Java: 5 additional Injection Vulnerability detection rules (NoSQL, Thread Suspensions, Reflection, JSON, XML)

Hello Java developers,

We happy to announce you can now detect 5 additional vulnerability types coming on top of the 18 existing injection vulnerability detection rules.

Here is the list of the 5 new rules:

  • S5147: NoSQL operations should not be vulnerable to injection attacks
  • S6390: Thread suspensions should not be vulnerable to Denial of Service attacks
  • S6173: Reflection should not be vulnerable to injection attacks
  • S6398: JSON operations should not be vulnerable to injection attacks
  • S6399: XML operations should not be vulnerable to injection attacks

These 5 new rules are available now on SonarCloud.io and will be part of SonarQube 9.4 Developer Edition.

Enjoy!
Alex

3 Likes