Skip to content

Sonar-Demos/java-security-demo

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
src
src
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
buildspec.yml
buildspec.yml
 
 
pom.xml
pom.xml
 
 
run.sh
run.sh
 
 
s3649JavaSqlInjectionConfig.json
s3649JavaSqlInjectionConfig.json
 
 

Repository files navigation

Demo - Java Security

Use case

This example demonstrates:

  • Vulnerabilities
  • Security Hotspots

It also demonstrates the possibility to define your own custom sources, sanitizers and sinks to detect more injection cases (or avoid false positives)

Usage

Run ./run.sh

This will:

  • Delete the project key training:java-security if it exists in SonarQube (to start from a scratch)
  • Run mvn clean verify sonar:sonar to re-create the project

Project consists of a single class (Insecure.java) with a number of Vulnerabilities and Security Hotspots.

Custom security configuration

At the bottom of the class you see a bunch of methods that demonstrate custom injections.

  • The method without sanitization (doSomething()) has an injection vulnerability
  • The method with custom sanitization (doSomethingSanitized()) has no vulnerability

The custom security configuration file is in the root directory here

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

7 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages

  • Java 89.5%
  • Shell 10.5%