Warnings generated by Julia

The following is the list of all warnings that can be generated by the Julia analyzer, grouped by the checker that emits them. Click on the name of a warning to see the detailed documentation of the checker that generates that warning. Each warning comes with various classifications: some are related to Julia (category and severity), while some others are mappings to other standards (like CWE ID). Note that each warning might have multiple classifications of the same type, depending on the context where the warning is issued. For instance, returning a null value instead of an array is generally a style issue, but if that null value gets dereferenced somewhere in the reachable code, this becomes an actual bug.


AbsOfRandom


AbsOfRandomWarning

The absolute value of a random number might actually be negative
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMinor682Improper Input Validation and Verification


Approximation


ApproximateEWarning

An approximate value of E is used instead of a constant in the libraries
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor197Time and State

ApproximatePIWarning

An approximate value of PI is used instead of a constant in the libraries
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor197Time and State

CastIntComputationIntoLongWarning

The result of an integer computation that might overflow is cast into long, with possible loss of precision
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor190Improper Input Validation and Verification

CastIntegralComputationIntoFloatingPointWarning

The result of an integral computation that might lose precision is cast into a floating point value
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical197Improper Input Validation and Verification

FloatComparisonWarning

A comparison between non-integral values might be unreliable
CategorySeveritiesCWE IDSeven Pernicious Kingdom
BugMinor, Critical197Improper Input Validation and Verification


Authentication


AuthenticationSetToAnonymousWarning

The LDAP authentication is set to anonymous, thus compromising security
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor287Security Features

HostNameInConditionWarning

A host name is used in a condition
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor287Security Features

UnauthenticatedWebAPIWarning

A Web API method is not annotated for authentication
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor287Security Features


BadEq


AssigningInsteadOfComparingWarning

The assignment into a Boolean value is used in a condition, while == would be expected
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical481Time and State

EqualityWarning

Two objects are compared with == but equals() seems more appropriate instead
CategorySeveritiesCWE IDSeven Pernicious Kingdom
BugMajor, Critical595Improper Input Validation and Verification

EqualsOnArraysWarning

Two arrays are compared with equals()
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical595Improper Input Validation and Verification

EqualsOnDisjointTypesWarning

Two objects are compared by equals() but they have always distinct types
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical596Time and State

EqualsWarning

Two objects are compared with equals() but == seems more appropriate instead
CategoriesSeverityCWE IDSeven Pernicious Kingdom
Bug, EfficiencyMajor480Improper Input Validation and Verification

ImpossibleEqualityWarning

Two objects are compared by == but the comparison will always fail
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical595Code Quality

ImpossibleEqualsWarning

Two objects are compared by equals() but the comparison will always fail
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical596Code Quality

InefficientStringEmptynessTestWarning

A string is compared to the empty string instead of using isEmpty()
CategorySeverityCWE IDSeven Pernicious Kingdom
EfficiencyMinor597Code Quality


BadExtension


CaseOverrideWarning

A method has a name identical to another in a superclass, up to capitalisation
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor628API abuse

FieldShadowedWarning

A class defines a field with the same name as another in a superclass
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMinor485Encapsulation

ParametersOverrideWarning

A method has the same signature as another in a superclass, up to the package of some class
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor686API abuse

RedundantImplementsWarning

An implements clause is already present and could be removed
CategorySeverityCWE IDSeven Pernicious Kingdom
EfficiencyMinor398Code Quality


BasicInjection


AddressInjectionIntoFieldWarning

Tainted data flows into a field annotated as @AddressTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical74Security Features

AddressInjectionWarning

Tainted data might flow into the creation of an Internet address
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical74Security Features

CodeInjectionIntoFieldWarning

Tainted data flows into a field annotated as @CodeTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical94Security Features

CodeInjectionWarning

Tainted data might flow into a script execution routine
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical94Security Features

CommandInjectionIntoFieldWarning

Tainted data flows into a field annotated as @CommandTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical78Security Features

CommandInjectionWarning

Tainted data might flow into a command execution routine
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical78Security Features

ControlInjectionIntoFieldWarning

Tainted data flows into a field annotated as @ControlTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical74Security Features

ControlInjectionWarning

Tainted data might flow into a control modifying method
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical74Security Features

DOSInjectionIntoFieldWarning

Tainted data flows into a field annotated as @DenialTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical74Security Features

DOSInjectionWarning

Tainted data might flow into a method that makes the computer sleep or wait
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical74Security Features

DeviceInjectionIntoFieldWarning

Tainted data flows into a field annotated as @AddressTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical74Security Features

DeviceInjectionWarning

Tainted data might flow into the creation of an Internet address
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical74Security Features

EvalInjectionIntoFieldWarning

Tainted data flows into a field annotated as @EvalTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical95Security Features

EvalInjectionWarning

Tainted data might flow into code that dynamically evaluates an expression
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical95Security Features

GenericInjectionIntoFieldWarning

Tainted data flows into a field annotated as @Trusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical74Security Features

GenericInjectionWarning

Tainted data might flow into a trusted parameter
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical74Security Features

HttpResponseInjectionIntoFieldWarning

Tainted data flows into a field annotated as @HttpResponseTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical113Security Features

HttpResponseSplittingWarning

Tainted data might flow into an HTTP response
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical113Security Features

LDAPAttributeInjectionIntoFieldWarning

Tainted data flows into a field annotated as @AttributeTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical90Security Features

LDAPAttributeInjectionWarning

Tainted data might flow into an LDAP attribute
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical90Security Features

LDAPFilterInjectionIntoFieldWarning

Tainted data flows into a field annotated as @FilterTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical90Security Features

LDAPFilterInjectionWarning

Tainted data might flow into the filter of an LDAP search
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical90Security Features

LogForgingWarning

Tainted data might flow into a log
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical117Security Features

LogInjectionIntoFieldWarning

Tainted data flows into a field annotated as @LogTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical117Security Features

MessageInjectionIntoFieldWarning

Tainted data flows into a field annotated as @MessageTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical319Security Features

MessageInjectionWarning

Tainted data might flow into a message sent by the device
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical319Security Features

PathInjectionIntoFieldWarning

Tainted data flows into a field annotated as @PathTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical22Security Features

PathInjectionWarning

Tainted data might flow into a file path creation method
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical22Security Features

ReflectionInjectionIntoFieldWarning

Tainted data flows into a field annotated as @ReflectionTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical470Security Features

ReflectionInjectionWarning

Tainted data might flow into a reflection method
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical470Security Features

ResourceInjectionIntoFieldWarning

Tainted data flows into a field annotated as @ResourceTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical74Security Features

ResourceInjectionWarning

Tainted data might flow into a variable annotated as @ResourceTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical74Security Features

SessionInjectionIntoFieldWarning

Tainted data flows into a field annotated as @SessionTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical501Security Features

SessionInjectionWarning

Tainted data might flow into a session
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical501Security Features

SqlInjectionIntoFieldWarning

The request of a servlet might flow into a field annotated as @SqlTrusted, unsanitized
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical89Security Features

SqlInjectionWarning

Tainted data might flow into an sql query, unsanitized
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical89Security Features

TrustBoundaryViolationIntoFieldWarning

Tainted data flows into a field annotated as @BoundaryTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical501Security Features

TrustBoundaryViolationWarning

Tainted data might flow into a bundle of information that should not contain tainted pieces of information
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical501Security Features

URLInjectionIntoFieldWarning

Tainted data flows into a field annotated as @UrlTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical74Security Features

URLInjectionWarning

Tainted data might flow into a URL creation
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical74Security Features

XPathInjectionIntoFieldWarning

Tainted data flows into a field annotated as @XPathTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical643Security Features

XPathInjectionWarning

Tainted data might flow into an xpath creation method
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical643Security Features

XSSInjectionIntoFieldWarning

Tainted data flows into a field annotated as @CrossSiteTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical79Security Features

XSSInjectionWarning

Tainted data might flow into a script execution routine
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical79Security Features


BasicNullness


ActualNullReflectionWarning

An actual parameter passed to a method might be null
CategoriesSeveritiesCWE IDSeven Pernicious Kingdoms
Bug, StyleMinor, Critical476API abuse, Error Handling

ActualNullWarning

An actual parameter passed to a method might be null
CategoriesSeveritiesCWE IDSeven Pernicious Kingdoms
Bug, StyleMinor, Critical476API abuse, Error Handling

ArrayLengthOfNullWarning

The length of a possibly null array is computed
CategoriesSeveritiesCWE IDSeven Pernicious Kingdoms
Bug, StyleMinor, Critical476API abuse, Error Handling

ArrayLoadFromNullWarning

An element of a possibly null array is read
CategoriesSeveritiesCWE IDSeven Pernicious Kingdoms
Bug, StyleMinor, Critical476API abuse, Error Handling

ArrayStoreIntoNullWarning

An element of a possibly null array is written
CategoriesSeveritiesCWE IDSeven Pernicious Kingdoms
Bug, StyleMinor, Critical476API abuse, Error Handling

CallOnNullWarning

A method call might occur on a null receiver
CategoriesSeveritiesCWE IDSeven Pernicious Kingdoms
Bug, StyleMinor, Critical476API abuse, Error Handling

FormalNullWarning

A formal parameter of a method or constructor might hold null
CategoriesSeveritiesCWE IDSeven Pernicious Kingdoms
Bug, StyleMinor, Critical476API abuse, Error Handling

GetFieldFromNullWarning

A field is read from a possibly null receiver
CategoriesSeveritiesCWE IDSeven Pernicious Kingdoms
Bug, StyleMinor, Critical476API abuse, Error Handling

LambdaParameterMightBeNullWarning

A parameter of a lambda expression might be null
CategorySeveritiesCWE IDSeven Pernicious Kingdom
BugMinor, Critical456Improper Input Validation and Verification

MethodShouldNotReturnNullWarning

A method returns null but is normally assumed to return a non-null value
CategorySeverityCWE IDSeven Pernicious Kingdom
StyleMinor227Code Quality

MissingNullnessCheckOfReturnedValueWarning

The return value of a method is checked against null, but not here
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor252Improper Input Validation and Verification

PutFieldIntoNullWarning

A field is written into a possibly null receiver
CategoriesSeveritiesCWE IDSeven Pernicious Kingdoms
Bug, StyleMinor, Critical476API abuse, Error Handling

ReturningNullForArrayWarning

A method returns null instead of an empty array
CategoriesSeveritiesCWE IDSeven Pernicious Kingdoms
Bug, StyleMinor, Critical476Improper Input Validation and Verification, API abuse

ReturningNullForBooleanWarning

A method returns null instead of a java.lang.Boolean
CategoriesSeveritiesCWE IDSeven Pernicious Kingdoms
Bug, StyleMinor, Critical476Improper Input Validation and Verification, API abuse

ReturningNullForOptionalWarning

A method returns null instead of a java.util.Optional
CategoriesSeveritiesCWE IDSeven Pernicious Kingdoms
Bug, StyleMinor, Critical476Improper Input Validation and Verification, API abuse

SynchronizationOnNullWarning

A synchronization might occur on null
CategoriesSeveritiesCWE IDSeven Pernicious Kingdoms
Bug, StyleMinor, Critical476API abuse, Error Handling

ThrowOfNullWarning

A throw command might throw null
CategoriesSeveritiesCWE IDSeven Pernicious Kingdoms
Bug, StyleMinor, Critical476API abuse, Error Handling

VariableCanOnlyBeNullWarning

A variable that can only hold null is dereferenced
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor456Improper Input Validation and Verification


CallSuper


CallSuperWarning

A call to super() is missing
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMinor573Encapsulation


CallsOnArray


CallToToStringOnArrayWarning

ToString() is called over an array
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor440API abuse


Classcast


ArrayStoreWarning

The value written into an array cannot be assigned to the type of the elements of the array
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor704Time and State

ClasscastGenericWarning

A classcast might be incorrect at runtime
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMinor704Time and State

ClasscastOfFieldWarning

A classcast of a field might be incorrect at runtime
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMinor704Time and State

ClasscastOfFormalWarning

A classcast of a formal parameter might be incorrect at runtime
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor704Improper Input Validation and Verification

ClasscastOfMethodReturnWarning

A classcast of the return value of a method might be incorrect at runtime
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMinor704Time and State

UselessClasscastWarning

A classcast is useless and can be removed from the code
CategorySeverityCWE IDSeven Pernicious Kingdom
EfficiencyMajor398Code Quality


Clone


CloneForNonCloneableWarning

Method clone() is defined in a non-cloneable class
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMinor491Security Features

NonFinalCloneMethodWarning

Method clone() is not final, which allows object-hijack
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMinor491Security Features

SubclassesMayBeClonedWarning

A subclass of a non-cloneable class may be cloned
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMinor491Security Features


CloseResource


CloseableNotStoredIntoLocalWarning

A closeable has not been immediately stored into a local variable
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMinor400Encapsulation

ResourceNotClosedAtEndOfMethodWarning

A resource should be closed by the end of the method where it is created
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor772API abuse


CompareTo


AsymmetricalCompareToWarning

CompareTo() is not symmetrical
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical596API abuse

CompareToForNonObjectWarning

CompareTo() is defined for a non-java.lang.Object argument but the comparable class is raw
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical227API abuse

CompareToInNonComparableWarning

CompareTo() is defined in a class that is not an instance of java.lang.Comparable
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical227API abuse

CompareToInconsistentWithEqualsWarning

CompareTo() is defined inconsistently from equals()
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical596API abuse

CompareToWithDefaultEqualsWarning

CompareTo() is defined but equals() is inherited from Object
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical596API abuse


Concurrency


BlockingCallInsideSynchronizationWarning

A blocking call occurs inside a synchronization block, hence increasing monitor contention and reducing performance
CategorySeverityCWE IDSeven Pernicious Kingdom
EfficiencyMajor833Time and State

ExpensiveSynchronizationOnStaticWarning

A synchronized statement on a static guard should lock an instance guard instead
CategorySeverityCWE IDSeven Pernicious Kingdom
EfficiencyMinor413Time and State

ImpossibleClientSideLockingWarning

Synchronisation occurs on a concurrent map that does not allow client-side locking
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor413API abuse

SynchronisationOnInternedStringWarning

Synchronisation occurs on an interned string
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor412Encapsulation

SynchronousCallToThreadBodyWarning

The body of a thread is called synchronously
CategorySeverityCWE IDSeven Pernicious Kingdom
EfficiencyMajor572Time and State

UnsafeLazyInitialisationWarning

A static field is lazily initialized in an incorrect way
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical609Time and State

UselessSynchronizationWarning

A synchronized statement is useless
CategorySeverityCWE IDSeven Pernicious Kingdom
EfficiencyMinor585Time and State

UselessVolatileModifierWarning

A field should not be declared volatile
CategorySeverityCWE IDSeven Pernicious Kingdom
EfficiencyMinor662Code Quality

VolatileArrayFieldWarning

An array field has been declared volatile
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor567Encapsulation

VolatileContainerFieldWarning

A container field has been declared volatile
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor567Encapsulation


Cookie


InsecureCookieWarning

An insecure cookie has been used
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor614Security Features

PossibleInsecureCookieCreationWarning

An insecure cookie might have been created
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMinor614Security Features


Cryptography


CryptographicAlgorithmWithRiskyCipherAlgorithmWarning

A cryptographic algorithm that contains an risky cipher algorithm
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMinor327Security Features

CryptographicAlgorithmWithRiskyDefaultCipherAlgorithmWarning

A cryptographic algorithm which does not explicity the cipher mode, a broken or risky unsafe cryptographic cipher algorithm could be used by default
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMinor327Security Features

CryptographicAlgorithmWithWeakHashingAlgorithmWarning

A cryptographic algorithm that contains a possibly reversible hashing algorithm
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMinor327Security Features

DeprecatedOrDeletedCryptographyProviderFieldWarning

A deprecated cryptography provider is used here
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor327Security Features

DeprecatedOrDeletedCryptographyProviderMethodWarning

A deprecated cryptography provider is used
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor327Security Features

InadequateSaltWarning

A cryptographic algorithm is used without proper salt
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor916Security Features

InsecureKeyDerivationFunctionWarning

An insecure key derivation function is used
CategorySeveritiesCWE IDSeven Pernicious Kingdom
BugMinor, Critical326Security Features

PossibleGenerationOfWeakCryptographicValuesWarning

Possible generation of weak cryptography values
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMinor916Security Features

RiskyCipherAlgorithmWarning

A weak, possibly reversible cryptographic cipher algorithm is used
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor328Security Features

RiskyCipherFieldWarning

A weak, possibly reversible cryptographic cipher algorithm is used
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor327Security Features

RiskyCryptographicAlgorithmFieldWarning

An unsafe cryptographic algorithm is used
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor327Security Features

RiskyCryptographicAlgorithmWarning

An unsafe cryptographic algorithm is used
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor327Security Features

RiskyDefaultCipherAlgorithmWarning

Missing cipher mode algorithm, a broken or risky unsafe cryptographic cipher algorithm could be used by default
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor328Security Features

UnsafeBase64EncodingWarning

The Base64 encoding is used, but it is nowadays easy to read
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor327Security Features

WeakHashingAlgorithmFieldWarning

A weak, possibly reversible cryptographic cipher algorithm is used
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor327Security Features

WeakHashingAlgorithmWarning

A weak, possibly reversible cryptographic algorithm is used
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor328Security Features


Deadcode


ClassNeverInstantiatedWarning

A class is never instantiated
CategorySeverityCWE IDSeven Pernicious Kingdom
StyleMinor561Code Quality

UncalledWarning

A method or constructor is not called
CategorySeveritiesCWE IDSeven Pernicious Kingdom
BugMinor, Major561Code Quality

UnreachableInstructionWarning

An instruction will never be executed
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor561Code Quality


EqualsHashCode


EqualsNotAgainstObjectWarning

Equals() is defined against a non-object class
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMinor227API abuse

NoEqualsWarning

The equals() method seems needed
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor581API abuse

NoHashCodeWarning

The hashCode() method seems needed
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical581API abuse

SuspiciousInheritanceOfEqualsWarning

Equals() is inherited but extra fields have been added
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor187API abuse


ExceptionHandlers


BroadThrowsClauseWarning

The throws clause of a method or constructor declares a very generic exception type
CategorySeverityCWE IDSeven Pernicious Kingdom
StyleInfo397Error Handling

EmptyExceptionHandlerWarning

An exception handler has an empty body
CategorySeverityCWE IDSeven Pernicious Kingdom
StyleInfo390Error Handling

GenericExceptionHandlerWarning

An exception handler is used for a very generic exception type
CategorySeverityCWE IDSeven Pernicious Kingdom
StyleMinor396Error Handling

InappropriateExceptionHandlerWarning

An exception class is caught that should be rather prevented
CategorySeverityCWE IDSeven Pernicious Kingdom
StyleMinor395Error Handling


FieldAccess


FieldNeverReadWarning

A field is never read in the code
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMinor772Code Quality

FieldNeverUsedWarning

A field is never read nor written in the code
CategorySeveritiesCWE IDSeven Pernicious Kingdom
EfficiencyMinor, Major398Code Quality

FieldNeverWrittenWarning

A field is never written in the code
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMinor456Code Quality


FileAccess


FileAccessWithModeWorldWarning

A dangerous mode likely to cause security issues
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMinor732Security Features

FileWithWorldAccessibilityWarning

The file is world-readable-writable
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMinor732Security Features


Gdpr


LeakageOfPrivateDataThroughFieldUnknownSourceWarning

Some private data from an unknown source is leaked through a field
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMinor359Security Features

LeakageOfPrivateDataThroughFieldWarning

Some private data is leaked through a field
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical359Security Features

LeakageOfPrivateDataThroughParameterUnknownSourceWarning

Some private data from an unknown source is leaked through a parameter of a method call
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMinor359Security Features

LeakageOfPrivateDataThroughParameterWarning

Some private data is leaked through a parameter of a method call
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical359Security Features


GuardedBy


MissingSynchronizedWarning

A synchronized statement is needed to access a field
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical567Time and State

UnguardedFieldWarning

A field is accessed without the expected lock being held
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical567Time and State

UnguardedMethodOrConstructorWarning

A public or protected method or constructor might be called without the expected lock being held
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical820Time and State

UnguardedParameterWarning

A parameter of a method or constructor is accessed without the expected lock being held
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical567Time and State


ImproperField


FieldIsOnlyUsedInConstructorsWarning

A field is only used in a constructor and could hence be replaced by a local variable
CategorySeverityCWE IDSeven Pernicious Kingdom
EfficiencyMajor772Code Quality

FieldIsOnlyUsedInStaticInitialiserWarning

A field is only used inside a static initializer and could hence be replaced by a local variable
CategorySeverityCWE IDSeven Pernicious Kingdom
EfficiencyMinor772Code Quality

FieldShouldBeReplacedByLocalsWarning

A field should be replaced by local variables inside the methods that use it
CategorySeverityCWE IDSeven Pernicious Kingdom
EfficiencyMajor772Encapsulation

MutableEnumWarning

An enumeration can be muted
CategorySeverityCWE IDSeven Pernicious Kingdom
StyleMinor607Encapsulation

UselessFieldUpdateWarning

A field is updated but the written value is never used later
CategorySeverityCWE IDSeven Pernicious Kingdom
EfficiencyMinor563Code Quality


InefficientConstruction


InefficientBoxUnboxWarning

A box/unbox sequence can be simplified and made more efficient
CategorySeverityCWE IDSeven Pernicious Kingdom
EfficiencyMinor227Code Quality

InefficientConstructionForGetClassWarning

A class is only instantiated to get its class tag, instead of using its name and the .class pseudo-field
CategorySeverityCWE IDSeven Pernicious Kingdom
EfficiencyMinor227API abuse

InefficientConstructionWarning

The construction of an object might be replaced by a literal or by a call to a factory method
CategorySeverityCWE IDSeven Pernicious Kingdom
EfficiencyMinor400Code Quality

PassingEmptyArrayWarning

An empty array is passed to a method instead of an array of the proper size
CategorySeverityCWE IDSeven Pernicious Kingdom
EfficiencyMinor227API abuse


InfiniteRecursion


InfiniteRecursionWarning

A method call looks infinitely recursive
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMinor674Time and State


Injection


AddressInjectionIntoFieldWarning

Tainted data flows into a field annotated as @AddressTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical74Security Features

AddressInjectionIntoFieldWarningWithFlow

Tainted data flows into a field annotated as @AddressTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical74Security Features

AddressInjectionWarning

Tainted data might flow into the creation of an Internet address
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical74Security Features

AddressInjectionWarningWithFlow

Tainted data might flow into the creation of an Internet address
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical74Security Features

CodeInjectionIntoFieldWarning

Tainted data flows into a field annotated as @CodeTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical94Security Features

CodeInjectionIntoFieldWarningWithFlow

Tainted data flows into a field annotated as @CodeTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical94Security Features

CodeInjectionWarning

Tainted data might flow into a script execution routine
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical94Security Features

CodeInjectionWarningWithFlow

Tainted data might flow into a script execution routine
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical94Security Features

CommandInjectionIntoFieldWarning

Tainted data flows into a field annotated as @CommandTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical78Security Features

CommandInjectionIntoFieldWarningWithFlow

Tainted data flows into a field annotated as @CommandTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical78Security Features

CommandInjectionWarning

Tainted data might flow into a command execution routine
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical78Security Features

CommandInjectionWarningWithFlow

Tainted data might flow into a command execution routine
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical78Security Features

ControlInjectionIntoFieldWarning

Tainted data flows into a field annotated as @ControlTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical74Security Features

ControlInjectionIntoFieldWarningWithFlow

Tainted data flows into a field annotated as @ControlTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical74Security Features

ControlInjectionWarning

Tainted data might flow into a control modifying method
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical74Security Features

ControlInjectionWarningWithFlow

Tainted data might flow into a control modifying method
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical74Security Features

DOSInjectionIntoFieldWarning

Tainted data flows into a field annotated as @DenialTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical74Security Features

DOSInjectionIntoFieldWarningWithFlow

Tainted data flows into a field annotated as @DenialTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical74Security Features

DOSInjectionWarning

Tainted data might flow into a method that makes the computer sleep or wait
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical74Security Features

DOSInjectionWarningWithFlow

Tainted data might flow into a method that makes the computer sleep or wait
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical74Security Features

DeviceInjectionIntoFieldWarning

Tainted data flows into a field annotated as @DeviceTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical74Security Features

DeviceInjectionIntoFieldWarningWithFlow

Tainted data flows into a field annotated as @DeviceTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical74Security Features

DeviceInjectionWarning

Tainted data might flow into a property of the hardware device
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical74Security Features

DeviceInjectionWarningWithFlow

Tainted data might flow into a property of the hardware device
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical74Security Features

EvalInjectionIntoFieldWarning

Tainted data flows into a field annotated as @EvalTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical95Security Features

EvalInjectionIntoFieldWarningWithFlow

Tainted data flows into a field annotated as @EvalTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical95Security Features

EvalInjectionWarning

Tainted data might flow into code that dynamically evaluates an expression
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical95Security Features

EvalInjectionWarningWithFlow

Tainted data might flow into code that dynamically evaluates an expression
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical95Security Features

GenericInjectionIntoFieldWarning

Tainted data flows into a field annotated as @Trusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical74Security Features

GenericInjectionIntoFieldWarningWithFlow

Tainted data flows into a field annotated as @Trusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical74Security Features

GenericInjectionWarning

Tainted data might flow into a trusted parameter
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical74Security Features

GenericInjectionWarningWithFlow

Tainted data might flow into a trusted parameter
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical74Security Features

HttpResponseInjectionIntoFieldWarning

Tainted data flows into a field annotated as @HttpResponseTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical113Security Features

HttpResponseInjectionIntoFieldWarningWithFlow

Tainted data flows into a field annotated as @HttpResponseTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical113Security Features

HttpResponseSplittingWarning

Tainted data might flow into an HTTP response
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical113Security Features

HttpResponseSplittingWarningWithFlow

Tainted data might flow into an HTTP response
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical113Security Features

LDAPAttributeInjectionIntoFieldWarning

Tainted data flows into a field annotated as @AttributeTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical90Security Features

LDAPAttributeInjectionIntoFieldWarningWithFlow

Tainted data flows into a field annotated as @AttributeTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical90Security Features

LDAPAttributeInjectionWarning

Tainted data might flow into an LDAP attribute
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical90Security Features

LDAPAttributeInjectionWarningWithFlow

Tainted data might flow into an LDAP attribute
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical90Security Features

LDAPFilterInjectionIntoFieldWarning

Tainted data flows into a field annotated as @FilterTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical90Security Features

LDAPFilterInjectionIntoFieldWarningWithFlow

Tainted data flows into a field annotated as @FilterTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical90Security Features

LDAPFilterInjectionWarning

Tainted data might flow into the filter of an LDAP search
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical90Security Features

LDAPFilterInjectionWarningWithFlow

Tainted data might flow into the filter of an LDAP search
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical90Security Features

LogForgingWarning

Tainted data might flow into a log
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical117Security Features

LogForgingWarningWithFlow

Tainted data might flow into a log
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical117Security Features

LogInjectionIntoFieldWarning

Tainted data flows into a field annotated as @LogTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical117Security Features

LogInjectionIntoFieldWarningWithFlow

Tainted data flows into a field annotated as @LogTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical117Security Features

MessageInjectionIntoFieldWarning

Tainted data flows into a field annotated as @MessageTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical319Security Features

MessageInjectionIntoFieldWarningWithFlow

Tainted data flows into a field annotated as @MessageTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical319Security Features

MessageInjectionWarning

Tainted data might flow into a message sent by the device
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical319Security Features

MessageInjectionWarningWithFlow

Tainted data might flow into a message sent by the device
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical319Security Features

PathInjectionIntoFieldWarning

Tainted data flows into a field annotated as @PathTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical22Security Features

PathInjectionIntoFieldWarningWithFlow

Tainted data flows into a field annotated as @PathTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical22Security Features

PathInjectionWarning

Tainted data might flow into a file path creation method
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical22Security Features

PathInjectionWarningWithFlow

Tainted data might flow into a file path creation method
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical22Security Features

ReflectionInjectionIntoFieldWarning

Tainted data flows into a field annotated as @ReflectionTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical470Security Features

ReflectionInjectionIntoFieldWarningWithFlow

Tainted data flows into a field annotated as @ReflectionTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical470Security Features

ReflectionInjectionWarning

Tainted data might flow into a reflection method
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical470Security Features

ReflectionInjectionWarningWithFlow

Tainted data might flow into a reflection method
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical470Security Features

ResourceInjectionIntoFieldWarning

Tainted data flows into a field annotated as @ResourceTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical74Security Features

ResourceInjectionIntoFieldWarningWithFlow

Tainted data flows into a field annotated as @ResourceTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical74Security Features

ResourceInjectionWarning

Tainted data might flow into a variable annotated as @ResourceTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical74Security Features

ResourceInjectionWarningWithFlow

Tainted data might flow into a variable annotated as @ResourceTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical74Security Features

SessionInjectionIntoFieldWarning

Tainted data flows into a field annotated as @SessionTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical501Security Features

SessionInjectionIntoFieldWarningWithFlow

Tainted data flows into a field annotated as @SessionTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical501Security Features

SessionInjectionWarning

Tainted data might flow into a session
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical501Security Features

SessionInjectionWarningWithFlow

Tainted data might flow into a session
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical501Security Features

SqlInjectionIntoFieldWarning

The request of a servlet might flow into a field annotated as @SqlTrusted, unsanitized
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical89Security Features

SqlInjectionIntoFieldWarningWithFlow

The request of a servlet might flow into a field annotated as @SqlTrusted, unsanitized
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical89Security Features

SqlInjectionWarning

Tainted data might flow into an sql query, unsanitized
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical89Security Features

SqlInjectionWarningWithFlow

Tainted data might flow into an sql query, unsanitized
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical89Security Features

TrustBoundaryViolationIntoFieldWarning

Tainted data flows into a field annotated as @BoundaryTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical501Security Features

TrustBoundaryViolationIntoFieldWarningWithFlow

Tainted data flows into a field annotated as @BoundaryTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical501Security Features

TrustBoundaryViolationWarning

Tainted data might flow into a bundle of information that should not contain tainted pieces of information
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical501Security Features

TrustBoundaryViolationWarningWithFlow

Tainted data might flow into a bundle of information that should not contain tainted pieces of information
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical501Security Features

URLInjectionIntoFieldWarning

Tainted data flows into a field annotated as @UrlTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical74Security Features

URLInjectionIntoFieldWarningWithFlow

Tainted data flows into a field annotated as @UrlTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical74Security Features

URLInjectionWarning

Tainted data might flow into a URL creation
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical74Security Features

URLInjectionWarningWithFlow

Tainted data might flow into a URL creation
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical74Security Features

XPathInjectionIntoFieldWarning

Tainted data flows into a field annotated as @XPathTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical643Security Features

XPathInjectionIntoFieldWarningWithFlow

Tainted data flows into a field annotated as @XPathTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical643Security Features

XPathInjectionWarning

Tainted data might flow into an xpath creation method
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical643Security Features

XPathInjectionWarningWithFlow

Tainted data might flow into an xpath creation method
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical643Security Features

XSSInjectionIntoFieldWarning

Tainted data flows into a field annotated as @CrossSiteTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical79Security Features

XSSInjectionIntoFieldWarningWithFlow

Tainted data flows into a field annotated as @CrossSiteTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical79Security Features

XSSInjectionWarning

Tainted data might flow into a script execution routine
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical79Security Features

XSSInjectionWarningWithFlow

Tainted data might flow into a script execution routine
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical79Security Features


InnerClasses


AmbiguousCallFromInnerClassWarning

A method call from an inner class is ambiguous
CategorySeverityCWE IDSeven Pernicious Kingdom
StyleMinor227API abuse

InnerClassShouldBeStaticWarning

An inner class should be made static
CategorySeveritiesCWE IDSeven Pernicious Kingdom
EfficiencyMinor, Major492Encapsulation


JavascriptExecution


AllowedFileAccessFromFileURLsByDefaultWarning

Enabling by default access from other file scheme URLs
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMinor749Security Features

AllowedFileAccessFromFileURLsWarning

Enabling access from other file scheme URLs
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMinor749Security Features

AllowedUniversalAccessFromFileURLsByDefaultWarning

Enabling by default access from any origin
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMinor749Security Features

AllowedUniversalAccessFromFileURLsWarning

Enabling access from any origin
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMinor749Security Features

ExplicitJavascriptExecutionNotFoundWarning

If not required disable the Javascript execution
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor749Security Features

JavascriptEnabledWarning

Is it a safe Javascript execution ? If not required disable theJavascript execution
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMinor749Security Features

MissingJavascriptInterfaceAnnotationWarning

Missing @JavascriptInterface annotation
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor749Security Features

RiskyJavascriptInterfaceWarning

Unsafe instruction detected, it could lead in the execution of untrusted Java code
CategorySeveritiesCWE IDSeven Pernicious Kingdom
BugMajor, Critical749Security Features


Ldap


LDAPPoisoningWarning

An LDAP poisoning attack seems possible
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical349Security Features


Leak


LeakThroughCallbackFieldWarning

Data might be leaked by being stored into a field of an operating system callback
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor664Encapsulation

LeakThroughCallbackWarning

Data might be leaked through an operating system callback
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor664Encapsulation

LeakThroughFieldWarning

Data might be leaked by being stored into a field
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor664Encapsulation

LeakThroughInnerClass

Data might be leaked because of a non-static inner class
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor664Encapsulation


Nullness


ActualInnerNullWarning

An actual parameter passed to a method is an array or collection possibly containing null
CategoriesSeverityCWE IDSeven Pernicious Kingdoms
Bug, StyleMinor476API abuse, Error Handling

ActualNullWarning

An actual parameter passed to a method might be null
CategoriesSeverityCWE IDSeven Pernicious Kingdoms
Bug, StyleMinor476API abuse, Error Handling

ArrayLengthOfNullWarning

The length of a possibly null array is computed
CategoriesSeveritiesCWE IDSeven Pernicious Kingdoms
Bug, StyleMinor, Major476API abuse, Error Handling

ArrayLoadFromNullWarning

An element of a possibly null array is read
CategoriesSeveritiesCWE IDSeven Pernicious Kingdoms
Bug, StyleMinor, Major476API abuse, Error Handling

ArrayStoreIntoNullWarning

An element of a possibly null array is written
CategoriesSeveritiesCWE IDSeven Pernicious Kingdoms
Bug, StyleMinor, Major476API abuse, Error Handling

CallOnNullWarning

A method call might occur on a null receiver
CategoriesSeverityCWE IDSeven Pernicious Kingdoms
Bug, StyleMinor476API abuse, Error Handling

FieldInnerNullWarning

A field holds an array or collection possibly containing null
CategoriesSeverityCWE IDSeven Pernicious Kingdoms
Bug, StyleMinor476API abuse, Error Handling

FieldNullWarning

A field might hold null
CategoriesSeverityCWE IDSeven Pernicious Kingdoms
Bug, StyleMinor476API abuse, Error Handling

FormalInnerNullWarning

A formal parameter of a method or constructor is an array or collection possibly containing null
CategoriesSeverityCWE IDSeven Pernicious Kingdoms
Bug, StyleMinor476API abuse, Error Handling

FormalNullWarning

A formal parameter of a method or constructor might hold null
CategoriesSeverityCWE IDSeven Pernicious Kingdoms
Bug, StyleMinor476API abuse, Error Handling

GetFieldFromNullWarning

A field is read from a possibly null receiver
CategoriesSeverityCWE IDSeven Pernicious Kingdoms
Bug, StyleMinor476API abuse, Error Handling

MethodReturnsInnerNullWarning

A method returns an array or collection possibly containing null
CategoriesSeverityCWE IDSeven Pernicious Kingdoms
Bug, StyleMinor476API abuse, Error Handling

MethodReturnsNullWarning

A method might return null
CategoriesSeverityCWE IDSeven Pernicious Kingdoms
Bug, StyleMinor476API abuse, Error Handling

PutFieldIntoNullWarning

A field is written into a possibly null receiver
CategoriesSeverityCWE IDSeven Pernicious Kingdoms
Bug, StyleMinor476API abuse, Error Handling

SynchronizationOnNullWarning

A synchronization might occur on null
CategoriesSeveritiesCWE IDSeven Pernicious Kingdoms
Bug, StyleMinor, Major476API abuse, Error Handling

ThrowOfNullWarning

A throw command might throw null
CategoriesSeveritiesCWE IDSeven Pernicious Kingdoms
Bug, StyleMinor, Major476API abuse, Error Handling

UselessNullnessTestOfFieldWarning

A comparison of a field against null is always true or always false
CategorySeverityCWE IDSeven Pernicious Kingdom
EfficiencyMajor398Code Quality

UselessNullnessTestOfFormalWarning

A comparison of a formal parameter against null is always true or always false
CategorySeverityCWE IDSeven Pernicious Kingdom
EfficiencyMinor398Code Quality

UselessNullnessTestOfMethodReturnWarning

A comparison of the return value of a method against null is always true or always false
CategorySeverityCWE IDSeven Pernicious Kingdom
EfficiencyMajor253Code Quality

UselessNullnessTestWarning

A comparison of a value against null is always true or always false
CategorySeverityCWE IDSeven Pernicious Kingdom
EfficiencyMajor398Code Quality


Passwords


HardcodedPasswordWarning

A hardcoded password is used
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor259Security Features

PasswordInPropertyFileWarning

A password is retrieved from a property file
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor522Security Features


PrivacyAndroid


MessageInjectionIntoFieldWarning

Tainted data flows into a field annotated as @MessageTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical319Security Features

MessageInjectionWarning

Tainted data might flow into a message sent by the device
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical319Security Features

URLInjectionIntoFieldWarning

Tainted data flows into a field annotated as @UrlTrusted
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical74Security Features

URLInjectionWarning

Tainted data might flow into a URL creation
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical74Security Features


Production


InadequateCallInProductionWarning

A method should not be called in production code
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor477Error Handling

UseLogInsteadWarning

A method should be replaced with a logging code in production code
CategorySeverityCWE IDSeven Pernicious Kingdom
StyleMajor477Error Handling


Random


InsecureRandomWarning

An insecure random number generator is used instead of a secure one
CategorySeverityCWE IDSeven Pernicious Kingdom
StyleInfo330Security Features

SuboptimalRandomNumberWarning

A random number generator is recreated just before its use
CategorySeverityCWE IDSeven Pernicious Kingdom
EfficiencyMinor332Code Quality

UseOfFixedSeedWarning

A fixed seed is used instead of a random one
CategorySeverityCWE IDSeven Pernicious Kingdom
StyleInfo330Security Features


Resources


HardcodedFileNameWarning

A file name is provided as a hardcoded string
CategorySeveritiesCWE IDSeven Pernicious Kingdom
StyleMinor, Major547Encapsulation


SensitiveDataCaching


SensitiveDataExposureThroughCachingWarning

Sensitive data might flow into a cache
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical524Security Features

SensitiveDataExposureThroughCachingWarningWithFlow

Sensitive data might flow into a cache
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical524Security Features

SensitiveDataStoredInExternalStorageWarning

Sensitive data might flow into a external storage
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical538Security Features

SensitiveDataStoredInExternalStorageWarningWithFlow

Sensitive data might flow into a external storage
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical538Security Features

SensitiveDataStoredInFileWarning

Sensitive data might flow into a file
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical538Security Features

SensitiveDataStoredInFileWarningWithFlow

Sensitive data might flow into a file
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical538Security Features


Serialization


MissingSerialVersionFieldWarning

Missing or incorrect serialVersionUID in serializable class
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMinor913Improper Input Validation and Verification

NonSerializableElementsOfFieldWarning

A non-transient field of a serializable class might hold a map or collection whose elements might be non-serializable
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor913API abuse

NonSerializableFieldWarning

A non-transient field of a serializable class might hold a non-serializable value
CategorySeveritiesCWE IDSeven Pernicious Kingdom
BugMinor, Major913API abuse

NonSerializableOuterClassWarning

An inner non-static serializable class has a non-serializable outer class
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor913API abuse

UnexpectedSerialVersionFieldWarning

A serialVersionUID field is defined where it is not expected
CategorySeverityCWE IDSeven Pernicious Kingdom
EfficiencyMinor913API abuse


ShortCircuit


ANDAgainstConstantWarning

An & operation operates on a Boolean constant
CategorySeverityCWE IDSeven Pernicious Kingdom
EfficiencyMinor480Code Quality

InefficientSameValueANDWarning

&& should be used instead of & for better efficiency
CategorySeverityCWE IDSeven Pernicious Kingdom
EfficiencyMinor480Code Quality

InefficientSameValueORWarning

|| should be used instead of | for better efficiency
CategorySeverityCWE IDSeven Pernicious Kingdom
EfficiencyMinor480Code Quality

NonShortCircuitANDWarning

There is a suspicious use of & instead of &&
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor768Improper Input Validation and Verification

NonShortCircuitORWarning

There is a suspicious use of | instead of ||
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor768Improper Input Validation and Verification

ORAgainstConstantWarning

An | operation operates on a Boolean constant
CategorySeverityCWE IDSeven Pernicious Kingdom
EfficiencyMinor480Code Quality


SideEffects


SideEffectInAssertionWarning

An assertion checks a condition with side-effects
CategorySeverityCWE IDSeven Pernicious Kingdom
StyleMinor665Time and State


StaticFieldAccess


SetStaticInNonStaticWarning

A static field has been modified from a non-static method
CategorySeverityCWE IDSeven Pernicious Kingdom
StyleMinor398API abuse


UnsafeConnection


AllowAllHostnameVerifierWarning

An unsafe method is used for verifying a hostname
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor287Security Features

AllowAllTrustVerifierWarning

An unsafe method is used for verifying a certificate
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor295Security Features

BadHostnameVerifierWarning

A method intended for hostname verification always returns true
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor287Security Features

BadTrustVerifierWarning

An unsafe method is used for verifying a certificate
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor295Security Features

HostnameNotVerifiedWarning

A hostname is never verified
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor295Security Features

InsecureSocketFactoryWarning

An insecure socket factory is used
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor295Security Features

NotRecommendedHardwareIdFromFieldWarning

A field containing a hardware identifier is used
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor200Security Features

NotRecommendedHardwareIdFromParameterWarning

A method that returns a hardware identifier is invoked
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor200Security Features

NotRecommendedHardwareIdWarning

A method that returns a hardware identifier is invoked
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor200Security Features


UnusedClass


UnusedClassWarning

A class is not used
CategorySeverityCWE IDSeven Pernicious Kingdom
EfficiencyMinor398Code Quality


UnusedReturnValue


ReturnValueShouldBeUsedWarning

The returned value of a non-void method is thrown away but should instead be checked or used
CategorySeveritiesCWE IDSeven Pernicious Kingdom
BugMinor, Critical252API abuse

UselessCallToAPureMethodWarning

A call to a pure method is performed and the returned value is missing or discarded
CategorySeveritiesCWE IDSeven Pernicious Kingdom
BugMajor, Critical227API abuse


UseOfUncontrolledExternalData


AllowAllFragmentsWarning

An unsafe method is used for fragment validation
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor287Security Features

ExternalDataInVulnerableMethodWarning

Tainted external data might flow into vulnerable point
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical74Security Features

FragmentInjectionWarning

Tainted data might flow into a fragment execution, unvalidated
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor470Security Features

ShouldBeOverriddenIsValidFragmentMethodWarning

IsValidFragment() should be overridden
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical74Security Features


UselessAssignment


AssignmentToUnreadParameterWarning

A parameter is assigned before being read
CategorySeveritiesCWE IDSeven Pernicious Kingdom
BugMajor, Critical563Time and State

AssignmentToUnusedParameterWarning

A parameter is assigned but the written value is never used later
CategorySeveritiesCWE IDSeven Pernicious Kingdom
BugMajor, Critical563Time and State

AssignmentToUnusedVariableWarning

A variable is assigned but the written value is never used later
CategoriesSeveritiesCWE IDSeven Pernicious Kingdoms
Bug, EfficiencyMinor, Critical563Time and State, Code Quality

TautologicalAssignmentWarning

A field is assigned to itself
CategorySeveritiesCWE IDSeven Pernicious Kingdoms
BugMajor, Critical665Time and State, Code Quality

UselessAssignmentToDefaultValueWarning

A field is assigned in a constructor or finaliser to its default value
CategorySeverityCWE IDSeven Pernicious Kingdom
StyleMinor665Code Quality


UselessCall


UselessCallForIntegralValueWarning

A call is useless when its argument is an integral value
CategorySeverityCWE IDSeven Pernicious Kingdom
EfficiencyMinor227API abuse

UselessCallWarning

A method call seems useless
CategorySeverityCWE IDSeven Pernicious Kingdom
EfficiencyMajor398Code Quality


UselessConstruction


UselessConstructionWarning

An object is created and not assigned, although its construction has only side-effects on that object
CategoriesSeverityCWE IDsSeven Pernicious Kingdoms
Bug, EfficiencyMajor392, 771Error Handling, Code Quality


UselessInstanceof


ImpossibleInstanceofWarning

An instanceof test is always true or always false
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor570Code Quality

TautologicalInstanceofWarning

An instanceof test is always true or always false
CategorySeverityCWE IDSeven Pernicious Kingdom
EfficiencyMajor571Code Quality

UnexpectedInstanceofWarning

An instanceof test should not be used
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor227Improper Input Validation and Verification


UselessTest


TestIsPredeterminedWarning

A test is always true or always false and can hence be removed
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMajor571Code Quality

UselessTestWarning

The result of a test is not used and the test can hence be removed
CategorySeverityCWE IDSeven Pernicious Kingdom
EfficiencyMajor398Code Quality


Xxe


XXEAttackWarning

A method call might perform an unrestricted XML external entity reference
CategorySeverityCWE IDSeven Pernicious Kingdom
BugCritical611Security Features


Zip


EmptyJarEntryWarning

An empty jar entry is added to a jar file
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMinor909API abuse

EmptyZipEntryWarning

An empty zip entry is added to a zip file
CategorySeverityCWE IDSeven Pernicious Kingdom
BugMinor909API abuse