Inspectopedia 2024.3 Help

Security

'ClassLoader' instantiation   New in this release

Reports instantiations of the java.lang.ClassLoader class.

'public static' array field   New in this release

Reports public static array fields.

'public static' collection field   New in this release

Reports modifiable public static Collection fields.

Access of system properties   New in this release

Reports code that accesses system properties using one of the following methods: System.getProperties(), System.setProperty(), System.setProperties(), System.clearProperties() Integer.getInteger() Boolean.getBoolean() While accessing the system properties is not a security risk in itself, it is often found in malicious code.

Call to 'Connection.prepare*()' with non-constant string   New in this release

Reports calls to java.sql.Connection.prepareStatement(), java.sql.Connection.prepareCall(), or any of their variants which take a dynamically-constructed string as the statement to prepare.

Call to 'Runtime.exec()' with non-constant string   New in this release

Reports calls to java.lang.Runtime.exec() which take a dynamically-constructed string as the command to execute.

Call to 'Statement.execute()' with non-constant string   New in this release

Reports calls to java.sql.Statement.execute() or any of its variants which take a dynamically-constructed string as the query to execute.

Call to 'System.loadLibrary()' with non-constant string   New in this release

Reports calls to java.lang.System.loadLibrary(), java.lang.System.load(), java.lang.Runtime.loadLibrary() and java.lang.Runtime.load() which take a dynamically-constructed string as the name of the library.

Call to 'System.setSecurityManager()'   New in this release

Reports calls to System.setSecurityManager().

Cloneable class in secure context   New in this release

Reports classes which may be cloned.

Custom 'ClassLoader' is declared   New in this release

Reports user-defined subclasses of java.lang.ClassLoader.

Custom 'SecurityManager'   New in this release

Reports user-defined subclasses of java.lang.SecurityManager.

Design for extension   New in this release

Reports methods which are not static, private, final or abstract, and whose bodies are not empty.

Insecure random number generation   New in this release

Reports any uses of java.lang.Random or java.lang.Math.random().

Non-final 'clone()' in secure context   New in this release

Reports clone() methods without the final modifier.

Serializable non-static inner class without 'serialVersionUID'  

Reports classes that may be serialized or deserialized.

Last modified: 11 September 2024