I found rules java in https://rules.sonarsource.com/java/ has this rules
- Dynamic code execution should not be vulnerable to injection attacks
- HTTP request redirections should not be open to forging attacks
- Deserialization should not be vulnerable to injection attacks
- Endpoints should not be vulnerable to reflected cross-site scripting (XSS) attacks
- Database queries should not be vulnerable to injection attacks
- Regular expressions should not be vulnerable to Denial of Service attacks
- XPath expressions should not be vulnerable to injection attacks
But I can’t found in my sonarqube with plugin sonarJava 5.11.