The Java analyzer detects 9 additional security problems: JWT signature, predictable salt and more

Hello Java developers,

Our Java analyzer was upgraded to detect 9 additional security problems.

Security Vulnerability Detections:

  • S5445: Insecure temporary file creation methods should not be used
  • S2053: Hashes should include an unpredictable salt
  • S5659: JWT should be signed and verified with strong cipher algorithms

Security Hotspot Detections:

  • S5332: Using clear-text protocols is security-sensitive
  • S5443: Using publicly writable directories is security-sensitive
  • S5693: Allowing requests with excessive content length is security-sensitive
  • S5247: Disabling auto-escaping in template engines is security-sensitive
  • S4036: Searching OS commands in PATH is security-sensitive
  • S5689: Disclosing fingerprints from web application technologies is security-sensitive

This is available now on SonarCloud and will come with SonarQube 8.8.



A post was split to a new topic: Security Hotspots are re-opened