SpotBugs Bug Detector Report
The following document contains the results of SpotBugs
SpotBugs Version is 4.9.3
Threshold is medium
Effort is default
Summary
| Classes | Bugs | Errors | Missing Classes |
|---|---|---|---|
| 223 | 235 | 0 | 0 |
Files
com.jsql.model.InjectionModel
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.jsql.model.InjectionModel.getMediatorStrategy() may expose internal representation by returning InjectionModel.mediatorStrategy | MALICIOUS_CODE | EI_EXPOSE_REP | 690 | Medium |
| com.jsql.model.InjectionModel.getMediatorUtils() may expose internal representation by returning InjectionModel.mediatorUtils | MALICIOUS_CODE | EI_EXPOSE_REP | 670 | Medium |
| com.jsql.model.InjectionModel.getMediatorVendor() may expose internal representation by returning InjectionModel.mediatorVendor | MALICIOUS_CODE | EI_EXPOSE_REP | 674 | Medium |
| com.jsql.model.InjectionModel.getResourceAccess() may expose internal representation by returning InjectionModel.resourceAccess | MALICIOUS_CODE | EI_EXPOSE_REP | 686 | Medium |
| com.jsql.model.InjectionModel is Serializable; consider declaring a serialVersionUID | BAD_PRACTICE | SE_NO_SERIALVERSIONID | 62-699 | Medium |
com.jsql.model.MediatorUtils
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.jsql.model.MediatorUtils.getAuthenticationUtil() may expose internal representation by returning MediatorUtils.authenticationUtil | MALICIOUS_CODE | EI_EXPOSE_REP | 53 | Medium |
| com.jsql.model.MediatorUtils.getConnectionUtil() may expose internal representation by returning MediatorUtils.connectionUtil | MALICIOUS_CODE | EI_EXPOSE_REP | 49 | Medium |
| com.jsql.model.MediatorUtils.getCsrfUtil() may expose internal representation by returning MediatorUtils.csrfUtil | MALICIOUS_CODE | EI_EXPOSE_REP | 158 | Medium |
| com.jsql.model.MediatorUtils.getDigestUtil() may expose internal representation by returning MediatorUtils.digestUtil | MALICIOUS_CODE | EI_EXPOSE_REP | 166 | Medium |
| com.jsql.model.MediatorUtils.getExceptionUtil() may expose internal representation by returning MediatorUtils.exceptionUtil | MALICIOUS_CODE | EI_EXPOSE_REP | 69 | Medium |
| com.jsql.model.MediatorUtils.getFormUtil() may expose internal representation by returning MediatorUtils.formUtil | MALICIOUS_CODE | EI_EXPOSE_REP | 174 | Medium |
| com.jsql.model.MediatorUtils.getPreferencesUtil() may expose internal representation by returning MediatorUtils.preferencesUtil | MALICIOUS_CODE | EI_EXPOSE_REP | 81 | Medium |
| com.jsql.model.MediatorUtils.getProxyUtil() may expose internal representation by returning MediatorUtils.proxyUtil | MALICIOUS_CODE | EI_EXPOSE_REP | 85 | Medium |
| com.jsql.model.MediatorUtils.getTamperingUtil() may expose internal representation by returning MediatorUtils.tamperingUtil | MALICIOUS_CODE | EI_EXPOSE_REP | 97 | Medium |
| com.jsql.model.MediatorUtils.getThreadUtil() may expose internal representation by returning MediatorUtils.threadUtil | MALICIOUS_CODE | EI_EXPOSE_REP | 89 | Medium |
| com.jsql.model.MediatorUtils.getUserAgentUtil() may expose internal representation by returning MediatorUtils.userAgentUtil | MALICIOUS_CODE | EI_EXPOSE_REP | 93 | Medium |
| com.jsql.model.MediatorUtils.setAuthenticationUtil(AuthenticationUtil) may expose internal representation by storing an externally mutable object into MediatorUtils.authenticationUtil | MALICIOUS_CODE | EI_EXPOSE_REP2 | 110 | Medium |
| com.jsql.model.MediatorUtils.setConnectionUtil(ConnectionUtil) may expose internal representation by storing an externally mutable object into MediatorUtils.connectionUtil | MALICIOUS_CODE | EI_EXPOSE_REP2 | 106 | Medium |
| com.jsql.model.MediatorUtils.setCsrfUtil(CsrfUtil) may expose internal representation by storing an externally mutable object into MediatorUtils.csrfUtil | MALICIOUS_CODE | EI_EXPOSE_REP2 | 162 | Medium |
| com.jsql.model.MediatorUtils.setDigestUtil(DigestUtil) may expose internal representation by storing an externally mutable object into MediatorUtils.digestUtil | MALICIOUS_CODE | EI_EXPOSE_REP2 | 170 | Medium |
| com.jsql.model.MediatorUtils.setExceptionUtil(ExceptionUtil) may expose internal representation by storing an externally mutable object into MediatorUtils.exceptionUtil | MALICIOUS_CODE | EI_EXPOSE_REP2 | 126 | Medium |
| com.jsql.model.MediatorUtils.setFormUtil(FormUtil) may expose internal representation by storing an externally mutable object into MediatorUtils.formUtil | MALICIOUS_CODE | EI_EXPOSE_REP2 | 178 | Medium |
| com.jsql.model.MediatorUtils.setPreferencesUtil(PreferencesUtil) may expose internal representation by storing an externally mutable object into MediatorUtils.preferencesUtil | MALICIOUS_CODE | EI_EXPOSE_REP2 | 138 | Medium |
| com.jsql.model.MediatorUtils.setProxyUtil(ProxyUtil) may expose internal representation by storing an externally mutable object into MediatorUtils.proxyUtil | MALICIOUS_CODE | EI_EXPOSE_REP2 | 142 | Medium |
| com.jsql.model.MediatorUtils.setTamperingUtil(TamperingUtil) may expose internal representation by storing an externally mutable object into MediatorUtils.tamperingUtil | MALICIOUS_CODE | EI_EXPOSE_REP2 | 150 | Medium |
| com.jsql.model.MediatorUtils.setThreadUtil(ThreadUtil) may expose internal representation by storing an externally mutable object into MediatorUtils.threadUtil | MALICIOUS_CODE | EI_EXPOSE_REP2 | 146 | Medium |
| com.jsql.model.MediatorUtils.setUserAgentUtil(UserAgentUtil) may expose internal representation by storing an externally mutable object into MediatorUtils.userAgentUtil | MALICIOUS_CODE | EI_EXPOSE_REP2 | 154 | Medium |
com.jsql.model.accessible.CallableFile
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.jsql.model.accessible.CallableFile.getSuspendableReadFile() may expose internal representation by returning CallableFile.suspendableReadFile | MALICIOUS_CODE | EI_EXPOSE_REP | 118 | Medium |
| new com.jsql.model.accessible.CallableFile(String, InjectionModel) may expose internal representation by storing an externally mutable object into CallableFile.injectionModel | MALICIOUS_CODE | EI_EXPOSE_REP2 | 51 | Medium |
com.jsql.model.accessible.CallableHttpHead
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| new com.jsql.model.accessible.CallableHttpHead(String, InjectionModel, String) may expose internal representation by storing an externally mutable object into CallableHttpHead.injectionModel | MALICIOUS_CODE | EI_EXPOSE_REP2 | 55 | Medium |
com.jsql.model.accessible.DataAccess
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| new com.jsql.model.accessible.DataAccess(InjectionModel) may expose internal representation by storing an externally mutable object into DataAccess.injectionModel | MALICIOUS_CODE | EI_EXPOSE_REP2 | 92 | Medium |
com.jsql.model.accessible.ResourceAccess
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.jsql.model.accessible.ResourceAccess.getExploitPostgres() may expose internal representation by returning ResourceAccess.exploitPostgres | MALICIOUS_CODE | EI_EXPOSE_REP | 690 | Medium |
| new com.jsql.model.accessible.ResourceAccess(InjectionModel) may expose internal representation by storing an externally mutable object into ResourceAccess.injectionModel | MALICIOUS_CODE | EI_EXPOSE_REP2 | 121 | Medium |
| Format string should use %n rather than \n in com.jsql.model.accessible.ResourceAccess.callCommand(String, boolean) | BAD_PRACTICE | VA_FORMAT_STRING_USES_NEWLINE | 321 | Medium |
| Format string should use %n rather than \n in com.jsql.model.accessible.ResourceAccess.runWebShell(String, UUID, String, boolean) | BAD_PRACTICE | VA_FORMAT_STRING_USES_NEWLINE | 342 | Medium |
com.jsql.model.accessible.vendor.ExploitDerby
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.jsql.model.accessible.vendor.ExploitDerby.getModelYaml() may expose internal representation by returning ExploitDerby.modelYaml | MALICIOUS_CODE | EI_EXPOSE_REP | 141 | Medium |
| new com.jsql.model.accessible.vendor.ExploitDerby(InjectionModel) may expose internal representation by storing an externally mutable object into ExploitDerby.injectionModel | MALICIOUS_CODE | EI_EXPOSE_REP2 | 37 | Medium |
com.jsql.model.accessible.vendor.ExploitH2
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.jsql.model.accessible.vendor.ExploitH2.getModelYaml() may expose internal representation by returning ExploitH2.modelYaml | MALICIOUS_CODE | EI_EXPOSE_REP | 175 | Medium |
| new com.jsql.model.accessible.vendor.ExploitH2(InjectionModel) may expose internal representation by storing an externally mutable object into ExploitH2.injectionModel | MALICIOUS_CODE | EI_EXPOSE_REP2 | 37 | Medium |
| Format string should use %n rather than \n in com.jsql.model.accessible.vendor.ExploitH2.runRce(String, UUID) | BAD_PRACTICE | VA_FORMAT_STRING_USES_NEWLINE | 71 | Medium |
com.jsql.model.accessible.vendor.ExploitHsqldb
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.jsql.model.accessible.vendor.ExploitHsqldb.getModelYaml() may expose internal representation by returning ExploitHsqldb.modelYaml | MALICIOUS_CODE | EI_EXPOSE_REP | 141 | Medium |
| new com.jsql.model.accessible.vendor.ExploitHsqldb(InjectionModel) may expose internal representation by storing an externally mutable object into ExploitHsqldb.injectionModel | MALICIOUS_CODE | EI_EXPOSE_REP2 | 38 | Medium |
com.jsql.model.accessible.vendor.ExploitMysql
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Found reliance on default encoding in com.jsql.model.accessible.vendor.ExploitMysql.copyBodyToShare(String, String): String.getBytes() | I18N | DM_DEFAULT_ENCODING | 505 | High |
| Found reliance on default encoding in com.jsql.model.accessible.vendor.ExploitMysql.create(String, String, String, String, BinaryOperator, String, ExploitMode): String.getBytes() | I18N | DM_DEFAULT_ENCODING | 171 | High |
| com.jsql.model.accessible.vendor.ExploitMysql.getModelYaml() may expose internal representation by returning ExploitMysql.modelYaml | MALICIOUS_CODE | EI_EXPOSE_REP | 520 | Medium |
| new com.jsql.model.accessible.vendor.ExploitMysql(InjectionModel) may expose internal representation by storing an externally mutable object into ExploitMysql.injectionModel | MALICIOUS_CODE | EI_EXPOSE_REP2 | 53 | Medium |
| Format string should use %n rather than \n in com.jsql.model.accessible.vendor.ExploitMysql.runRceCmd(String, UUID) | BAD_PRACTICE | VA_FORMAT_STRING_USES_NEWLINE | 457 | Medium |
com.jsql.model.accessible.vendor.ExploitOracle
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| new com.jsql.model.accessible.vendor.ExploitOracle(InjectionModel) may expose internal representation by storing an externally mutable object into ExploitOracle.injectionModel | MALICIOUS_CODE | EI_EXPOSE_REP2 | 30 | Medium |
| Format string should use %n rather than \n in com.jsql.model.accessible.vendor.ExploitOracle.runRceCmd(String, UUID) | BAD_PRACTICE | VA_FORMAT_STRING_USES_NEWLINE | 89 | Medium |
com.jsql.model.accessible.vendor.ExploitPostgres
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.jsql.model.accessible.vendor.ExploitPostgres.getModelYaml() may expose internal representation by returning ExploitPostgres.modelYaml | MALICIOUS_CODE | EI_EXPOSE_REP | 592 | Medium |
| new com.jsql.model.accessible.vendor.ExploitPostgres(InjectionModel) may expose internal representation by storing an externally mutable object into ExploitPostgres.injectionModel | MALICIOUS_CODE | EI_EXPOSE_REP2 | 43 | Medium |
| Format string should use %n rather than \n in com.jsql.model.accessible.vendor.ExploitPostgres.runRceArchiveCmd(String, UUID) | BAD_PRACTICE | VA_FORMAT_STRING_USES_NEWLINE | 337 | Medium |
| Format string should use %n rather than \n in com.jsql.model.accessible.vendor.ExploitPostgres.runRceExtensionCmd(String, UUID) | BAD_PRACTICE | VA_FORMAT_STRING_USES_NEWLINE | 398 | Medium |
| Format string should use %n rather than \n in com.jsql.model.accessible.vendor.ExploitPostgres.runRceLibraryCmd(String, UUID) | BAD_PRACTICE | VA_FORMAT_STRING_USES_NEWLINE | 241 | Medium |
| Format string should use %n rather than \n in com.jsql.model.accessible.vendor.ExploitPostgres.runRceProgramCmd(String, UUID) | BAD_PRACTICE | VA_FORMAT_STRING_USES_NEWLINE | 364 | Medium |
com.jsql.model.accessible.vendor.ExploitSqlite
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.jsql.model.accessible.vendor.ExploitSqlite.getModelYaml() may expose internal representation by returning ExploitSqlite.modelYaml | MALICIOUS_CODE | EI_EXPOSE_REP | 166 | Medium |
| new com.jsql.model.accessible.vendor.ExploitSqlite(InjectionModel) may expose internal representation by storing an externally mutable object into ExploitSqlite.injectionModel | MALICIOUS_CODE | EI_EXPOSE_REP2 | 37 | Medium |
| Format string should use %n rather than \n in com.jsql.model.accessible.vendor.ExploitSqlite.runRce(String, UUID) | BAD_PRACTICE | VA_FORMAT_STRING_USES_NEWLINE | 68 | Medium |
com.jsql.model.accessible.vendor.derby.ModelYamlDerby
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.jsql.model.accessible.vendor.derby.ModelYamlDerby.getFile() may expose internal representation by returning ModelYamlDerby.file | MALICIOUS_CODE | EI_EXPOSE_REP | 8 | Medium |
| com.jsql.model.accessible.vendor.derby.ModelYamlDerby.setFile(File) may expose internal representation by storing an externally mutable object into ModelYamlDerby.file | MALICIOUS_CODE | EI_EXPOSE_REP2 | 12 | Medium |
com.jsql.model.accessible.vendor.h2.ModelYamlH2
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.jsql.model.accessible.vendor.h2.ModelYamlH2.getFile() may expose internal representation by returning ModelYamlH2.file | MALICIOUS_CODE | EI_EXPOSE_REP | 17 | Medium |
| com.jsql.model.accessible.vendor.h2.ModelYamlH2.getRce() may expose internal representation by returning ModelYamlH2.rce | MALICIOUS_CODE | EI_EXPOSE_REP | 9 | Medium |
| com.jsql.model.accessible.vendor.h2.ModelYamlH2.setFile(File) may expose internal representation by storing an externally mutable object into ModelYamlH2.file | MALICIOUS_CODE | EI_EXPOSE_REP2 | 21 | Medium |
| com.jsql.model.accessible.vendor.h2.ModelYamlH2.setRce(Rce) may expose internal representation by storing an externally mutable object into ModelYamlH2.rce | MALICIOUS_CODE | EI_EXPOSE_REP2 | 13 | Medium |
com.jsql.model.accessible.vendor.hsqldb.File
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.jsql.model.accessible.vendor.hsqldb.File.getRead() may expose internal representation by returning File.read | MALICIOUS_CODE | EI_EXPOSE_REP | 19 | Medium |
| com.jsql.model.accessible.vendor.hsqldb.File.setRead(Read) may expose internal representation by storing an externally mutable object into File.read | MALICIOUS_CODE | EI_EXPOSE_REP2 | 23 | Medium |
com.jsql.model.accessible.vendor.hsqldb.ModelYamlHsqldb
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.jsql.model.accessible.vendor.hsqldb.ModelYamlHsqldb.getFile() may expose internal representation by returning ModelYamlHsqldb.file | MALICIOUS_CODE | EI_EXPOSE_REP | 8 | Medium |
| com.jsql.model.accessible.vendor.hsqldb.ModelYamlHsqldb.setFile(File) may expose internal representation by storing an externally mutable object into ModelYamlHsqldb.file | MALICIOUS_CODE | EI_EXPOSE_REP2 | 12 | Medium |
com.jsql.model.accessible.vendor.mysql.AddFile
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.jsql.model.accessible.vendor.mysql.AddFile.getTempTable() may expose internal representation by returning AddFile.tempTable | MALICIOUS_CODE | EI_EXPOSE_REP | 30 | Medium |
| com.jsql.model.accessible.vendor.mysql.AddFile.setTempTable(TempTable) may expose internal representation by storing an externally mutable object into AddFile.tempTable | MALICIOUS_CODE | EI_EXPOSE_REP2 | 34 | Medium |
com.jsql.model.accessible.vendor.mysql.ModelYamlMysql
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.jsql.model.accessible.vendor.mysql.ModelYamlMysql.getFile() may expose internal representation by returning ModelYamlMysql.file | MALICIOUS_CODE | EI_EXPOSE_REP | 12 | Medium |
| com.jsql.model.accessible.vendor.mysql.ModelYamlMysql.getUdf() may expose internal representation by returning ModelYamlMysql.udf | MALICIOUS_CODE | EI_EXPOSE_REP | 20 | Medium |
| com.jsql.model.accessible.vendor.mysql.ModelYamlMysql.setFile(File) may expose internal representation by storing an externally mutable object into ModelYamlMysql.file | MALICIOUS_CODE | EI_EXPOSE_REP2 | 16 | Medium |
| com.jsql.model.accessible.vendor.mysql.ModelYamlMysql.setUdf(Udf) may expose internal representation by storing an externally mutable object into ModelYamlMysql.udf | MALICIOUS_CODE | EI_EXPOSE_REP2 | 24 | Medium |
com.jsql.model.accessible.vendor.mysql.Udf
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.jsql.model.accessible.vendor.mysql.Udf.getAddFile() may expose internal representation by returning Udf.addFile | MALICIOUS_CODE | EI_EXPOSE_REP | 32 | Medium |
| com.jsql.model.accessible.vendor.mysql.Udf.getAddFunction() may expose internal representation by returning Udf.addFunction | MALICIOUS_CODE | EI_EXPOSE_REP | 40 | Medium |
| com.jsql.model.accessible.vendor.mysql.Udf.setAddFile(AddFile) may expose internal representation by storing an externally mutable object into Udf.addFile | MALICIOUS_CODE | EI_EXPOSE_REP2 | 36 | Medium |
| com.jsql.model.accessible.vendor.mysql.Udf.setAddFunction(AddFunction) may expose internal representation by storing an externally mutable object into Udf.addFunction | MALICIOUS_CODE | EI_EXPOSE_REP2 | 44 | Medium |
com.jsql.model.accessible.vendor.oracle.ModelYamlOracle
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.jsql.model.accessible.vendor.oracle.ModelYamlOracle.getUdf() may expose internal representation by returning ModelYamlOracle.udf | MALICIOUS_CODE | EI_EXPOSE_REP | 11 | Medium |
| com.jsql.model.accessible.vendor.oracle.ModelYamlOracle.setUdf(Udf) may expose internal representation by storing an externally mutable object into ModelYamlOracle.udf | MALICIOUS_CODE | EI_EXPOSE_REP2 | 15 | Medium |
com.jsql.model.accessible.vendor.postgres.File
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.jsql.model.accessible.vendor.postgres.File.getRead() may expose internal representation by returning File.read | MALICIOUS_CODE | EI_EXPOSE_REP | 11 | Medium |
| com.jsql.model.accessible.vendor.postgres.File.getWrite() may expose internal representation by returning File.write | MALICIOUS_CODE | EI_EXPOSE_REP | 19 | Medium |
| com.jsql.model.accessible.vendor.postgres.File.setRead(Read) may expose internal representation by storing an externally mutable object into File.read | MALICIOUS_CODE | EI_EXPOSE_REP2 | 15 | Medium |
| com.jsql.model.accessible.vendor.postgres.File.setWrite(Write) may expose internal representation by storing an externally mutable object into File.write | MALICIOUS_CODE | EI_EXPOSE_REP2 | 23 | Medium |
com.jsql.model.accessible.vendor.postgres.ModelYamlPostgres
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.jsql.model.accessible.vendor.postgres.ModelYamlPostgres.getFile() may expose internal representation by returning ModelYamlPostgres.file | MALICIOUS_CODE | EI_EXPOSE_REP | 20 | Medium |
| com.jsql.model.accessible.vendor.postgres.ModelYamlPostgres.getUdf() may expose internal representation by returning ModelYamlPostgres.udf | MALICIOUS_CODE | EI_EXPOSE_REP | 12 | Medium |
| com.jsql.model.accessible.vendor.postgres.ModelYamlPostgres.setFile(File) may expose internal representation by storing an externally mutable object into ModelYamlPostgres.file | MALICIOUS_CODE | EI_EXPOSE_REP2 | 24 | Medium |
| com.jsql.model.accessible.vendor.postgres.ModelYamlPostgres.setUdf(Udf) may expose internal representation by storing an externally mutable object into ModelYamlPostgres.udf | MALICIOUS_CODE | EI_EXPOSE_REP2 | 16 | Medium |
com.jsql.model.accessible.vendor.postgres.Read
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.jsql.model.accessible.vendor.postgres.Read.getLargeObject() may expose internal representation by returning Read.largeObject | MALICIOUS_CODE | EI_EXPOSE_REP | 22 | Medium |
| com.jsql.model.accessible.vendor.postgres.Read.setLargeObject(LargeObject) may expose internal representation by storing an externally mutable object into Read.largeObject | MALICIOUS_CODE | EI_EXPOSE_REP2 | 26 | Medium |
com.jsql.model.accessible.vendor.postgres.Sql
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.jsql.model.accessible.vendor.postgres.Sql.getConfirm() may expose internal representation by returning Sql.confirm | MALICIOUS_CODE | EI_EXPOSE_REP | 34 | Medium |
| com.jsql.model.accessible.vendor.postgres.Sql.setConfirm(Confirm) may expose internal representation by storing an externally mutable object into Sql.confirm | MALICIOUS_CODE | EI_EXPOSE_REP2 | 38 | Medium |
com.jsql.model.accessible.vendor.postgres.Udf
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.jsql.model.accessible.vendor.postgres.Udf.getArchive() may expose internal representation by returning Udf.archive | MALICIOUS_CODE | EI_EXPOSE_REP | 80 | Medium |
| com.jsql.model.accessible.vendor.postgres.Udf.getExtension() may expose internal representation by returning Udf.extension | MALICIOUS_CODE | EI_EXPOSE_REP | 24 | Medium |
| com.jsql.model.accessible.vendor.postgres.Udf.getLibrary() may expose internal representation by returning Udf.library | MALICIOUS_CODE | EI_EXPOSE_REP | 120 | Medium |
| com.jsql.model.accessible.vendor.postgres.Udf.getProgram() may expose internal representation by returning Udf.program | MALICIOUS_CODE | EI_EXPOSE_REP | 88 | Medium |
| com.jsql.model.accessible.vendor.postgres.Udf.getSql() may expose internal representation by returning Udf.sql | MALICIOUS_CODE | EI_EXPOSE_REP | 64 | Medium |
| com.jsql.model.accessible.vendor.postgres.Udf.setArchive(Archive) may expose internal representation by storing an externally mutable object into Udf.archive | MALICIOUS_CODE | EI_EXPOSE_REP2 | 84 | Medium |
| com.jsql.model.accessible.vendor.postgres.Udf.setExtension(Extension) may expose internal representation by storing an externally mutable object into Udf.extension | MALICIOUS_CODE | EI_EXPOSE_REP2 | 28 | Medium |
| com.jsql.model.accessible.vendor.postgres.Udf.setLibrary(Library) may expose internal representation by storing an externally mutable object into Udf.library | MALICIOUS_CODE | EI_EXPOSE_REP2 | 124 | Medium |
| com.jsql.model.accessible.vendor.postgres.Udf.setProgram(Program) may expose internal representation by storing an externally mutable object into Udf.program | MALICIOUS_CODE | EI_EXPOSE_REP2 | 92 | Medium |
| com.jsql.model.accessible.vendor.postgres.Udf.setSql(Sql) may expose internal representation by storing an externally mutable object into Udf.sql | MALICIOUS_CODE | EI_EXPOSE_REP2 | 68 | Medium |
com.jsql.model.accessible.vendor.postgres.Write
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.jsql.model.accessible.vendor.postgres.Write.getLargeObject() may expose internal representation by returning Write.largeObject | MALICIOUS_CODE | EI_EXPOSE_REP | 11 | Medium |
| com.jsql.model.accessible.vendor.postgres.Write.getTempTable() may expose internal representation by returning Write.tempTable | MALICIOUS_CODE | EI_EXPOSE_REP | 19 | Medium |
| com.jsql.model.accessible.vendor.postgres.Write.setLargeObject(LargeObject) may expose internal representation by storing an externally mutable object into Write.largeObject | MALICIOUS_CODE | EI_EXPOSE_REP2 | 15 | Medium |
| com.jsql.model.accessible.vendor.postgres.Write.setTempTable(TempTable) may expose internal representation by storing an externally mutable object into Write.tempTable | MALICIOUS_CODE | EI_EXPOSE_REP2 | 23 | Medium |
com.jsql.model.accessible.vendor.sqlite.ModelYamlSqlite
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.jsql.model.accessible.vendor.sqlite.ModelYamlSqlite.getExtension() may expose internal representation by returning ModelYamlSqlite.extension | MALICIOUS_CODE | EI_EXPOSE_REP | 31 | Medium |
| com.jsql.model.accessible.vendor.sqlite.ModelYamlSqlite.setExtension(Extension) may expose internal representation by storing an externally mutable object into ModelYamlSqlite.extension | MALICIOUS_CODE | EI_EXPOSE_REP2 | 35 | Medium |
com.jsql.model.bean.database.Column
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.jsql.model.bean.database.Column.getParent() may expose internal representation by returning Column.parentTable | MALICIOUS_CODE | EI_EXPOSE_REP | 38 | Medium |
| new com.jsql.model.bean.database.Column(String, Table) may expose internal representation by storing an externally mutable object into Column.parentTable | MALICIOUS_CODE | EI_EXPOSE_REP2 | 29 | Medium |
com.jsql.model.bean.database.Table
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.jsql.model.bean.database.Table.getParent() may expose internal representation by returning Table.parentDatabase | MALICIOUS_CODE | EI_EXPOSE_REP | 46 | Medium |
| new com.jsql.model.bean.database.Table(String, String, Database) may expose internal representation by storing an externally mutable object into Table.parentDatabase | MALICIOUS_CODE | EI_EXPOSE_REP2 | 40 | Medium |
com.jsql.model.bean.util.HttpHeader
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.jsql.model.bean.util.HttpHeader.getHeader() may expose internal representation by returning HttpHeader.header | MALICIOUS_CODE | EI_EXPOSE_REP | 70 | Medium |
| com.jsql.model.bean.util.HttpHeader.getResponse() may expose internal representation by returning HttpHeader.response | MALICIOUS_CODE | EI_EXPOSE_REP | 74 | Medium |
| new com.jsql.model.bean.util.HttpHeader(String, String, Map, Map, String) may expose internal representation by storing an externally mutable object into HttpHeader.header | MALICIOUS_CODE | EI_EXPOSE_REP2 | 48 | Medium |
| new com.jsql.model.bean.util.HttpHeader(String, String, Map, Map, String) may expose internal representation by storing an externally mutable object into HttpHeader.response | MALICIOUS_CODE | EI_EXPOSE_REP2 | 49 | Medium |
com.jsql.model.bean.util.Request
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.jsql.model.bean.util.Request.getParameters() may expose internal representation by returning Request.parameters | MALICIOUS_CODE | EI_EXPOSE_REP | 37 | Medium |
com.jsql.model.injection.method.MediatorMethod
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.jsql.model.injection.method.MediatorMethod.getMethods() may expose internal representation by returning MediatorMethod.methods | MALICIOUS_CODE | EI_EXPOSE_REP | 92 | Medium |
com.jsql.model.injection.strategy.MediatorStrategy
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.jsql.model.injection.strategy.MediatorStrategy.getBlindBin() may expose internal representation by returning MediatorStrategy.blindBin | MALICIOUS_CODE | EI_EXPOSE_REP | 233 | Medium |
| com.jsql.model.injection.strategy.MediatorStrategy.getBlindBit() may expose internal representation by returning MediatorStrategy.blindBit | MALICIOUS_CODE | EI_EXPOSE_REP | 229 | Medium |
| com.jsql.model.injection.strategy.MediatorStrategy.getError() may expose internal representation by returning MediatorStrategy.error | MALICIOUS_CODE | EI_EXPOSE_REP | 225 | Medium |
| com.jsql.model.injection.strategy.MediatorStrategy.getMultibit() may expose internal representation by returning MediatorStrategy.multibit | MALICIOUS_CODE | EI_EXPOSE_REP | 237 | Medium |
| com.jsql.model.injection.strategy.MediatorStrategy.getSpecificUnion() may expose internal representation by returning MediatorStrategy.union | MALICIOUS_CODE | EI_EXPOSE_REP | 221 | Medium |
| com.jsql.model.injection.strategy.MediatorStrategy.getStack() may expose internal representation by returning MediatorStrategy.stack | MALICIOUS_CODE | EI_EXPOSE_REP | 245 | Medium |
| com.jsql.model.injection.strategy.MediatorStrategy.getStrategies() may expose internal representation by returning MediatorStrategy.strategies | MALICIOUS_CODE | EI_EXPOSE_REP | 249 | Medium |
| com.jsql.model.injection.strategy.MediatorStrategy.getStrategy() may expose internal representation by returning MediatorStrategy.strategy | MALICIOUS_CODE | EI_EXPOSE_REP | 253 | Medium |
| com.jsql.model.injection.strategy.MediatorStrategy.getTime() may expose internal representation by returning MediatorStrategy.time | MALICIOUS_CODE | EI_EXPOSE_REP | 241 | Medium |
| com.jsql.model.injection.strategy.MediatorStrategy.getUnion() may expose internal representation by returning MediatorStrategy.union | MALICIOUS_CODE | EI_EXPOSE_REP | 217 | Medium |
| new com.jsql.model.injection.strategy.MediatorStrategy(InjectionModel) may expose internal representation by storing an externally mutable object into MediatorStrategy.injectionModel | MALICIOUS_CODE | EI_EXPOSE_REP2 | 41 | Medium |
| com.jsql.model.injection.strategy.MediatorStrategy.setStrategy(AbstractStrategy) may expose internal representation by storing an externally mutable object into MediatorStrategy.strategy | MALICIOUS_CODE | EI_EXPOSE_REP2 | 257 | Medium |
com.jsql.model.injection.strategy.blind.InjectionBlindBin
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class com.jsql.model.injection.strategy.blind.InjectionBlindBin at new com.jsql.model.injection.strategy.blind.InjectionBlindBin(InjectionModel, AbstractInjectionBit$BlindOperator) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 102 | Medium |
| com.jsql.model.injection.strategy.blind.InjectionBlindBin.getFalseDiffs() may expose internal representation by returning InjectionBlindBin.falseDiffs | MALICIOUS_CODE | EI_EXPOSE_REP | 269 | Medium |
| com.jsql.model.injection.strategy.blind.InjectionBlindBin.getTrueDiffs() may expose internal representation by returning InjectionBlindBin.trueDiffs | MALICIOUS_CODE | EI_EXPOSE_REP | 273 | Medium |
com.jsql.model.injection.strategy.blind.InjectionBlindBit
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class com.jsql.model.injection.strategy.blind.InjectionBlindBit at new com.jsql.model.injection.strategy.blind.InjectionBlindBit(InjectionModel, AbstractInjectionBit$BlindOperator) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 96 | Medium |
| com.jsql.model.injection.strategy.blind.InjectionBlindBit.getFalseDiffs() may expose internal representation by returning InjectionBlindBit.falseDiffs | MALICIOUS_CODE | EI_EXPOSE_REP | 185 | Medium |
| com.jsql.model.injection.strategy.blind.InjectionBlindBit.getTrueDiffs() may expose internal representation by returning InjectionBlindBit.trueDiffs | MALICIOUS_CODE | EI_EXPOSE_REP | 189 | Medium |
com.jsql.model.injection.strategy.blind.InjectionCharInsertion
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class com.jsql.model.injection.strategy.blind.InjectionCharInsertion at new com.jsql.model.injection.strategy.blind.InjectionCharInsertion(InjectionModel, String, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 115 | Medium |
| com.jsql.model.injection.strategy.blind.InjectionCharInsertion.getConstantTrueMark() may expose internal representation by returning InjectionCharInsertion.constantTrueMark | MALICIOUS_CODE | EI_EXPOSE_REP | 198 | Medium |
| new com.jsql.model.injection.strategy.blind.InjectionCharInsertion(InjectionModel, String, String) may expose internal representation by storing an externally mutable object into InjectionCharInsertion.injectionModel | MALICIOUS_CODE | EI_EXPOSE_REP2 | 54 | Medium |
com.jsql.model.injection.strategy.blind.InjectionMultibit
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.jsql.model.injection.strategy.blind.InjectionMultibit.getDiffsById() may expose internal representation by returning InjectionMultibit.diffsById | MALICIOUS_CODE | EI_EXPOSE_REP | 177 | Medium |
| com.jsql.model.injection.strategy.blind.InjectionMultibit.getDiffsCommonWithAllIds() may expose internal representation by returning InjectionMultibit.diffsCommonWithAllIds | MALICIOUS_CODE | EI_EXPOSE_REP | 173 | Medium |
com.jsql.model.injection.strategy.blind.InjectionTime
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class com.jsql.model.injection.strategy.blind.InjectionTime at new com.jsql.model.injection.strategy.blind.InjectionTime(InjectionModel, AbstractInjectionBit$BlindOperator) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 81 | Medium |
com.jsql.model.injection.strategy.blind.InjectionVendor
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class com.jsql.model.injection.strategy.blind.InjectionVendor at new com.jsql.model.injection.strategy.blind.InjectionVendor(InjectionModel, String, Vendor) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 90 | Medium |
| com.jsql.model.injection.strategy.blind.InjectionVendor.getConstantTrueMark() may expose internal representation by returning InjectionVendor.constantTrueMark | MALICIOUS_CODE | EI_EXPOSE_REP | 163 | Medium |
| new com.jsql.model.injection.strategy.blind.InjectionVendor(InjectionModel, String, Vendor) may expose internal representation by storing an externally mutable object into InjectionVendor.injectionModel | MALICIOUS_CODE | EI_EXPOSE_REP2 | 36 | Medium |
com.jsql.model.injection.strategy.blind.callable.CallableBlindBin
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.jsql.model.injection.strategy.blind.callable.CallableBlindBin.getDiffsWithReference() may expose internal representation by returning CallableBlindBin.diffsWithReference | MALICIOUS_CODE | EI_EXPOSE_REP | 106 | Medium |
| new com.jsql.model.injection.strategy.blind.callable.CallableBlindBin(String, InjectionModel, InjectionBlindBin, AbstractInjectionBit$BlindOperator, int, int, int, String) may expose internal representation by storing an externally mutable object into CallableBlindBin.injectionBlind | MALICIOUS_CODE | EI_EXPOSE_REP2 | 45 | Medium |
com.jsql.model.injection.strategy.blind.callable.CallableBlindBit
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.jsql.model.injection.strategy.blind.callable.CallableBlindBit.getDiffsWithReference() may expose internal representation by returning CallableBlindBit.diffsWithReference | MALICIOUS_CODE | EI_EXPOSE_REP | 94 | Medium |
| new com.jsql.model.injection.strategy.blind.callable.CallableBlindBit(String, InjectionModel, InjectionBlindBit, AbstractInjectionBit$BlindOperator, String) may expose internal representation by storing an externally mutable object into CallableBlindBit.injectionModel | MALICIOUS_CODE | EI_EXPOSE_REP2 | 31 | Medium |
com.jsql.model.injection.strategy.blind.callable.CallableCharInsertion
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.jsql.model.injection.strategy.blind.callable.CallableCharInsertion.getOpcodes() may expose internal representation by returning CallableCharInsertion.opcodes | MALICIOUS_CODE | EI_EXPOSE_REP | 73 | Medium |
com.jsql.model.injection.strategy.blind.callable.CallableMultibit
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.jsql.model.injection.strategy.blind.callable.CallableMultibit.getDiffsWithReference() may expose internal representation by returning CallableMultibit.diffsWithReference | MALICIOUS_CODE | EI_EXPOSE_REP | 71 | Medium |
com.jsql.model.injection.strategy.blind.callable.CallableTime
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| new com.jsql.model.injection.strategy.blind.callable.CallableTime(String, InjectionModel, InjectionTime, AbstractInjectionBit$BlindOperator, String) may expose internal representation by storing an externally mutable object into CallableTime.injectionModel | MALICIOUS_CODE | EI_EXPOSE_REP2 | 46 | Medium |
com.jsql.model.injection.strategy.blind.callable.CallableVendor
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.jsql.model.injection.strategy.blind.callable.CallableVendor.getOpcodes() may expose internal representation by returning CallableVendor.opcodes | MALICIOUS_CODE | EI_EXPOSE_REP | 51 | Medium |
com.jsql.model.injection.vendor.MediatorVendor
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.jsql.model.injection.vendor.MediatorVendor.getVendors() may expose internal representation by returning MediatorVendor.vendors | MALICIOUS_CODE | EI_EXPOSE_REP | 301 | Medium |
| com.jsql.model.injection.vendor.MediatorVendor.getVendorsForFingerprint() may expose internal representation by returning MediatorVendor.vendorsForFingerprint | MALICIOUS_CODE | EI_EXPOSE_REP | 305 | Medium |
| new com.jsql.model.injection.vendor.MediatorVendor(InjectionModel) may expose internal representation by storing an externally mutable object into MediatorVendor.injectionModel | MALICIOUS_CODE | EI_EXPOSE_REP2 | 71 | Medium |
com.jsql.model.injection.vendor.model.VendorYaml
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.jsql.model.injection.vendor.model.VendorYaml.getModelYaml() may expose internal representation by returning VendorYaml.modelYaml | MALICIOUS_CODE | EI_EXPOSE_REP | 594 | Medium |
| new com.jsql.model.injection.vendor.model.VendorYaml(String, InjectionModel) may expose internal representation by storing an externally mutable object into VendorYaml.injectionModel | MALICIOUS_CODE | EI_EXPOSE_REP2 | 104 | Medium |
com.jsql.model.injection.vendor.model.yaml.Binary
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.jsql.model.injection.vendor.model.yaml.Binary.getTest() may expose internal representation by returning Binary.test | MALICIOUS_CODE | EI_EXPOSE_REP | 19 | Medium |
| com.jsql.model.injection.vendor.model.yaml.Binary.setTest(Test) may expose internal representation by storing an externally mutable object into Binary.test | MALICIOUS_CODE | EI_EXPOSE_REP2 | 23 | Medium |
com.jsql.model.injection.vendor.model.yaml.Configuration
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.jsql.model.injection.vendor.model.yaml.Configuration.getFingerprint() may expose internal representation by returning Configuration.fingerprint | MALICIOUS_CODE | EI_EXPOSE_REP | 67 | Medium |
| com.jsql.model.injection.vendor.model.yaml.Configuration.setFingerprint(Fingerprint) may expose internal representation by storing an externally mutable object into Configuration.fingerprint | MALICIOUS_CODE | EI_EXPOSE_REP2 | 71 | Medium |
com.jsql.model.injection.vendor.model.yaml.Error
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.jsql.model.injection.vendor.model.yaml.Error.getMethod() may expose internal representation by returning Error.method | MALICIOUS_CODE | EI_EXPOSE_REP | 13 | Medium |
| com.jsql.model.injection.vendor.model.yaml.Error.setMethod(List) may expose internal representation by storing an externally mutable object into Error.method | MALICIOUS_CODE | EI_EXPOSE_REP2 | 17 | Medium |
com.jsql.model.injection.vendor.model.yaml.Fingerprint
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.jsql.model.injection.vendor.model.yaml.Fingerprint.getErrorMessage() may expose internal representation by returning Fingerprint.errorMessage | MALICIOUS_CODE | EI_EXPOSE_REP | 19 | Medium |
| com.jsql.model.injection.vendor.model.yaml.Fingerprint.setErrorMessage(List) may expose internal representation by storing an externally mutable object into Fingerprint.errorMessage | MALICIOUS_CODE | EI_EXPOSE_REP2 | 23 | Medium |
com.jsql.model.injection.vendor.model.yaml.ModelYaml
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.jsql.model.injection.vendor.model.yaml.ModelYaml.getResource() may expose internal representation by returning ModelYaml.resource | MALICIOUS_CODE | EI_EXPOSE_REP | 23 | Medium |
| com.jsql.model.injection.vendor.model.yaml.ModelYaml.getStrategy() may expose internal representation by returning ModelYaml.strategy | MALICIOUS_CODE | EI_EXPOSE_REP | 31 | Medium |
| com.jsql.model.injection.vendor.model.yaml.ModelYaml.setResource(Resource) may expose internal representation by storing an externally mutable object into ModelYaml.resource | MALICIOUS_CODE | EI_EXPOSE_REP2 | 27 | Medium |
| com.jsql.model.injection.vendor.model.yaml.ModelYaml.setStrategy(Strategy) may expose internal representation by storing an externally mutable object into ModelYaml.strategy | MALICIOUS_CODE | EI_EXPOSE_REP2 | 35 | Medium |
com.jsql.model.injection.vendor.model.yaml.Resource
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.jsql.model.injection.vendor.model.yaml.Resource.getDios() may expose internal representation by returning Resource.dios | MALICIOUS_CODE | EI_EXPOSE_REP | 41 | Medium |
| com.jsql.model.injection.vendor.model.yaml.Resource.getSchema() may expose internal representation by returning Resource.schema | MALICIOUS_CODE | EI_EXPOSE_REP | 25 | Medium |
| com.jsql.model.injection.vendor.model.yaml.Resource.getZip() may expose internal representation by returning Resource.zip | MALICIOUS_CODE | EI_EXPOSE_REP | 33 | Medium |
| com.jsql.model.injection.vendor.model.yaml.Resource.setDios(Schema) may expose internal representation by storing an externally mutable object into Resource.dios | MALICIOUS_CODE | EI_EXPOSE_REP2 | 45 | Medium |
| com.jsql.model.injection.vendor.model.yaml.Resource.setSchema(Schema) may expose internal representation by storing an externally mutable object into Resource.schema | MALICIOUS_CODE | EI_EXPOSE_REP2 | 29 | Medium |
| com.jsql.model.injection.vendor.model.yaml.Resource.setZip(Schema) may expose internal representation by storing an externally mutable object into Resource.zip | MALICIOUS_CODE | EI_EXPOSE_REP2 | 37 | Medium |
com.jsql.model.injection.vendor.model.yaml.Row
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.jsql.model.injection.vendor.model.yaml.Row.getFields() may expose internal representation by returning Row.fields | MALICIOUS_CODE | EI_EXPOSE_REP | 22 | Medium |
| com.jsql.model.injection.vendor.model.yaml.Row.setFields(Fields) may expose internal representation by storing an externally mutable object into Row.fields | MALICIOUS_CODE | EI_EXPOSE_REP2 | 26 | Medium |
com.jsql.model.injection.vendor.model.yaml.Schema
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.jsql.model.injection.vendor.model.yaml.Schema.getRow() may expose internal representation by returning Schema.row | MALICIOUS_CODE | EI_EXPOSE_REP | 40 | Medium |
| com.jsql.model.injection.vendor.model.yaml.Schema.setRow(Row) may expose internal representation by storing an externally mutable object into Schema.row | MALICIOUS_CODE | EI_EXPOSE_REP2 | 44 | Medium |
com.jsql.model.injection.vendor.model.yaml.Strategy
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.jsql.model.injection.vendor.model.yaml.Strategy.getBinary() may expose internal representation by returning Strategy.binary | MALICIOUS_CODE | EI_EXPOSE_REP | 33 | Medium |
| com.jsql.model.injection.vendor.model.yaml.Strategy.getConfiguration() may expose internal representation by returning Strategy.configuration | MALICIOUS_CODE | EI_EXPOSE_REP | 17 | Medium |
| com.jsql.model.injection.vendor.model.yaml.Strategy.getError() may expose internal representation by returning Strategy.error | MALICIOUS_CODE | EI_EXPOSE_REP | 41 | Medium |
| com.jsql.model.injection.vendor.model.yaml.Strategy.getUnion() may expose internal representation by returning Strategy.union | MALICIOUS_CODE | EI_EXPOSE_REP | 25 | Medium |
| com.jsql.model.injection.vendor.model.yaml.Strategy.setBinary(Binary) may expose internal representation by storing an externally mutable object into Strategy.binary | MALICIOUS_CODE | EI_EXPOSE_REP2 | 37 | Medium |
| com.jsql.model.injection.vendor.model.yaml.Strategy.setConfiguration(Configuration) may expose internal representation by storing an externally mutable object into Strategy.configuration | MALICIOUS_CODE | EI_EXPOSE_REP2 | 21 | Medium |
| com.jsql.model.injection.vendor.model.yaml.Strategy.setError(Error) may expose internal representation by storing an externally mutable object into Strategy.error | MALICIOUS_CODE | EI_EXPOSE_REP2 | 45 | Medium |
| com.jsql.model.injection.vendor.model.yaml.Strategy.setUnion(Union) may expose internal representation by storing an externally mutable object into Strategy.union | MALICIOUS_CODE | EI_EXPOSE_REP2 | 29 | Medium |
com.jsql.model.injection.vendor.model.yaml.Test
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.jsql.model.injection.vendor.model.yaml.Test.getFalsyBin() may expose internal representation by returning Test.falsyBin | MALICIOUS_CODE | EI_EXPOSE_REP | 63 | Medium |
| com.jsql.model.injection.vendor.model.yaml.Test.getFalsyBit() may expose internal representation by returning Test.falsyBit | MALICIOUS_CODE | EI_EXPOSE_REP | 79 | Medium |
| com.jsql.model.injection.vendor.model.yaml.Test.getTruthyBin() may expose internal representation by returning Test.truthyBin | MALICIOUS_CODE | EI_EXPOSE_REP | 55 | Medium |
| com.jsql.model.injection.vendor.model.yaml.Test.getTruthyBit() may expose internal representation by returning Test.truthyBit | MALICIOUS_CODE | EI_EXPOSE_REP | 71 | Medium |
| com.jsql.model.injection.vendor.model.yaml.Test.setFalsyBin(List) may expose internal representation by storing an externally mutable object into Test.falsyBin | MALICIOUS_CODE | EI_EXPOSE_REP2 | 67 | Medium |
| com.jsql.model.injection.vendor.model.yaml.Test.setFalsyBit(List) may expose internal representation by storing an externally mutable object into Test.falsyBit | MALICIOUS_CODE | EI_EXPOSE_REP2 | 83 | Medium |
| com.jsql.model.injection.vendor.model.yaml.Test.setTruthyBin(List) may expose internal representation by storing an externally mutable object into Test.truthyBin | MALICIOUS_CODE | EI_EXPOSE_REP2 | 59 | Medium |
| com.jsql.model.injection.vendor.model.yaml.Test.setTruthyBit(List) may expose internal representation by storing an externally mutable object into Test.truthyBit | MALICIOUS_CODE | EI_EXPOSE_REP2 | 75 | Medium |
com.jsql.model.suspendable.AbstractSuspendable
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Shared primitive variable "isPaused" in one thread may not yield the value of the most recent write from another thread | MT_CORRECTNESS | AT_STALE_THREAD_WRITE_OF_PRIMITIVE | 68 | Medium |
| Shared primitive variable "isPaused" in one thread may not yield the value of the most recent write from another thread | MT_CORRECTNESS | AT_STALE_THREAD_WRITE_OF_PRIMITIVE | 75 | Medium |
| Inconsistent synchronization of com.jsql.model.suspendable.AbstractSuspendable.isStopped; locked 50% of time | MT_CORRECTNESS | IS2_INCONSISTENT_SYNC | 61 | Medium |
| Naked notify in com.jsql.model.suspendable.AbstractSuspendable.resume() | MT_CORRECTNESS | NN_NAKED_NOTIFY | 91 | Medium |
com.jsql.model.suspendable.callable.CallablePageSource
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| new com.jsql.model.suspendable.callable.CallablePageSource(String, InjectionModel, String, int) may expose internal representation by storing an externally mutable object into CallablePageSource.injectionModel | MALICIOUS_CODE | EI_EXPOSE_REP2 | 41 | Medium |
com.jsql.util.ConnectionUtil
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.jsql.util.ConnectionUtil.getCookieManager() may expose internal representation by returning ConnectionUtil.cookieManager | MALICIOUS_CODE | EI_EXPOSE_REP | 316 | Medium |
| new com.jsql.util.ConnectionUtil(InjectionModel) may expose internal representation by storing an externally mutable object into ConnectionUtil.injectionModel | MALICIOUS_CODE | EI_EXPOSE_REP2 | 52 | Medium |
com.jsql.util.CookiesUtil
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| new com.jsql.util.CookiesUtil(InjectionModel) may expose internal representation by storing an externally mutable object into CookiesUtil.injectionModel | MALICIOUS_CODE | EI_EXPOSE_REP2 | 21 | Medium |
com.jsql.util.CsrfUtil
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.jsql.util.CsrfUtil.getTokenCsrf() may expose internal representation by returning CsrfUtil.tokenCsrf | MALICIOUS_CODE | EI_EXPOSE_REP | 214 | Medium |
| new com.jsql.util.CsrfUtil(InjectionModel) may expose internal representation by storing an externally mutable object into CsrfUtil.injectionModel | MALICIOUS_CODE | EI_EXPOSE_REP2 | 27 | Medium |
| com.jsql.util.CsrfUtil.setTokenCsrf(AbstractMap$SimpleEntry) may expose internal representation by storing an externally mutable object into CsrfUtil.tokenCsrf | MALICIOUS_CODE | EI_EXPOSE_REP2 | 218 | Medium |
com.jsql.util.DigestUtil
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| new com.jsql.util.DigestUtil(InjectionModel) may expose internal representation by storing an externally mutable object into DigestUtil.injectionModel | MALICIOUS_CODE | EI_EXPOSE_REP2 | 28 | Medium |
com.jsql.util.ExceptionUtil
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| new com.jsql.util.ExceptionUtil(InjectionModel) may expose internal representation by storing an externally mutable object into ExceptionUtil.injectionModel | MALICIOUS_CODE | EI_EXPOSE_REP2 | 31 | Medium |
com.jsql.util.ExceptionUtil$ExceptionHandler
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| new com.jsql.util.ExceptionUtil$ExceptionHandler(ExceptionUtil) may expose internal representation by storing an externally mutable object into ExceptionUtil$ExceptionHandler.this$0 | MALICIOUS_CODE | EI_EXPOSE_REP2 | 38 | Medium |
com.jsql.util.FormUtil
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| new com.jsql.util.FormUtil(InjectionModel) may expose internal representation by storing an externally mutable object into FormUtil.injectionModel | MALICIOUS_CODE | EI_EXPOSE_REP2 | 24 | Medium |
com.jsql.util.GitUtil
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.jsql.util.GitUtil.callService() may expose internal representation by returning GitUtil.jsonObject | MALICIOUS_CODE | EI_EXPOSE_REP | 224 | Medium |
| new com.jsql.util.GitUtil(InjectionModel) may expose internal representation by storing an externally mutable object into GitUtil.injectionModel | MALICIOUS_CODE | EI_EXPOSE_REP2 | 47 | Medium |
com.jsql.util.HeaderUtil
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| new com.jsql.util.HeaderUtil(InjectionModel) may expose internal representation by storing an externally mutable object into HeaderUtil.injectionModel | MALICIOUS_CODE | EI_EXPOSE_REP2 | 40 | Medium |
com.jsql.util.JsonUtil
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| new com.jsql.util.JsonUtil(InjectionModel) may expose internal representation by storing an externally mutable object into JsonUtil.injectionModel | MALICIOUS_CODE | EI_EXPOSE_REP2 | 26 | Medium |
com.jsql.util.MultipartUtil
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| new com.jsql.util.MultipartUtil(InjectionModel) may expose internal representation by storing an externally mutable object into MultipartUtil.injectionModel | MALICIOUS_CODE | EI_EXPOSE_REP2 | 19 | Medium |
com.jsql.util.ParameterUtil
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.jsql.util.ParameterUtil.getListHeader() may expose internal representation by returning ParameterUtil.listHeader | MALICIOUS_CODE | EI_EXPOSE_REP | 401 | Medium |
| com.jsql.util.ParameterUtil.getListQueryString() may expose internal representation by returning ParameterUtil.listQueryString | MALICIOUS_CODE | EI_EXPOSE_REP | 405 | Medium |
| com.jsql.util.ParameterUtil.getListRequest() may expose internal representation by returning ParameterUtil.listRequest | MALICIOUS_CODE | EI_EXPOSE_REP | 397 | Medium |
| new com.jsql.util.ParameterUtil(InjectionModel) may expose internal representation by storing an externally mutable object into ParameterUtil.injectionModel | MALICIOUS_CODE | EI_EXPOSE_REP2 | 53 | Medium |
com.jsql.util.PreferencesUtil
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class com.jsql.util.PreferencesUtil at new com.jsql.util.PreferencesUtil() will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 119 | Medium |
| com.jsql.util.PreferencesUtil.getCommandsReverse() may expose internal representation by returning PreferencesUtil.commandsReverse | MALICIOUS_CODE | EI_EXPOSE_REP | 549 | Medium |
com.jsql.util.SoapUtil
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| new com.jsql.util.SoapUtil(InjectionModel) may expose internal representation by storing an externally mutable object into SoapUtil.injectionModel | MALICIOUS_CODE | EI_EXPOSE_REP2 | 32 | Medium |
| Exception is caught when Exception is not thrown in com.jsql.util.SoapUtil.testParameters(boolean) | STYLE | REC_CATCH_EXCEPTION | 50 | Medium |
com.jsql.util.StringUtil
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Found reliance on default encoding in com.jsql.util.StringUtil.compress(String): String.getBytes() | I18N | DM_DEFAULT_ENCODING | 269 | High |
| Found reliance on default encoding in com.jsql.util.StringUtil.toBase64Zip(String): new String(byte[]) | I18N | DM_DEFAULT_ENCODING | 209 | High |
| Check for oddness that won't work for negative numbers in com.jsql.util.StringUtil.decodeHexString(String) | STYLE | IM_BAD_CHECK_FOR_ODD | 312 | Medium |
com.jsql.util.ThreadUtil
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| new com.jsql.util.ThreadUtil(InjectionModel) may expose internal representation by storing an externally mutable object into ThreadUtil.injectionModel | MALICIOUS_CODE | EI_EXPOSE_REP2 | 47 | Medium |
com.jsql.util.bruter.Bruter
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Shared primitive variable "found" in one thread may not yield the value of the most recent write from another thread | MT_CORRECTNESS | AT_STALE_THREAD_WRITE_OF_PRIMITIVE | 135 | Medium |
| Shared primitive variable "done" in one thread may not yield the value of the most recent write from another thread | MT_CORRECTNESS | AT_STALE_THREAD_WRITE_OF_PRIMITIVE | 143 | Medium |
| Shared primitive variable "maxLength" in one thread may not yield the value of the most recent write from another thread | MT_CORRECTNESS | AT_STALE_THREAD_WRITE_OF_PRIMITIVE | 123 | Medium |
| Shared primitive variable "minLength" in one thread may not yield the value of the most recent write from another thread | MT_CORRECTNESS | AT_STALE_THREAD_WRITE_OF_PRIMITIVE | 127 | Medium |
| Inconsistent synchronization of com.jsql.util.bruter.Bruter.endtime; locked 50% of time | MT_CORRECTNESS | IS2_INCONSISTENT_SYNC | 112 | Medium |
com.jsql.util.bruter.DigestMD4
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unsigned right shift cast to short/byte in com.jsql.util.bruter.DigestMD4.engineDigest() | STYLE | ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT | 212 | Medium |
com.jsql.util.tampering.TamperingType
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.jsql.util.tampering.TamperingType.instance() may expose internal representation by returning TamperingType.instanceModelYaml | MALICIOUS_CODE | EI_EXPOSE_REP | 35 | Medium |