Java

Java

By DeepSource

`equals` method defined for enumerationJAVA-E0096
Bug risk

This enum defines an overload for the equals method using the enum's own class type. The equals() method of an enum is not meant to be overloaded (or overridden), and doing so may cause weird bugs to crop up when values of this enum are compared.

Audit: Biometric authentication should always be used with a cryptographic objectJAVA-A1030
Security

Biometric authentication should not be performed without an associated CryptoObject value.

Audit: Unsafe Jackson deserialization configurations should not be usedJAVA-A1024
Security

Using features such as @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS) or ObjectMapper.enableDefaultTyping() with Jackson can be a security risk, as such configurations are stepping stones towards a successful exploit.

Jackson is a well known serialization/deserialization library for Java that supports deserializing data based solely on type information contained within it. This mechanism can be abused through "deserialization gadgets" to execute attacks on the target system.

Avoid specifying unsafe configurations for Jackson deserialization.

Waiting with two locks held is likely to cause a deadlockJAVA-E0139
Bug risk

Waiting on a monitor while two locks are held may cause deadlock. This can also happen with Lock and Condition primitives from the java.util.concurrent package.

Maximum pool size of `ScheduledThreadPoolExecutor` cannot be changedJAVA-W0012
Anti-pattern

It is not possible to change the max pool size of a ScheduledThreadPoolExecutor using the setter functions inherited from ThreadPoolExecutor.