Skip to content

SonarSource-Demos/demo-java-security

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

37 Commits
.github/workflows
.github/workflows
 
 
src
src
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
buildspec.yml
buildspec.yml
 
 
credentials.properties
credentials.properties
 
 
pom.xml
pom.xml
 
 
run.sh
run.sh
 
 
s3649JavaSqlInjectionConfig.json
s3649JavaSqlInjectionConfig.json
 
 

Repository files navigation

Demo - Java Security

Use case

This example demonstrates:

  • Vulnerabilities
  • Security Hotspots

It also demonstrates the possibility to define your own custom sources, sanitizers and sinks to detect more injection cases (or avoid false positives)

Usage

Run ./run.sh

This will:

  • Delete the project key training:java-security if it exists in SonarQube (to start from a scratch)
  • Run mvn clean verify sonar:sonar to re-create the project

Project consists of a single class (Insecure.java) with a number of Vulnerabilities and Security Hotspots.

Custom security configuration

At the bottom of the class you see a bunch of methods that demonstrate custom injections.

  • The method without sanitization (doSomething()) has an injection vulnerability
  • The method with custom sanitization (doSomethingSanitized()) has no vulnerability

The custom security configuration file is in the root directory here

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

1 watching

Forks

23 forks
Report repository

Releases

1 tags

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages