Java: 5 additional Injection Vulnerability detection rules (NoSQL, Thread Suspensions, Reflection, JSON, XML)

Alexandre_Gigleux · February 18, 2022, 2:03pm

Hello Java developers,

We happy to announce you can now detect 5 additional vulnerability types coming on top of the 18 existing injection vulnerability detection rules.

Here is the list of the 5 new rules:

S5147: NoSQL operations should not be vulnerable to injection attacks
S6390: Thread suspensions should not be vulnerable to Denial of Service attacks
S6173: Reflection should not be vulnerable to injection attacks
S6398: JSON operations should not be vulnerable to injection attacks
S6399: XML operations should not be vulnerable to injection attacks

These 5 new rules are available now on SonarCloud.io and will be part of SonarQube 9.4 Developer Edition.

Enjoy!
Alex

Eduard_Enriquez · May 11, 2023, 7:55am

Hello Alex,
We use Sonarqube Developer Edition 9.9.1 LTS and I can’t find the rule S6173
The rule java:S2658 is deprecated.
Info: “This rule is deprecated; use S6173 instead.”

Thanks for your help
Best regards,
Eduard

Topic		Replies	Views
Rule java:S2658 is deprecated but replacement rule java:S6173 not available in SonarQube 9.9.0.65466 Plugin Development java , sonarqube	5	1049	October 12, 2023
Can not find injection attacks rules for Java on SonarQube Community edition SonarQube Server / Community Build java , sonarqube , security , rules	1	1050	December 11, 2019
SonarCloud Community: Major updates on security rules for Python, C# and Java Sonar Updates csharp , python , sonarqube-cloud	1	1758	April 23, 2020
SonarQube security rules - Community, Developer, other editions SonarQube Server / Community Build security	5	4046	July 20, 2020
Java analysis detects more XXE vulnerabilities Sonar Updates java , security	0	1953	March 10, 2020

Java: 5 additional Injection Vulnerability detection rules (NoSQL, Thread Suspensions, Reflection, JSON, XML)

Related topics