Security - rules provided by FindBugs
Hardcoded constant database password
This code creates a database connect using a hardcoded, constant password. Anyone with access to either the source code or the compiled code can easily learn the password.
Empty database password
This code creates a database connect using a blank or empty password. This indicates that the database is not protected by a password.
HTTP cookie formed from untrusted input
This code constructs an HTTP Cookie using an untrusted HTTP parameter.
If this cookie is added to an HTTP response, it will allow a HTTP response splitting vulnerability.
(Most blatant, obvious cases of HTTP response splitting)
HTTP Response splitting vulnerability
This code directly writes an HTTP parameter to an HTTP header, which allows for a HTTP response splitting vulnerability.
(Most blatant, obvious cases of HTTP response splitting)
Absolute path traversal in servlet
The software uses an HTTP request parameter to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory.
(Most blatant, obvious cases of absolute path traversal)
Relative path traversal in servlet
The software uses an HTTP request parameter to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.
(Most blatant, obvious cases of relative path traversal)
Nonconstant string passed to execute method on an SQL statement
The method invokes the execute method on an SQL statement with a String that seems to be dynamically generated.
Consider using a prepared statement instead. It is more efficient and less vulnerable to SQL injection attacks.
A prepared statement is generated from a nonconstant String
The code creates an SQL prepared statement from a nonconstant String.
If unchecked, tainted data from a user is used in building this String, SQL injection could be used to make the prepared statement do something unexpected and undesirable.
JSP reflected cross site scripting vulnerability
This code directly writes an HTTP parameter to JSP output, which allows for a cross site scripting vulnerability.
(Most blatant, obvious cases of cross site scripting)
Servlet reflected cross site scripting vulnerability in error page
This code directly writes an HTTP parameter to a Server error page (using HttpServletResponse.sendError).
Echoing this untrusted input allows for a reflected cross site scripting vulnerability.
(Most blatant, obvious cases of cross site scripting)
Servlet reflected cross site scripting vulnerability
This code directly writes an HTTP parameter to Servlet output, which allows for a reflected cross site scripting vulnerability.
(Most blatant, obvious cases of cross site scripting)
Note
FindBugs looks only for the most blatant, obvious cases of :
- HTTP response splitting
- absolute path traversal
- relative path traversal
- cross site scripting
If FindBugs found any, you almost certainly have more vulnerabilities that FindBugs doesn't report.
If you are concerned about these topics, you should seriously consider using a commercial static analysis or pen-testing tool.
No comments:
Post a Comment
Note: only a member of this blog may post a comment.