Inspectopedia Help

Security

'ClassLoader' instantiation  

Reports instantiations of the java.lang.ClassLoader class.

'public static' array field  

Reports public static array fields.

'public static' collection field  

Reports modifiable public static Collection fields.

Access of system properties  

Reports code that accesses system properties using one of the following methods: System.getProperties(), System.setProperty(), System.setProperties(), System.clearProperties() Integer.getInteger() Boolean.getBoolean() While accessing the system properties is not a security risk in itself, it is often found in malicious code.

Call to 'Connection.prepare*()' with non-constant string  

Reports calls to java.sql.Connection.prepareStatement(), java.sql.Connection.prepareCall(), or any of their variants which take a dynamically-constructed string as the statement to prepare.

Call to 'Runtime.exec()' with non-constant string  

Reports calls to java.lang.Runtime.exec() which take a dynamically-constructed string as the command to execute.

Call to 'Statement.execute()' with non-constant string  

Reports calls to java.sql.Statement.execute() or any of its variants which take a dynamically-constructed string as the query to execute.

Call to 'System.loadLibrary()' with non-constant string  

Reports calls to java.lang.System.loadLibrary(), java.lang.System.load(), java.lang.Runtime.loadLibrary() and java.lang.Runtime.load() which take a dynamically-constructed string as the name of the library.

Call to 'System.setSecurityManager()'  

Reports calls to System.setSecurityManager().

Cloneable class in secure context  

Reports classes which may be cloned.

Custom 'ClassLoader' is declared  

Reports user-defined subclasses of java.lang.ClassLoader.

Custom 'SecurityManager'  

Reports user-defined subclasses of java.lang.SecurityManager.

Design for extension  

Reports methods which are not static, private, final or abstract, and whose bodies are not empty.

Insecure random number generation  

Reports any uses of java.lang.Random or java.lang.Math.random().

Non-final 'clone()' in secure context  

Reports clone() methods without the final modifier.

Serializable class in secure context  

Reports classes that may be serialized or deserialized.

Last modified: 18 June 2024
Use of 'DriverManager' to get JDBC connection'ClassLoader' instantiation