find-sec-bugs/find-sec-bugs issues and pull requests

#735 - Add support for JSR305 @Detainted / @Tainted / @Untainted in the taint analysis

Issue - State: open - Opened by gehel 6 months ago

#734 - Add support for jakarta

Pull Request - State: open - Opened by cheeghi 6 months ago

#733 - Update website with new version

Issue - State: open - Opened by ClaudioConsolmagno 6 months ago

#732 - keySECXXEVAL

Issue - State: open - Opened by hazendaz 7 months ago - 2 comments

#731 - Getting "Hard coded password found here" exception where (IMHO) it shouldn't

Issue - State: open - Opened by sliric 8 months ago

#730 - Missing artifact in release assets

Issue - State: open - Opened by haerter-tss 8 months ago - 1 comment

#729 - Upgrade the build to run on JDK 11

Pull Request - State: closed - Opened by gtoison 8 months ago

#728 - Added missing BugCode for SECXXEVAL abbrev

Pull Request - State: closed - Opened by gtoison 8 months ago - 4 comments

#727 - findsecbugs-plugin: missing bug code for keySECXXEVAL

Issue - State: closed - Opened by schloemer-bas 8 months ago - 1 comment

#726 - Release 1.13.0

Pull Request - State: closed - Opened by h3xstream 8 months ago

#725 - Upgrade SpotBugs to 4.8.3

Pull Request - State: closed - Opened by gtoison 9 months ago - 2 comments

#724 - Invalid class name exception for methods with generics

Issue - State: open - Opened by pavelorehov 9 months ago - 2 comments
Labels: bug

#723 - Java 21 Support

Issue - State: closed - Opened by Jeeppler 10 months ago - 6 comments
Labels: enhancement

#722 - Wrapper SQL sink method triggers SQL injection detection

Issue - State: open - Opened by jim-bentler 10 months ago - 4 comments
Labels: false-positive

#721 - Mark java.sql.Statement enquoteIdentifer, enquoteLiteral, and enquoteNCharLiteral SQL_INJECTION_SAFE

Issue - State: open - Opened by jim-bentler 10 months ago
Labels: false-positive, good first issue

#720 - Replace jwgmeligmeyling/spotbugs-github-action

Issue - State: open - Opened by h3xstream 10 months ago
Labels: internal

#719 - Inconsistency in HTTP_RESPONSE_SPLITTING Rule: Discrepancy in Violation Reporting with Nested Class

Issue - State: open - Opened by soyodream 11 months ago
Labels: false-negative

#718 - Inconsistency in SQL_INJECTION_JPA Rule: Discrepancy in Violation Reporting with Nested Class

Issue - State: open - Opened by soyodream 11 months ago
Labels: false-negative

#717 - Feasiblity of transferring this to spotbugs organization

Issue - State: open - Opened by hazendaz 11 months ago - 2 comments
Labels: question

#716 - Inconsistency in COMMAND_INJECTION Rule: Discrepancy in Violation Reporting with Nested Class

Issue - State: open - Opened by soyodream 11 months ago
Labels: false-negative

#715 - java.lang.AssertionError: Out of bounds mutables in static org.apache.druid.indexing.common.task.OverlordCoordinatingSegmentAllocator.lambda

Issue - State: open - Opened by azure247a about 1 year ago

#714 - SpotBugs Report Metrics result

Issue - State: closed - Opened by chihhung1016 about 1 year ago - 1 comment
Labels: question

#713 - Updates to handle string-building taint with invokedynamic concatenation in JDK > 8

Pull Request - State: closed - Opened by jbindel about 1 year ago - 1 comment

#712 - taint-config files java-lang.txt and scala.txt propagate taint from character types

Pull Request - State: closed - Opened by jbindel about 1 year ago

#711 - False Negative: String concatenation with char should not consider char to be SAFE

Issue - State: open - Opened by jbindel about 1 year ago - 1 comment

#710 - Add GCM-SIV to authenticated cipher mode list

Pull Request - State: closed - Opened by mzcu over 1 year ago

#709 - Mark sources of Possible JDBC injection as safe

Issue - State: open - Opened by apetrelli over 1 year ago - 12 comments
Labels: enhancement, good first issue

#708 - IMPROPER_UNICODE rule does not find `equalsIgnoreCase` usage when used as method reference

Issue - State: open - Opened by Vampire over 1 year ago

#707 - Fix IMPROPER_UNICODE rule description

Pull Request - State: closed - Opened by Vampire over 1 year ago

#706 - SpringEntityLeakDetector crashes with Map

Issue - State: open - Opened by nchandrashekar79 over 1 year ago - 1 comment
Labels: bug

#705 - SpringEntityLeakDetector crashes with Map

Issue - State: open - Opened by nchandrashekar79 over 1 year ago - 1 comment
Labels: bug

#704 - The current code doesn't support Jakarta namespace (ENTITY_LEAK and other checks don't work)

Issue - State: open - Opened by mrairjan over 1 year ago

#703 - java.lang.IllegalStateException

Issue - State: open - Opened by whistlexie over 1 year ago - 2 comments

#702 - ReDOS checker not agreeing with https://devina.io/redos-checker

Issue - State: open - Opened by ajohnson1 over 1 year ago

#701 - The following classes needed for analysis were missing

Issue - State: open - Opened by delanym over 1 year ago

#701 - The following classes needed for analysis were missing

Issue - State: open - Opened by delanym over 1 year ago

#701 - The following classes needed for analysis were missing

Issue - State: open - Opened by delanym over 1 year ago - 1 comment

#700 - Update messages.xml

Pull Request - State: closed - Opened by jasonparallel over 1 year ago

#700 - Update messages.xml

Pull Request - State: closed - Opened by jasonparallel over 1 year ago

#700 - Update messages.xml

Pull Request - State: closed - Opened by jasonparallel over 1 year ago

#699 - Fixing typo in docs

Pull Request - State: closed - Opened by kdowbecki over 1 year ago

#699 - Fixing typo in docs

Pull Request - State: closed - Opened by kdowbecki over 1 year ago

#699 - Fixing typo in docs

Pull Request - State: closed - Opened by kdowbecki over 1 year ago

#698 - Why scan results having multiple source-line tags for a bug instance?

Issue - State: open - Opened by Lingom-KSR over 1 year ago

#698 - Why scan results having multiple source-line tags for a bug instance?

Issue - State: open - Opened by Lingom-KSR over 1 year ago

#698 - Why scan results having multiple source-line tags for a bug instance?

Issue - State: open - Opened by Lingom-KSR over 1 year ago

#697 - FindSecBugs-cli crashes when trying to write SARIF output

Issue - State: open - Opened by northdpole over 1 year ago - 1 comment

#694 - how can i modify the severity

Issue - State: closed - Opened by TimerZz007 almost 2 years ago - 3 comments
Labels: question

#694 - how can i modify the severity

Issue - State: open - Opened by TimerZz007 almost 2 years ago - 2 comments
Labels: question

#694 - how can i modify the severity

Issue - State: open - Opened by TimerZz007 almost 2 years ago - 2 comments
Labels: question

#693 - missing bug code for keySECXXEVAL

Issue - State: open - Opened by skirge almost 2 years ago
Labels: bug

#693 - missing bug code for keySECXXEVAL

Issue - State: open - Opened by skirge almost 2 years ago - 2 comments
Labels: bug

#692 - Erroneous "`java.lang.ClassNotFoundException`: Exception while looking for class" errors

Issue - State: open - Opened by basil almost 2 years ago - 1 comment
Labels: bug

#692 - Erroneous "`java.lang.ClassNotFoundException`: Exception while looking for class" errors

Issue - State: open - Opened by basil almost 2 years ago
Labels: bug

#691 - Verbose source line locations report

Pull Request - State: closed - Opened by oxeye-gal almost 2 years ago - 1 comment

#691 - Verbose source line locations report

Pull Request - State: closed - Opened by oxeye-gal almost 2 years ago - 1 comment

#691 - Verbose source line locations report

Pull Request - State: closed - Opened by oxeye-gal almost 2 years ago - 1 comment

#690 - Adding workaround for JDK > 8 invokedynamic tainting

Pull Request - State: closed - Opened by oxeye-gal almost 2 years ago - 4 comments

#690 - Adding workaround for JDK > 8 invokedynamic tainting

Pull Request - State: open - Opened by oxeye-gal almost 2 years ago - 1 comment

#689 - How can I get the target class's jar file version?

Issue - State: closed - Opened by maxpaynebupt about 2 years ago - 2 comments
Labels: question

#688 - Add CWE Taxonomy to SARIF Report

Issue - State: open - Opened by Jeeppler about 2 years ago - 6 comments
Labels: enhancement

#687 - Path Traversal sink incorrect

Issue - State: open - Opened by jcopenhop about 2 years ago - 1 comment
Labels: false-positive

#686 - JstlExpressionWhiteLister now allows custom regular expressions

Pull Request - State: closed - Opened by jbindel about 2 years ago - 2 comments

#686 - JstlExpressionWhiteLister now allows custom regular expressions

Pull Request - State: closed - Opened by jbindel about 2 years ago - 2 comments

#685 - Exception during SpringEntityLeakDetector

Issue - State: open - Opened by nkavian about 2 years ago - 4 comments
Labels: bug

#685 - Exception during SpringEntityLeakDetector

Issue - State: open - Opened by nkavian about 2 years ago - 4 comments
Labels: bug

#684 - new pull

Pull Request - State: closed - Opened by jboylan2 about 2 years ago

#684 - new pull

Pull Request - State: closed - Opened by jboylan2 about 2 years ago

#684 - new pull

Pull Request - State: closed - Opened by jboylan2 about 2 years ago

#683 - fix: added "cash account" to the safe words, not a SHA password

Pull Request - State: closed - Opened by gtoison over 2 years ago