find-sec-bugs/find-sec-bugs

Issues

• missing bug code for keySECXXEVAL

  #693 opened 2 years ago by skirge
  2

• Add support for JSR305 @Detainted / @Tainted / @Untainted in the taint analysis

  #735 opened a month ago by gehel
  0

• keySECXXEVAL

  #732 opened 2 months ago by hazendaz
  2

• Update website with new version

  #733 opened a month ago by ClaudioConsolmagno
  0

• Erroneous "`java.lang.ClassNotFoundException`: Exception while looking for class" errors

  #692 opened 2 years ago by basil
  1

• The following classes needed for analysis were missing

  #701 opened a year ago by delanym
  1

• Missing artifact in release assets

  #730 opened 3 months ago by haerter-tss
  1

• Getting "Hard coded password found here" exception where (IMHO) it shouldn't

  #731 opened 3 months ago by sliric
  0

• findsecbugs-plugin: missing bug code for keySECXXEVAL

  #727 opened 3 months ago by schloemer-bas
  1

• Invalid class name exception for methods with generics

  #724 opened 4 months ago by pavelorehov
  2

• Wrapper SQL sink method triggers SQL injection detection

  #722 opened 5 months ago by jim-bentler
  4

• SpringEntityLeakDetector crashes with Map

  #706 opened a year ago by nchandrashekar79
  1

• SpringEntityLeakDetector crashes with Map

  #705 opened a year ago by nchandrashekar79
  1

• Feasiblity of transferring this to spotbugs organization

  #717 opened 6 months ago by hazendaz
  2

• Java 21 Support

  #723 opened 3 months ago by Jeeppler
  6

• Mark java.sql.Statement enquoteIdentifer, enquoteLiteral, and enquoteNCharLiteral SQL_INJECTION_SAFE

  #721 opened 5 months ago by jim-bentler
  0

• Inconsistency in HTTP_RESPONSE_SPLITTING Rule: Discrepancy in Violation Reporting with Nested Class

  #719 opened 6 months ago by soyodream
  0

• Inconsistency in COMMAND_INJECTION Rule: Discrepancy in Violation Reporting with Nested Class

  #716 opened 6 months ago by soyodream
  0

• Inconsistency in SQL_INJECTION_JPA Rule: Discrepancy in Violation Reporting with Nested Class

  #718 opened 6 months ago by soyodream
  0

• SpotBugs Report Metrics result

  #714 opened 3 months ago by chihhung1016
  1

• Replace jwgmeligmeyling/spotbugs-github-action

  #720 opened 5 months ago by h3xstream
  0

• SpringEntityLeakDetector incorrectly parses controller method signature

  #668 opened 2 years ago by scottsteen
  8

• FindSecBugs-cli crashes when trying to write SARIF output

  #697 opened a year ago by northdpole
  1

• Add CWE Taxonomy to SARIF Report

  #688 opened 2 years ago by Jeeppler
  6

• java.lang.AssertionError: Out of bounds mutables in static org.apache.druid.indexing.common.task.OverlordCoordinatingSegmentAllocator.lambda

  #715 opened 9 months ago by azure247a
  0

• Mark sources of Possible JDBC injection as safe

  #709 opened a year ago by apetrelli
  12

• False Negative: String concatenation with char should not consider char to be SAFE

  #711 opened 10 months ago by jbindel
  1

• java.lang.IllegalStateException

  #703 opened a year ago by whistlexie
  2

• IMPROPER_UNICODE rule does not find `equalsIgnoreCase` usage when used as method reference

  #708 opened a year ago by Vampire
  0

• The current code doesn't support Jakarta namespace (ENTITY_LEAK and other checks don't work)

  #704 opened a year ago by mrairjan
  0

• ReDOS checker not agreeing with https://devina.io/redos-checker

  #702 opened a year ago by ajohnson1
  0

• how can i modify the severity

  #694 opened a year ago by TimerZz007
  3

• SpringEntityLeakDetector crashes with array types

  #679 opened 2 years ago by gtoison
  2

• Why scan results having multiple source-line tags for a bug instance?

  #698 opened a year ago by Lingom-KSR
  0

• Exception during SpringEntityLeakDetector

  #685 opened 2 years ago by nkavian
  4

• How can I get the target class's jar file version?

  #689 opened a year ago by maxpaynebupt
  2

• Path Traversal sink incorrect

  #687 opened 2 years ago by jcopenhop
  1

• Next Release ETA - 1.12.0

  #677 opened 2 years ago by harry-clarke
  7

• Java 17 not working

  #678 opened 2 years ago by Jeeppler
  5

• Interprocedural Taint Analysis?

  #675 opened 2 years ago by baloghadamsoftware
  1

• dynamic JSP inclusion false positive

  #673 opened 2 years ago by miniupnp
  5

• Supports org.apache.commons.lang.SerializationUtils

  #676 opened 2 years ago by h3xstream
  0

• Excessive build output for TaintAnalysis and DataflowAnalysisException

  #666 opened 2 years ago by drgrog
  2

• SpotBugs 4.5.3 does not include a `compile` target as assumed by FSB

  #674 opened 2 years ago by TomMD
  0

• Tests fail with OpenJDK version newer than 12.x

  #656 opened 2 years ago by baloghadamsoftware
  2

• ConstantPasswordDetector: StringIndexOutOfBoundsException: String index out of range: -3

  #651 opened 3 years ago by nkavian
  2

• So it was cause by bytecode generated by Aspect Oriented Programming (something like AspectJ) ?

  #665 opened 2 years ago by j0ck66
  2

• Description glitch

  #661 opened 3 years ago by h3xstream
  1

• CWE/SANS Top 25

  #649 opened 3 years ago by HuaYangFu
  3

• False positive on OpenSAML DocumentBuilder

  #648 opened 3 years ago by ruud-de-jong
  1