Security

Use case

This example demonstrates:

Vulnerabilities
Security Hotspots

It also demonstrates the possibility to define your own custom sources, sanitizers and sinks to detect more injection cases (or avoid false positives)

Usage

Run ./run.sh

Project consists of a basic start of an app implementation with a number of Vulnerabilities and Security Hotspots.

Custom security configuration

There is a sample framework class with a bunch of methods that demonstrate custom injections.

The method without sanitization has an injection vulnerability
The method with custom sanitization has no vulnerability

The custom security configuration file is in the root directory. Thie script runCustom.sh will re-run analysis with the configuration in place so the vulnerability can be found.

Name		Name	Last commit message	Last commit date
Latest commit History 49 Commits
.settings		.settings
.vscode		.vscode
src/main/java/demo/security		src/main/java/demo/security
.classpath		.classpath
.gitignore		.gitignore
.gitlab-ci.yml		.gitlab-ci.yml
.project		.project
Jenkinsfile		Jenkinsfile
README.md		README.md
customSecurityConfig.json		customSecurityConfig.json
github.sh		github.sh
gitlab.sh		gitlab.sh
pom.xml		pom.xml
run.sh		run.sh
runCustom.sh		runCustom.sh

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Security

Use case

Usage

Custom security configuration

About

Releases

Packages

Languages

jeff-zapotoczny-sonarsource/my-java-app

Folders and files

Latest commit

History

Repository files navigation

Security

Use case

Usage

Custom security configuration

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages