The below table will provide you with insight into currently supported Java security checks.
| Sr. No | Supported Rules |
|---|---|
| 1 | CWE-352 : Do not disable spring security's CSRF |
| 2 | CWE-359 : Avoid logging of application sensitive data |
| 3 | CWE- 624: Regex pattern coming as input (method parameter, web request attribute, etc.) |
| 4 | CWE- 459: Close the resources in finally block |
| 5 | CWE- 404: Close the resources in finally block |
| 6 | CWE- 330: Secure Random should not initialize in method |
| 7 | CWE- 327: Use a stronger cipher algorithm |
| 8 | CWE- 833: Avoid using Thread.sleep() in a synchronized block or method |
| 9 | CWE- 820: Non-private field accessed in synchronized block indicates possibly partial synchronization |
| 10 | CWE- 521: Use password while creating database connection. |
| 11 | CWE- 78: Potential Command Injection |
| 12 | CWE- 521: LDAP connections should be authenticated |
| 13 | CWE- 489: Web applications should not have a \"main\" method |
| 14 | CWE- 807: HttpServletRequest.getRequestedSessionId() should not be used |
| 15 | CWE- 22: Potential Path Traversal |
| 16 | CWE- 312: Accessing Android external storage is security-sensitive |
| 17 | CWE- 20: Accessing Android external storage is security-sensitive |
| 18 | CWE- 502:Using unsafe Jackson deserialization configuration is security-sensitive |
| 19 | CWE- 15: Setting JavaBean properties is security-sensitive |
| 20 | CWE- 572: Do not call run() method directly |
| 21 | CWE- 586: RunFinalizersOnExit Should Not Be Called |
| 22 | CWE- 579: Non Serializable In Session |
| 23 | CWE- 500: Public Static Field Should Be Final |
| 24 | CWE- 585: Empty Synchronized Block |
| 25 | CWE- 584: Return In Finally Block |
| 26 | CWE- 586: Explicit Call To Finalize |