greprules.io
Sign inSubmit rule
IndexedVerified

JVM Security

Java, Kotlin, and Scala SAST rules aggregated across verified providers.

Fetch pack

greprules pack fetch jvm-security --engine opengrep
curl https://api.greprules.io/api/packs/jvm-security.tar.gz -o jvm-security.tar.gz
Total rules
283
Downloads
0
Last updated
2026-06-05
Languages
javakotlinscala

Included rules

CVE-2024-31464: Xwiki Missing Xclassreference Diffcve-2024-31464-xwiki-missing-xclassreference-diffCVE-2024-4536: Edc Insecure Oauth2 Sink Decoratorcve-2024-4536-edc-insecure-oauth2-sink-decoratorCVE-2025-1686: Pebble Cve 2025 1686 Lficve-2025-1686-pebble-cve-2025-1686-lfiCVE-2025-28401: Shiro Missing Csrf Protectioncve-2025-28401-shiro-missing-csrf-protectionCVE-2025-58056: Netty Permissive Http Chunk Lf Smugglingcve-2025-58056-netty-permissive-http-chunk-lf-smugglingCVE-2025-61601: Bigbluebutton Unvalidated Poll Answers Doscve-2025-61601-bigbluebutton-unvalidated-poll-answers-dosCVE-2025-66453: Rhino Dtoa Doscve-2025-66453-rhino-dtoa-dosCVE-2025-67721: Zero Match Offset Decompression Leakcve-2025-67721-zero-match-offset-decompression-leakCVE-2025-70986: Shiro Missing Csrf Protectioncve-2025-70986-shiro-missing-csrf-protectionCVE-2025-9624: Opensearch Hunspell Path Traversalcve-2025-9624-opensearch-hunspell-path-traversalCVE-2026-21452: Unbounded Array Allocation From Method Parametercve-2026-21452-unbounded-array-allocation-from-method-parameterCVE-2026-29062: Jackson Core Context Depth Bypasscve-2026-29062-jackson-core-context-depth-bypassCVE-2026-37982: Keycloak Reusable Action Tokencve-2026-37982-keycloak-reusable-action-tokenCVE-2026-40490: Asynchttpclient Cross Domain Credential Leakcve-2026-40490-asynchttpclient-cross-domain-credential-leakCVE-2026-43975: Java Torealpath Broad Catch Traversal Bypasscve-2026-43975-java-torealpath-broad-catch-traversal-bypassCVE-2026-44596: Missing Rate Limiting Auth Endpointcve-2026-44596-missing-rate-limiting-auth-endpointCVE-2024-1597: Pgjdbc Simple Parameter Bare Numeric Inlinecve-2024-1597-pgjdbc-simple-parameter-bare-numeric-inlineCVE-2024-28109: Insecure Transformerfactory Configurationcve-2024-28109-insecure-transformerfactory-configurationCVE-2024-32030: Insecure Commons Collections Gadgetscve-2024-32030-insecure-commons-collections-gadgetsCVE-2024-32888: Jdbc Parameter Inline Bare Numeric ToStringcve-2024-32888-jdbc-parameter-inline-bare-numeric-tostringCVE-2024-38369: Xwiki Include Macro Author Rights Comparisoncve-2024-38369-xwiki-include-macro-author-rights-comparisonCVE-2024-40642: Netty Bhttp Unvalidated Request Headcve-2024-40642-netty-bhttp-unvalidated-request-headCVE-2024-47880: User Controlled Content Type Headercve-2024-47880-user-controlled-content-type-headerCVE-2024-47881: Jdbc Uri Ssp Parameter Injectioncve-2024-47881-jdbc-uri-ssp-parameter-injectionCVE-2024-48336: Android Unsafe Create Package Contextcve-2024-48336-android-unsafe-create-package-contextCVE-2024-52807: Java Xxe Documentbuilderfactorycve-2024-52807-java-xxe-documentbuilderfactoryCVE-2024-56799: Missing Auth Once Guard On Per Route Before Filtercve-2024-56799-missing-auth-once-guard-on-per-route-before-filterCVE-2024-57155: Spring Handler Interceptor Auth Bypass Returns True On Null Usercve-2024-57155-spring-handler-interceptor-auth-bypass-returns-true-on-null-userCVE-2025-25940: Java Xmldecoder Insecure Deserializationcve-2025-25940-java-xmldecoder-insecure-deserializationCVE-2025-26074: Nashorn Engine Without No Java Flagcve-2025-26074-nashorn-engine-without-no-java-flagCVE-2025-28056: Java Sql Injection In Clause Unescaped Split Joincve-2025-28056-java-sql-injection-in-clause-unescaped-split-joinCVE-2025-31487: Insecure Jdom2 Saxbuildercve-2025-31487-insecure-jdom2-saxbuilderCVE-2025-32966: Dataease Jdbc Url Missing Security Policycve-2025-32966-dataease-jdbc-url-missing-security-policyCVE-2025-32969: Xwiki Hql Unsafe Shortform Bypasscve-2025-32969-xwiki-hql-unsafe-shortform-bypassCVE-2025-46566: Java Case Sensitive Url Decode Blacklist Bypasscve-2025-46566-java-case-sensitive-url-decode-blacklist-bypassCVE-2025-49002: Dataease H2 Jdbc Url Blocklist Contains Bypasscve-2025-49002-dataease-h2-jdbc-url-blocklist-contains-bypassCVE-2025-53004: Java Jdbc Url Denylist Case Sensitive Bypasscve-2025-53004-java-jdbc-url-denylist-case-sensitive-bypassCVE-2025-53005: Jdbc Url Denylist Contains Bypasscve-2025-53005-jdbc-url-denylist-contains-bypassCVE-2025-53006: Jdbc Url Substring Blocklist Validationcve-2025-53006-jdbc-url-substring-blocklist-validationCVE-2025-57266: Thrivex Assistant Handler No Token Requiredcve-2025-57266-thrivex-assistant-handler-no-token-requiredCVE-2025-57772: Dataease Jdbc Url Scheme Not Validatedcve-2025-57772-dataease-jdbc-url-scheme-not-validatedCVE-2025-58045: Dataease Jdbc Illegalparameters Blocklist Missing Jndi Ldapcve-2025-58045-dataease-jdbc-illegalparameters-blocklist-missing-jndi-ldapCVE-2025-58748: Dataease Jdbc Url Scheme Not Validatedcve-2025-58748-dataease-jdbc-url-scheme-not-validatedCVE-2025-59954: Jxpath Context Without Empty Function Librarycve-2025-59954-jxpath-context-without-empty-function-libraryCVE-2025-64164: Lombok Data Field Name Shadows Gettercve-2025-64164-lombok-data-field-name-shadows-getterCVE-2025-66913: Jimureport Switchjimudrag Boolean Session Attributecve-2025-66913-jimureport-switchjimudrag-boolean-session-attributeCVE-2025-70952: Path Traversal String Startswith Bypasscve-2025-70952-path-traversal-string-startswith-bypassCVE-2026-27830: Custom Deserialization Wrapper Cwe502cve-2026-27830-custom-deserialization-wrapper-cwe502CVE-2026-29642: Xiangshan Dte Sdt Isolation Bypasscve-2026-29642-xiangshan-dte-sdt-isolation-bypassCVE-2026-32604: Java Git Shell Command Injection Via Concatenationcve-2026-32604-java-git-shell-command-injection-via-concatenationCVE-2026-32613: Java Spel Standard Evaluation Context Rcecve-2026-32613-java-spel-standard-evaluation-context-rceCVE-2026-33082: Java Sql Where Clause String Concat Injectioncve-2026-33082-java-sql-where-clause-string-concat-injectionCVE-2026-33083: Dataease Order Direction Sql Injectioncve-2026-33083-dataease-order-direction-sql-injectionCVE-2026-33084: Dataease Order By Direction Sql Injectioncve-2026-33084-dataease-order-by-direction-sql-injectionCVE-2026-33121: Dataease Engine Provider Table Name Sql Injectioncve-2026-33121-dataease-engine-provider-table-name-sql-injectionCVE-2026-33122: Dataease Engine Provider Ddl Identifier Injectioncve-2026-33122-dataease-engine-provider-ddl-identifier-injectionCVE-2026-33166: Improper Html Assignment Unsanitizedcve-2026-33166-improper-html-assignment-unsanitizedCVE-2026-33180: Hapifhir Validationengine Global Security Bypasscve-2026-33180-hapifhir-validationengine-global-security-bypassCVE-2026-33306: Java Int Shift Loop Boundcve-2026-33306-java-int-shift-loop-boundCVE-2026-33439: Openam Application Object Input Stream Unsafe Deserializationcve-2026-33439-openam-application-object-input-stream-unsafe-deserializationCVE-2026-33524: Unchecked Stream Array Allocationcve-2026-33524-unchecked-stream-array-allocationCVE-2026-33701: Java Objectinput Readobject Without Filtercve-2026-33701-java-objectinput-readobject-without-filterCVE-2026-34478: Log4j Rfc5424 Key Escapingcve-2026-34478-log4j-rfc5424-key-escapingCVE-2026-35194: Flink Raw Format Unbounded Recordscve-2026-35194-flink-raw-format-unbounded-recordsCVE-2026-3960: Cve 2026 3960 Incomplete Jdbc Denylist Missing Postgresql Paramscve-2026-3960-cve-2026-3960-incomplete-jdbc-denylist-missing-postgresql-paramsCVE-2026-40477: Thymeleaf Ssti Incomplete Expression Recognizercve-2026-40477-thymeleaf-ssti-incomplete-expression-recognizerCVE-2026-40899: Lombok Data Class List Field Missing Jsonignorecve-2026-40899-lombok-data-class-list-field-missing-jsonignoreCVE-2026-41705: Filter Expression String Injection Via String Formatcve-2026-41705-filter-expression-string-injection-via-string-formatCVE-2026-41901: Thymeleaf Cve 2026 41901 Typename Firstchar Shortcutcve-2026-41901-thymeleaf-cve-2026-41901-typename-firstchar-shortcutCVE-2026-42198: Scram Client Unbounded Pbkdf2cve-2026-42198-scram-client-unbounded-pbkdf2CVE-2026-42809: Polaris Iceberg Location Gate Missing Metadata Keycve-2026-42809-polaris-iceberg-location-gate-missing-metadata-keyCVE-2026-44714: Bytebuffer Deserializer Throws Ioexceptioncve-2026-44714-bytebuffer-deserializer-throws-ioexceptionCVE-2026-44900: Jws Payload Without Signature Verificationcve-2026-44900-jws-payload-without-signature-verificationCVE-2026-45575: Insecure Hostnameverifier Chain Iterationcve-2026-45575-insecure-hostnameverifier-chain-iterationCVE-2026-45799: Kotlin Protobuf Missing Negative Length Checkcve-2026-45799-kotlin-protobuf-missing-negative-length-checkCVE-2026-7507: Fail Open Validation Null Check Bypasscve-2026-7507-fail-open-validation-null-check-bypassCVE-2026-8178: Missing Format Validation In Url Host Buildercve-2026-8178-missing-format-validation-in-url-host-builderCVE-2026-8738: Publiccms Trade Payment Idor Missing Session Usercve-2026-8738-publiccms-trade-payment-idor-missing-session-userCookie CookieInsecuregitlab-sast-java-cookie-rule-cookieinsecureCookie HttpResponseSplittinggitlab-sast-java-cookie-rule-httpresponsesplittingCookie RequestParamToHeadergitlab-sast-java-cookie-rule-requestparamtoheaderCors PermissiveCORSInjectiongitlab-sast-java-cors-rule-permissivecorsinjectionCrypto BlowfishKeySizegitlab-sast-java-crypto-rule-blowfishkeysizeCrypto CipherDESedeInsecuregitlab-sast-java-crypto-rule-cipherdesedeinsecureCrypto CipherDESInsecuregitlab-sast-java-crypto-rule-cipherdesinsecureCrypto CipherECBModegitlab-sast-java-crypto-rule-cipherecbmodeCrypto CipherIntegritygitlab-sast-java-crypto-rule-cipherintegrityCrypto CipherPaddingOraclegitlab-sast-java-crypto-rule-cipherpaddingoracleCrypto CustomMessageDigestgitlab-sast-java-crypto-rule-custommessagedigestCrypto HazelcastSymmetricEncryptiongitlab-sast-java-crypto-rule-hazelcastsymmetricencryptionCrypto InsufficientKeySizeRsagitlab-sast-java-crypto-rule-insufficientkeysizersaCrypto NullCiphergitlab-sast-java-crypto-rule-nullcipherCrypto RsaNoPaddinggitlab-sast-java-crypto-rule-rsanopaddingCrypto WeakMessageDigestgitlab-sast-java-crypto-rule-weakmessagedigestCrypto WeakTLSProtocolDefaultHttpClientgitlab-sast-java-crypto-rule-weaktlsprotocoldefaulthttpclientCrypto WeakTLSProtocolSSLContextgitlab-sast-java-crypto-rule-weaktlsprotocolsslcontextCrypto WeakTLSProtocolVersiongitlab-sast-java-crypto-rule-weaktlsprotocolversionEndpoint HostnameVerifiergitlab-sast-java-endpoint-rule-hostnameverifierEndpoint UnvalidatedRedirectgitlab-sast-java-endpoint-rule-unvalidatedredirectEndpoint X509TrustManagergitlab-sast-java-endpoint-rule-x509trustmanagerFile FilenameUtilsgitlab-sast-java-file-rule-filenameutilsFile FileUploadFileNamegitlab-sast-java-file-rule-fileuploadfilenameInject CommandInjectiongitlab-sast-java-inject-rule-commandinjectionInject ELInjectiongitlab-sast-java-inject-rule-elinjectionInject FileDisclosureRequestDispatchergitlab-sast-java-inject-rule-filedisclosurerequestdispatcherInject FileDisclosureSpringFrameworkgitlab-sast-java-inject-rule-filedisclosurespringframeworkInject HttpParameterPollutiongitlab-sast-java-inject-rule-httpparameterpollutionInject LDAPInjectiongitlab-sast-java-inject-rule-ldapinjectionInject OgnlInjectiongitlab-sast-java-inject-rule-ognlinjectionInject SpotbugsPathTraversalAbsolutegitlab-sast-java-inject-rule-spotbugspathtraversalabsoluteLdap AnonymousLDAPgitlab-sast-java-ldap-rule-anonymousldapPassword ConstantDBPasswordgitlab-sast-java-password-rule-constantdbpasswordPassword EmptyDBPasswordgitlab-sast-java-password-rule-emptydbpasswordPassword HardcodePasswordgitlab-sast-java-password-rule-hardcodepasswordPerm DangerousPermissionsgitlab-sast-java-perm-rule-dangerouspermissionsPerm OverlyPermissiveFilePermissionInlinegitlab-sast-java-perm-rule-overlypermissivefilepermissioninlineScript ScriptInjectiongitlab-sast-java-script-rule-scriptinjectionScript SpringSpelExpressionParsergitlab-sast-java-script-rule-springspelexpressionparserSmtp InsecureSmtpgitlab-sast-java-smtp-rule-insecuresmtpSmtp SmtpClientgitlab-sast-java-smtp-rule-smtpclientSsrf SSRFgitlab-sast-java-ssrf-rule-ssrfStrings BadHexConversiongitlab-sast-java-strings-rule-badhexconversionStrings FormatStringManipulationgitlab-sast-java-strings-rule-formatstringmanipulationStrings ModifyAfterValidationgitlab-sast-java-strings-rule-modifyaftervalidationStrings NormalizeAfterValidationgitlab-sast-java-strings-rule-normalizeaftervalidationTemplateinjection TemplateInjectiongitlab-sast-java-templateinjection-rule-templateinjectionUnsafe ExternalConfigControlgitlab-sast-java-unsafe-rule-externalconfigcontrolXml SAMLIgnoreCommentsgitlab-sast-java-xml-rule-samlignorecommentsXml XmlDecodergitlab-sast-java-xml-rule-xmldecoderXml XsltTransformgitlab-sast-java-xml-rule-xslttransformXss WicketXSSgitlab-sast-java-xss-rule-wicketxssXss XSSReqParamToServletWritergitlab-sast-java-xss-rule-xssreqparamtoservletwriterXxe XMLRdrgitlab-sast-java-xxe-rule-xmlrdrUnsafe InformationExposureVariant2gitlab-sast-rules-gitlab-scala-unsafe-rule-informationexposurevariant2Webview Ignore Ssl Certificate Errorsgitlab-sast-rules-lgpl-java-webview-rule-ignore-ssl-certificate-errorsWebview Webview Debugginggitlab-sast-rules-lgpl-java-webview-rule-webview-debuggingWebview Webview External Storagegitlab-sast-rules-lgpl-java-webview-rule-webview-external-storageWebview Webview Set Allow File Accessgitlab-sast-rules-lgpl-java-webview-rule-webview-set-allow-file-accessCookie CookieHTTPOnlygitlab-sast-rules-lgpl-kotlin-cookie-rule-cookiehttponlyCookie CookieInsecuregitlab-sast-rules-lgpl-kotlin-cookie-rule-cookieinsecureCookie HttpResponseSplittinggitlab-sast-rules-lgpl-kotlin-cookie-rule-httpresponsesplittingCookie RequestParamToHeadergitlab-sast-rules-lgpl-kotlin-cookie-rule-requestparamtoheaderCors PermissiveCORSInjectiongitlab-sast-rules-lgpl-kotlin-cors-rule-permissivecorsinjectionCrypto BlowfishKeySizegitlab-sast-rules-lgpl-kotlin-crypto-rule-blowfishkeysizeCrypto CipherDESedeInsecuregitlab-sast-rules-lgpl-kotlin-crypto-rule-cipherdesedeinsecureCrypto CipherDESInsecuregitlab-sast-rules-lgpl-kotlin-crypto-rule-cipherdesinsecureCrypto CipherECBModegitlab-sast-rules-lgpl-kotlin-crypto-rule-cipherecbmodeCrypto CipherIntegritygitlab-sast-rules-lgpl-kotlin-crypto-rule-cipherintegrityCrypto CipherPaddingOraclegitlab-sast-rules-lgpl-kotlin-crypto-rule-cipherpaddingoracleCrypto CustomMessageDigestgitlab-sast-rules-lgpl-kotlin-crypto-rule-custommessagedigestCrypto HazelcastSymmetricEncryptiongitlab-sast-rules-lgpl-kotlin-crypto-rule-hazelcastsymmetricencryptionCrypto InsufficientKeySizeRsagitlab-sast-rules-lgpl-kotlin-crypto-rule-insufficientkeysizersaCrypto NullCiphergitlab-sast-rules-lgpl-kotlin-crypto-rule-nullcipherCrypto RsaNoPaddinggitlab-sast-rules-lgpl-kotlin-crypto-rule-rsanopaddingCrypto WeakMessageDigestgitlab-sast-rules-lgpl-kotlin-crypto-rule-weakmessagedigestCrypto WeakTLSProtocolgitlab-sast-rules-lgpl-kotlin-crypto-rule-weaktlsprotocolCrypto WeakTLSProtocolVersiongitlab-sast-rules-lgpl-kotlin-crypto-rule-weaktlsprotocolversionCsrf SpringCSRFDisabledgitlab-sast-rules-lgpl-kotlin-csrf-rule-springcsrfdisabledEndpoint UnvalidatedRedirectgitlab-sast-rules-lgpl-kotlin-endpoint-rule-unvalidatedredirectEndpoint WeakHostNameVerificationgitlab-sast-rules-lgpl-kotlin-endpoint-rule-weakhostnameverificationFile FilenameUtilsgitlab-sast-rules-lgpl-kotlin-file-rule-filenameutilsFile FileUploadFileNamegitlab-sast-rules-lgpl-kotlin-file-rule-fileuploadfilenameInject CommandInjectiongitlab-sast-rules-lgpl-kotlin-inject-rule-commandinjectionInject ELInjectiongitlab-sast-rules-lgpl-kotlin-inject-rule-elinjectionInject FileDisclosuregitlab-sast-rules-lgpl-kotlin-inject-rule-filedisclosureInject HttpParameterPollutiongitlab-sast-rules-lgpl-kotlin-inject-rule-httpparameterpollutionInject LDAPInjectiongitlab-sast-rules-lgpl-kotlin-inject-rule-ldapinjectionInject OgnlInjectiongitlab-sast-rules-lgpl-kotlin-inject-rule-ognlinjectionInject SpotbugsPathTraversalAbsolutegitlab-sast-rules-lgpl-kotlin-inject-rule-spotbugspathtraversalabsoluteInject SqlInjectiongitlab-sast-rules-lgpl-kotlin-inject-rule-sqlinjectionLdap AnonymousLDAPgitlab-sast-rules-lgpl-kotlin-ldap-rule-anonymousldapPassword ConstantDBPasswordgitlab-sast-rules-lgpl-kotlin-password-rule-constantdbpasswordPassword EmptyDBPasswordgitlab-sast-rules-lgpl-kotlin-password-rule-emptydbpasswordPassword HardcodePasswordgitlab-sast-rules-lgpl-kotlin-password-rule-hardcodepasswordPerm DangerousPermissionsgitlab-sast-rules-lgpl-kotlin-perm-rule-dangerouspermissionsPerm OverlyPermissiveFilePermissionInlinegitlab-sast-rules-lgpl-kotlin-perm-rule-overlypermissivefilepermissioninlineScript ScriptInjectiongitlab-sast-rules-lgpl-kotlin-script-rule-scriptinjectionSmtp InsecureSmtpgitlab-sast-rules-lgpl-kotlin-smtp-rule-insecuresmtpSmtp SmtpClientgitlab-sast-rules-lgpl-kotlin-smtp-rule-smtpclientSsrf SSRFgitlab-sast-rules-lgpl-kotlin-ssrf-rule-ssrfStrings BadHexConversiongitlab-sast-rules-lgpl-kotlin-strings-rule-badhexconversionStrings FormatStringManipulationgitlab-sast-rules-lgpl-kotlin-strings-rule-formatstringmanipulationStrings ModifyAfterValidationgitlab-sast-rules-lgpl-kotlin-strings-rule-modifyaftervalidationStrings NormalizeAfterValidationgitlab-sast-rules-lgpl-kotlin-strings-rule-normalizeaftervalidationTemplateinjection TemplateInjectiongitlab-sast-rules-lgpl-kotlin-templateinjection-rule-templateinjectionUnsafe ExternalConfigControlgitlab-sast-rules-lgpl-kotlin-unsafe-rule-externalconfigcontrolWebview Android Kotlin Webview Debuggitlab-sast-rules-lgpl-kotlin-webview-rule-android-kotlin-webview-debugXml SAMLIgnoreCommentsgitlab-sast-rules-lgpl-kotlin-xml-rule-samlignorecommentsXml XmlDecodergitlab-sast-rules-lgpl-kotlin-xml-rule-xmldecoderXml XsltTransformgitlab-sast-rules-lgpl-kotlin-xml-rule-xslttransformXpathi XpathInjectiongitlab-sast-rules-lgpl-kotlin-xpathi-rule-xpathinjectionXss WicketXSSgitlab-sast-rules-lgpl-kotlin-xss-rule-wicketxssXss XSSReqParamToServletWritergitlab-sast-rules-lgpl-kotlin-xss-rule-xssreqparamtoservletwriterXxe SaxParserXXEgitlab-sast-rules-lgpl-kotlin-xxe-rule-saxparserxxeXxe XMLRdrgitlab-sast-rules-lgpl-kotlin-xxe-rule-xmlrdrXxe XMLStreamRdrgitlab-sast-rules-lgpl-kotlin-xxe-rule-xmlstreamrdrCookie CookieHTTPOnlygitlab-sast-scala-cookie-rule-cookiehttponlyCookie CookieInsecuregitlab-sast-scala-cookie-rule-cookieinsecureCookie CookiePersistentgitlab-sast-scala-cookie-rule-cookiepersistentCookie CookieUsagegitlab-sast-scala-cookie-rule-cookieusageCookie HttpResponseSplittinggitlab-sast-scala-cookie-rule-httpresponsesplittingCookie RequestParamToCookiegitlab-sast-scala-cookie-rule-requestparamtocookieCookie RequestParamToHeadergitlab-sast-scala-cookie-rule-requestparamtoheaderCookie TrustBoundaryViolationgitlab-sast-scala-cookie-rule-trustboundaryviolationCors PermissiveCORSgitlab-sast-scala-cors-rule-permissivecorsCors PermissiveCORSInjectiongitlab-sast-scala-cors-rule-permissivecorsinjectionCrypto BlowfishKeySizegitlab-sast-scala-crypto-rule-blowfishkeysizeCrypto CipherDESedeInsecuregitlab-sast-scala-crypto-rule-cipherdesedeinsecureCrypto CipherDESInsecuregitlab-sast-scala-crypto-rule-cipherdesinsecureCrypto CipherECBModegitlab-sast-scala-crypto-rule-cipherecbmodeCrypto CipherIntegritygitlab-sast-scala-crypto-rule-cipherintegrityCrypto CipherPaddingOraclegitlab-sast-scala-crypto-rule-cipherpaddingoracleCrypto CustomMessageDigestgitlab-sast-scala-crypto-rule-custommessagedigestCrypto DefaultHTTPClientgitlab-sast-scala-crypto-rule-defaulthttpclientCrypto HazelcastSymmetricEncryptiongitlab-sast-scala-crypto-rule-hazelcastsymmetricencryptionCrypto InsufficientKeySizeRsagitlab-sast-scala-crypto-rule-insufficientkeysizersaCrypto NullCiphergitlab-sast-scala-crypto-rule-nullcipherCrypto RsaNoPaddinggitlab-sast-scala-crypto-rule-rsanopaddingCrypto WeakMessageDigestgitlab-sast-scala-crypto-rule-weakmessagedigestCrypto WeakTLSProtocolgitlab-sast-scala-crypto-rule-weaktlsprotocolEndpoint JaxRsEndpointgitlab-sast-scala-endpoint-rule-jaxrsendpointEndpoint JaxWsEndpointgitlab-sast-scala-endpoint-rule-jaxwsendpointEndpoint UnencryptedSocketgitlab-sast-scala-endpoint-rule-unencryptedsocketEndpoint UnvalidatedRedirectgitlab-sast-scala-endpoint-rule-unvalidatedredirectEndpoint WeakHostNameVerificationgitlab-sast-scala-endpoint-rule-weakhostnameverificationFile FilenameUtilsgitlab-sast-scala-file-rule-filenameutilsFile FileUploadFileNamegitlab-sast-scala-file-rule-fileuploadfilenameForm FormValidategitlab-sast-scala-form-rule-formvalidateInject AWSQueryInjectiongitlab-sast-scala-inject-rule-awsqueryinjectionInject BeanPropertyInjectiongitlab-sast-scala-inject-rule-beanpropertyinjectionInject CLRFInjectionLogsgitlab-sast-scala-inject-rule-clrfinjectionlogsInject CommandInjectiongitlab-sast-scala-inject-rule-commandinjectionInject CustomInjectiongitlab-sast-scala-inject-rule-custominjectionInject CustomInjectionSQLStringgitlab-sast-scala-inject-rule-custominjectionsqlstringInject ELInjectiongitlab-sast-scala-inject-rule-elinjectionInject FileDisclosuregitlab-sast-scala-inject-rule-filedisclosureInject HttpParameterPollutiongitlab-sast-scala-inject-rule-httpparameterpollutionInject LDAPInjectiongitlab-sast-scala-inject-rule-ldapinjectionInject OgnlInjectiongitlab-sast-scala-inject-rule-ognlinjectionInject PathTraversalIngitlab-sast-scala-inject-rule-pathtraversalinInject PathTraversalOutgitlab-sast-scala-inject-rule-pathtraversaloutInject SpotbugsPathTraversalAbsolutegitlab-sast-scala-inject-rule-spotbugspathtraversalabsoluteInject SpotbugsPathTraversalRelativegitlab-sast-scala-inject-rule-spotbugspathtraversalrelativeInject SqlInjectiongitlab-sast-scala-inject-rule-sqlinjectionLdap AnonymousLDAPgitlab-sast-scala-ldap-rule-anonymousldapLdap EntryPoisoninggitlab-sast-scala-ldap-rule-entrypoisoningPassword ConstantDBPasswordgitlab-sast-scala-password-rule-constantdbpasswordPassword EmptyDBPasswordgitlab-sast-scala-password-rule-emptydbpasswordPassword HardcodePasswordgitlab-sast-scala-password-rule-hardcodepasswordPerm DangerousPermissionsgitlab-sast-scala-perm-rule-dangerouspermissionsPerm OverlyPermissiveFilePermissionInlinegitlab-sast-scala-perm-rule-overlypermissivefilepermissioninlinePerm OverlyPermissiveFilePermissionObjgitlab-sast-scala-perm-rule-overlypermissivefilepermissionobjScript ScriptInjectiongitlab-sast-scala-script-rule-scriptinjectionScript SpelViewgitlab-sast-scala-script-rule-spelviewSmtp InsecureSmtpgitlab-sast-scala-smtp-rule-insecuresmtpSmtp SmtpClientgitlab-sast-scala-smtp-rule-smtpclientSsrf PlaySSRFgitlab-sast-scala-ssrf-rule-playssrfSsrf SSRFgitlab-sast-scala-ssrf-rule-ssrfStrings BadHexConversiongitlab-sast-scala-strings-rule-badhexconversionStrings FormatStringManipulationgitlab-sast-scala-strings-rule-formatstringmanipulationStrings ImproperUnicodegitlab-sast-scala-strings-rule-improperunicodeStrings ModifyAfterValidationgitlab-sast-scala-strings-rule-modifyaftervalidationStrings NormalizeAfterValidationgitlab-sast-scala-strings-rule-normalizeaftervalidationTemplateinjection TemplateInjectiongitlab-sast-scala-templateinjection-rule-templateinjectionUnsafe ExternalConfigControlgitlab-sast-scala-unsafe-rule-externalconfigcontrolUnsafe InformationExposuregitlab-sast-scala-unsafe-rule-informationexposureUnsafe SensitiveDataExposuregitlab-sast-scala-unsafe-rule-sensitivedataexposureXml ApacheXmlRpcgitlab-sast-scala-xml-rule-apachexmlrpcXml SAMLIgnoreCommentsgitlab-sast-scala-xml-rule-samlignorecommentsXml XmlDecodergitlab-sast-scala-xml-rule-xmldecoderXml XsltTransformgitlab-sast-scala-xml-rule-xslttransformXpathi XpathInjectiongitlab-sast-scala-xpathi-rule-xpathinjectionXss MVCApigitlab-sast-scala-xss-rule-mvcapiXss RequestWrappergitlab-sast-scala-xss-rule-requestwrapperXss WicketXSSgitlab-sast-scala-xss-rule-wicketxssXss XSSReqParamToServletWritergitlab-sast-scala-xss-rule-xssreqparamtoservletwriterXss XSSServletgitlab-sast-scala-xss-rule-xssservletXxe Documentgitlab-sast-scala-xxe-rule-documentXxe SaxParserXXEgitlab-sast-scala-xxe-rule-saxparserxxeXxe Transgitlab-sast-scala-xxe-rule-transXxe XMLRdrgitlab-sast-scala-xxe-rule-xmlrdrXxe XMLStreamRdrgitlab-sast-scala-xxe-rule-xmlstreamrdrXxe XPathXXEgitlab-sast-scala-xxe-rule-xpathxxe