (Java)

JAVA.CRYPTO.RF

Risky JavaScript Interface (Java)

JAVA.JS.RI

Risky array store (Java)

JAVA.CLASS.CAST.ARRSTORE

SQL Injection (Java)

JAVA.IO.INJ.SQL

Shadowed Identifier (Java)

JAVA.ID.SHADOW

Should Use == Instead of equals() (Java)

JAVA.COMPARE.EQUALS

Should Use equals() Instead of == (Java)

JAVA.COMPARE.EQ

Single-use Random Number Generator (Java)

JAVA.LIB.RAND.NEW

Static Field Assigned Non-Static (Java)

JAVA.CLASS.STATICMOD

Synchronization on Interned String (Java)

JAVA.CONCURRENCY.LOCK.ISTR

Synchronization on static (Java)

JAVA.CONCURRENCY.LOCK.STATIC

Synchronous Call to Thread Body (Java)

JAVA.CONCURRENCY.LOCK.SCTB

Tainted @Trusted Value (Java)

JAVA.IO.TAINT.TRUSTED

Tainted Allocation Size (Java)

JAVA.IO.TAINT.SIZE

Tainted Bundle (Java)

JAVA.IO.TAINT.BUNDLE

Tainted Control (Java)

JAVA.IO.TAINT.CONTROL

Tainted Data in Vulnerable Method (Java)

JAVA.IO.TAINT.VULN

Tainted Expression Evaluation (Java)

JAVA.IO.TAINT.EVAL

Tainted HTTP Response (Java)

JAVA.IO.TAINT.HTTP

Tainted Hardware Device Property (Java)

JAVA.IO.TAINT.DEVICE

Tainted LDAP Attribute (Java)

JAVA.IO.TAINT.LDAP.ATTR

Tainted LDAP Filter (Java)

JAVA.IO.TAINT.LDAP.FILTER

Tainted Log (Java)

JAVA.IO.TAINT.LOG

Tainted Message (Java)

JAVA.IO.TAINT.MESSAGE

Tainted Network Address (Java)

JAVA.IO.TAINT.ADDR

Tainted Path (Java)

JAVA.IO.TAINT.PATH

Tainted Regular Expression (Java)

JAVA.IO.TAINT.REGEX

Tainted Resource (Java)

JAVA.IO.TAINT.RESOURCE

Tainted Session (Java)

JAVA.IO.TAINT.SESSION

Unchecked Parameter Dereference (Java)

JAVA.STRUCT.UPD

Unexpected Serial Version Field (Java)

JAVA.CLASS.SER.UIDU

Universal JavaScript Access to File URLs (Java)

JAVA.JS.UAFU

Unnecessary Field (Java)

JAVA.STRUCT.UNFLD

Unnecessary Instantiation for GetClass (Java)

JAVA.CLASS.UIGC

Unreachable Instruction (Java)

JAVA.STRUCT.UC.INSTR

Unsafe Session Expiration Time (Java)

JAVA.INSEC.USET

Untrusted Network Host (Java)

Unused Value: Actual Parameter (Java)

JAVA.STRUCT.UUVAL.ACTUAL

Unused Value: Variable (Java)

JAVA.STRUCT.UUVAL.VAR

Unused Value: Write to Parameter (Java)

JAVA.STRUCT.UUVAL.PARAM

Use of Hardware ID (Java)

JAVA.IO.HWID

Use of Insecure verify for Certificate (Java)

JAVA.INSEC.CVU

Use of Insecure verify for Hostname (Java)

JAVA.INSEC.HVU

Use of Same Seed (Java)

JAVA.INSEC.SS

Useless Assignment (Java)

JAVA.STRUCT.UA

Useless Assignment to Default (Java)

JAVA.STRUCT.UA.DEFAULT

Useless Class Cast (Java)

JAVA.CLASS.CAST.USELESS

Useless Synchronization (Java)

JAVA.CONCURRENCY.LOCK.USELESS

Useless volatile Modifier (Java)

JAVA.CONCURRENCY.VOLATILE

Weak Cryptographic Value (Java)

JAVA.CRYPTO.VALUE

Weak Hash Algorithm (Java)

JAVA.CRYPTO.WHA

Weak Hash Algorithm Field (Java)

JAVA.CRYPTO.WHAF

Weak Initialization Vector Field (Java)

JAVA.CRYPTO.WIVF

Weak Initialization Vector Value (Java)

JAVA.CRYPTO.WIV

clone Non-cloneable (Java)

JAVA.CLASS.CLONE.CNC

clone not final (Java)

JAVA.CLASS.CLONE.NF

compareTo in Non-Comparable Class (Java)

JAVA.COMPARE.CTO.NONCOMP

compareTo without equals (Java)

JAVA.IDEF.CTONOEQ

compareTo/equals mismatch (Java)

JAVA.IDEF.CTOEQ

equals Always Fails (Java)

JAVA.REDUNDANT.EQUALSF

equals Parameter Should Be Object (Java)

JAVA.IDEF.EQUALS.NONOBJ

equals on Array (Java)

JAVA.COMPARE.EQARRAY

toString on Array (Java)

JAVA.TYPE.ARRAYTOSTRING

Reporting for these classes is disabled by default. See individual warning class documentation pages for enabling instructions: the requirements vary depending on the class.

日本語クラス名

クラス名

ニーモニック

Security/Deep/Pendantic

Actual Parameter Element may be null (Java)

JAVA.DEEPNULL.PARAM.EACTUAL

deep

Android Message Injection (Java)

JAVA.IO.INJ.ANDROID.MESSAGE

deep, セキュリティ

Android URL Injection (Java)

JAVA.IO.INJ.ANDROID.URL