Java

Java

By DeepSource

Storing an externally mutable value into a private static field may expose internal state JAVA-S0134
Security

This code stores a reference to an externally mutable object into a static field. If unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. It may be possible for external code to inspect or change the value of the static field by holding a reference to it after passing it to this class.

Public static method returns freely modifiable array that may expose internal state JAVA-S0131
Security

A public static method returns a reference to an array that is part of the static state of the class. Any code that calls this method can freely modify the underlying array. This is dangerous because it could allow external code to modify the behavior of the class by changing data asssumed to be invariant.

Database password field is empty JAVA-S0014
Security

The password field for this database connection is empty.

Non-constant string passed to execute or addBatch method on an SQL statement JAVA-S0082
Security

The method invokes the execute or addBatch method on an SQL statement with a String that seems to be dynamically generated. This can allow SQL injection attacks to occur.

SSLContext instances should not be constructed using "SSL" JAVA-A1059
Security

SSLContext should be initialized with "TLS" in order to use more recent TLS versions. If SSL is used instead as the protocol string, the implementation will default to an older, insecure version of TLS or SSL.