Merge pull request #23 from sip49/pixeebot/drip-2024-01-26-pixee-java… #6
Annotations
11 errors and 15 warnings
The method parameter name 'answer_pwd1' doesn't match '[a-z][a-zA-Z0-9]*':
src/main/java/org/owasp/webgoat/lessons/cryptography/HashingAssignment.java#L84
Configurable naming conventions for formal parameters of methods and lambdas.
This rule reports formal parameters which do not match the regex that applies to their
specific kind (e.g. lambda parameter, or final formal parameter). Each regex can be
configured through properties.
By default this rule uses the standard Java naming convention (Camel case).
FormalParameterNamingConventions (Priority: 1, Ruleset: Code Style)
https://pmd.github.io/pmd-6.40.0/pmd_rules_java_codestyle.html#formalparameternamingconventions
|
The method parameter name 'answer_pwd1' doesn't match '[a-z][a-zA-Z0-9]*':
src/main/java/org/owasp/webgoat/lessons/cryptography/XOREncodingAssignment.java#L39
Configurable naming conventions for formal parameters of methods and lambdas.
This rule reports formal parameters which do not match the regex that applies to their
specific kind (e.g. lambda parameter, or final formal parameter). Each regex can be
configured through properties.
By default this rule uses the standard Java naming convention (Camel case).
FormalParameterNamingConventions (Priority: 1, Ruleset: Code Style)
https://pmd.github.io/pmd-6.40.0/pmd_rules_java_codestyle.html#formalparameternamingconventions
|
The static method name 'FF' doesn't match '[a-z][a-zA-Z0-9]*':
src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/MD5.java#L569
Configurable naming conventions for method declarations. This rule reports
method declarations which do not match the regex that applies to their
specific kind (e.g. JUnit test or native method). Each regex can be
configured through properties.
By default this rule uses the standard Java naming convention (Camel case).
MethodNamingConventions (Priority: 1, Ruleset: Code Style)
https://pmd.github.io/pmd-6.40.0/pmd_rules_java_codestyle.html#methodnamingconventions
|
The method parameter name 'answer_pwd' doesn't match '[a-z][a-zA-Z0-9]*':
src/main/java/org/owasp/webgoat/lessons/cryptography/EncodingAssignment.java#L65
Configurable naming conventions for formal parameters of methods and lambdas.
This rule reports formal parameters which do not match the regex that applies to their
specific kind (e.g. lambda parameter, or final formal parameter). Each regex can be
configured through properties.
By default this rule uses the standard Java naming convention (Camel case).
FormalParameterNamingConventions (Priority: 1, Ruleset: Code Style)
https://pmd.github.io/pmd-6.40.0/pmd_rules_java_codestyle.html#formalparameternamingconventions
|
Return an empty collection rather than null.:
src/main/java/org/owasp/webgoat/lessons/jwt/JWTFinalEndpoint.java#L100
For any method that returns an collection (such as an array, Collection or Map), it is better to return
an empty one rather than a null reference. This removes the need for null checking all results and avoids
inadvertent NullPointerExceptions.
See Effective Java, 3rd Edition, Item 54: Return empty collections or arrays instead of null
ReturnEmptyCollectionRatherThanNull (Priority: 1, Ruleset: Error Prone)
https://pmd.github.io/pmd-6.40.0/pmd_rules_java_errorprone.html#returnemptycollectionratherthannull
|
The method parameter name 'QTY4' doesn't match '[a-z][a-zA-Z0-9]*':
src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson5a.java#L59
Configurable naming conventions for formal parameters of methods and lambdas.
This rule reports formal parameters which do not match the regex that applies to their
specific kind (e.g. lambda parameter, or final formal parameter). Each regex can be
configured through properties.
By default this rule uses the standard Java naming convention (Camel case).
FormalParameterNamingConventions (Priority: 1, Ruleset: Code Style)
https://pmd.github.io/pmd-6.40.0/pmd_rules_java_codestyle.html#formalparameternamingconventions
|
The method parameter name 'question_1_solution' doesn't match '[a-z][a-zA-Z0-9]*':
src/main/java/org/owasp/webgoat/lessons/cia/CIAQuiz.java#L21
Configurable naming conventions for formal parameters of methods and lambdas.
This rule reports formal parameters which do not match the regex that applies to their
specific kind (e.g. lambda parameter, or final formal parameter). Each regex can be
configured through properties.
By default this rule uses the standard Java naming convention (Camel case).
FormalParameterNamingConventions (Priority: 1, Ruleset: Code Style)
https://pmd.github.io/pmd-6.40.0/pmd_rules_java_codestyle.html#formalparameternamingconventions
|
The method parameter name 'question_1_solution' doesn't match '[a-z][a-zA-Z0-9]*':
src/main/java/org/owasp/webgoat/lessons/jwt/JWTQuiz.java#L20
Configurable naming conventions for formal parameters of methods and lambdas.
This rule reports formal parameters which do not match the regex that applies to their
specific kind (e.g. lambda parameter, or final formal parameter). Each regex can be
configured through properties.
By default this rule uses the standard Java naming convention (Camel case).
FormalParameterNamingConventions (Priority: 1, Ruleset: Code Style)
https://pmd.github.io/pmd-6.40.0/pmd_rules_java_codestyle.html#formalparameternamingconventions
|
The method parameter name 'question_1_solution' doesn't match '[a-z][a-zA-Z0-9]*':
src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionQuiz.java#L49
Configurable naming conventions for formal parameters of methods and lambdas.
This rule reports formal parameters which do not match the regex that applies to their
specific kind (e.g. lambda parameter, or final formal parameter). Each regex can be
configured through properties.
By default this rule uses the standard Java naming convention (Camel case).
FormalParameterNamingConventions (Priority: 1, Ruleset: Code Style)
https://pmd.github.io/pmd-6.40.0/pmd_rules_java_codestyle.html#formalparameternamingconventions
|
The method parameter name 'question_1_solution' doesn't match '[a-z][a-zA-Z0-9]*':
src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingQuiz.java#L44
Configurable naming conventions for formal parameters of methods and lambdas.
This rule reports formal parameters which do not match the regex that applies to their
specific kind (e.g. lambda parameter, or final formal parameter). Each regex can be
configured through properties.
By default this rule uses the standard Java naming convention (Camel case).
FormalParameterNamingConventions (Priority: 1, Ruleset: Code Style)
https://pmd.github.io/pmd-6.40.0/pmd_rules_java_codestyle.html#formalparameternamingconventions
|
Analyse
This version of the CodeQL Action was deprecated on January 18th, 2023, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v2. For more information, see https://github.blog/changelog/2023-01-18-code-scanning-codeql-action-v1-is-now-deprecated/
|
Analyse
The following actions uses node12 which is deprecated and will be forced to run on node16: github/codeql-action/upload-sarif@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
|
Analyse
The following actions uses Node.js version which is deprecated and will be forced to run on node20: actions/checkout@v3, actions/setup-java@v3, github/codeql-action/init@v2, github/codeql-action/autobuild@v2, github/codeql-action/analyze@v2, pmd/pmd-github-action@v1, github/codeql-action/upload-sarif@v1. For more info: https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/
|
Unused import 'org.springframework.web.bind.annotation.*':
src/main/java/org/owasp/webgoat/lessons/insecurelogin/InsecureLoginTask.java#L28
Reports import statements that can be removed. They are either unused,
duplicated, or the members they import are already implicitly in scope,
because they're in java.lang, or the current package.
UnnecessaryImport (Priority: 4, Ruleset: Code Style)
https://pmd.github.io/pmd-6.40.0/pmd_rules_java_codestyle.html#unnecessaryimport
|
Unused import 'org.springframework.web.bind.annotation.*':
src/main/java/org/owasp/webgoat/lessons/jwt/JWTFinalEndpoint.java#L34
Reports import statements that can be removed. They are either unused,
duplicated, or the members they import are already implicitly in scope,
because they're in java.lang, or the current package.
UnnecessaryImport (Priority: 4, Ruleset: Code Style)
https://pmd.github.io/pmd-6.40.0/pmd_rules_java_codestyle.html#unnecessaryimport
|
Ensure that resources like this ResultSet object are closed after use:
src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java#L66
Ensure that resources (like `java.sql.Connection`, `java.sql.Statement`, and `java.sql.ResultSet` objects
and any subtype of `java.lang.AutoCloseable`) are always closed after use.
Failing to do so might result in resource leaks.
Note: It suffices to configure the super type, e.g. `java.lang.AutoClosable`, so that this rule automatically triggers
on any subtype (e.g. `java.io.FileInputStream`). Additionally specifying `java.sql.Connection` helps in detecting
the types, if the type resolution / auxclasspath is not correctly setup.
Note: Since PMD 6.16.0 the default value for the property `types` contains `java.lang.AutoCloseable` and detects
now cases where the standard `java.io.*Stream` classes are involved. In order to restore the old behaviour,
just remove "AutoCloseable" from the types.
CloseResource (Priority: 3, Ruleset: Error Prone)
https://pmd.github.io/pmd-6.40.0/pmd_rules_java_errorprone.html#closeresource
|
Ensure that resources like this ResultSet object are closed after use:
src/main/java/org/owasp/webgoat/lessons/jwt/JWTFinalEndpoint.java#L103
Ensure that resources (like `java.sql.Connection`, `java.sql.Statement`, and `java.sql.ResultSet` objects
and any subtype of `java.lang.AutoCloseable`) are always closed after use.
Failing to do so might result in resource leaks.
Note: It suffices to configure the super type, e.g. `java.lang.AutoClosable`, so that this rule automatically triggers
on any subtype (e.g. `java.io.FileInputStream`). Additionally specifying `java.sql.Connection` helps in detecting
the types, if the type resolution / auxclasspath is not correctly setup.
Note: Since PMD 6.16.0 the default value for the property `types` contains `java.lang.AutoCloseable` and detects
now cases where the standard `java.io.*Stream` classes are involved. In order to restore the old behaviour,
just remove "AutoCloseable" from the types.
CloseResource (Priority: 3, Ruleset: Error Prone)
https://pmd.github.io/pmd-6.40.0/pmd_rules_java_errorprone.html#closeresource
|
Ensure that resources like this ResultSet object are closed after use:
src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java#L69
Ensure that resources (like `java.sql.Connection`, `java.sql.Statement`, and `java.sql.ResultSet` objects
and any subtype of `java.lang.AutoCloseable`) are always closed after use.
Failing to do so might result in resource leaks.
Note: It suffices to configure the super type, e.g. `java.lang.AutoClosable`, so that this rule automatically triggers
on any subtype (e.g. `java.io.FileInputStream`). Additionally specifying `java.sql.Connection` helps in detecting
the types, if the type resolution / auxclasspath is not correctly setup.
Note: Since PMD 6.16.0 the default value for the property `types` contains `java.lang.AutoCloseable` and detects
now cases where the standard `java.io.*Stream` classes are involved. In order to restore the old behaviour,
just remove "AutoCloseable" from the types.
CloseResource (Priority: 3, Ruleset: Error Prone)
https://pmd.github.io/pmd-6.40.0/pmd_rules_java_errorprone.html#closeresource
|
Ensure that resources like this ResultSet object are closed after use:
src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L74
Ensure that resources (like `java.sql.Connection`, `java.sql.Statement`, and `java.sql.ResultSet` objects
and any subtype of `java.lang.AutoCloseable`) are always closed after use.
Failing to do so might result in resource leaks.
Note: It suffices to configure the super type, e.g. `java.lang.AutoClosable`, so that this rule automatically triggers
on any subtype (e.g. `java.io.FileInputStream`). Additionally specifying `java.sql.Connection` helps in detecting
the types, if the type resolution / auxclasspath is not correctly setup.
Note: Since PMD 6.16.0 the default value for the property `types` contains `java.lang.AutoCloseable` and detects
now cases where the standard `java.io.*Stream` classes are involved. In order to restore the old behaviour,
just remove "AutoCloseable" from the types.
CloseResource (Priority: 3, Ruleset: Error Prone)
https://pmd.github.io/pmd-6.40.0/pmd_rules_java_errorprone.html#closeresource
|
Ensure that resources like this ResultSet object are closed after use:
src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6b.java#L65
Ensure that resources (like `java.sql.Connection`, `java.sql.Statement`, and `java.sql.ResultSet` objects
and any subtype of `java.lang.AutoCloseable`) are always closed after use.
Failing to do so might result in resource leaks.
Note: It suffices to configure the super type, e.g. `java.lang.AutoClosable`, so that this rule automatically triggers
on any subtype (e.g. `java.io.FileInputStream`). Additionally specifying `java.sql.Connection` helps in detecting
the types, if the type resolution / auxclasspath is not correctly setup.
Note: Since PMD 6.16.0 the default value for the property `types` contains `java.lang.AutoCloseable` and detects
now cases where the standard `java.io.*Stream` classes are involved. In order to restore the old behaviour,
just remove "AutoCloseable" from the types.
CloseResource (Priority: 3, Ruleset: Error Prone)
https://pmd.github.io/pmd-6.40.0/pmd_rules_java_errorprone.html#closeresource
|
Ensure that resources like this ResultSet object are closed after use:
src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java#L71
Ensure that resources (like `java.sql.Connection`, `java.sql.Statement`, and `java.sql.ResultSet` objects
and any subtype of `java.lang.AutoCloseable`) are always closed after use.
Failing to do so might result in resource leaks.
Note: It suffices to configure the super type, e.g. `java.lang.AutoClosable`, so that this rule automatically triggers
on any subtype (e.g. `java.io.FileInputStream`). Additionally specifying `java.sql.Connection` helps in detecting
the types, if the type resolution / auxclasspath is not correctly setup.
Note: Since PMD 6.16.0 the default value for the property `types` contains `java.lang.AutoCloseable` and detects
now cases where the standard `java.io.*Stream` classes are involved. In order to restore the old behaviour,
just remove "AutoCloseable" from the types.
CloseResource (Priority: 3, Ruleset: Error Prone)
https://pmd.github.io/pmd-6.40.0/pmd_rules_java_errorprone.html#closeresource
|
Ensure that resources like this ResultSet object are closed after use:
src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java#L115
Ensure that resources (like `java.sql.Connection`, `java.sql.Statement`, and `java.sql.ResultSet` objects
and any subtype of `java.lang.AutoCloseable`) are always closed after use.
Failing to do so might result in resource leaks.
Note: It suffices to configure the super type, e.g. `java.lang.AutoClosable`, so that this rule automatically triggers
on any subtype (e.g. `java.io.FileInputStream`). Additionally specifying `java.sql.Connection` helps in detecting
the types, if the type resolution / auxclasspath is not correctly setup.
Note: Since PMD 6.16.0 the default value for the property `types` contains `java.lang.AutoCloseable` and detects
now cases where the standard `java.io.*Stream` classes are involved. In order to restore the old behaviour,
just remove "AutoCloseable" from the types.
CloseResource (Priority: 3, Ruleset: Error Prone)
https://pmd.github.io/pmd-6.40.0/pmd_rules_java_errorprone.html#closeresource
|
Ensure that resources like this ResultSet object are closed after use:
src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java#L65
Ensure that resources (like `java.sql.Connection`, `java.sql.Statement`, and `java.sql.ResultSet` objects
and any subtype of `java.lang.AutoCloseable`) are always closed after use.
Failing to do so might result in resource leaks.
Note: It suffices to configure the super type, e.g. `java.lang.AutoClosable`, so that this rule automatically triggers
on any subtype (e.g. `java.io.FileInputStream`). Additionally specifying `java.sql.Connection` helps in detecting
the types, if the type resolution / auxclasspath is not correctly setup.
Note: Since PMD 6.16.0 the default value for the property `types` contains `java.lang.AutoCloseable` and detects
now cases where the standard `java.io.*Stream` classes are involved. In order to restore the old behaviour,
just remove "AutoCloseable" from the types.
CloseResource (Priority: 3, Ruleset: Error Prone)
https://pmd.github.io/pmd-6.40.0/pmd_rules_java_errorprone.html#closeresource
|
Analyse
CodeQL Action v2 will be deprecated on December 5th, 2024. Please update all occurrences of the CodeQL Action in your workflow files to v3. For more information, see https://github.blog/changelog/2024-01-12-code-scanning-deprecation-of-codeql-action-v2/
|
Analyse
1 issue was detected with this workflow: git checkout HEAD^2 is no longer necessary. Please remove this step as Code Scanning recommends analyzing the merge commit for best results.
|
Deprecation notice: v1, v2, and v3 of the artifact actions
The following artifacts were uploaded using a version of actions/upload-artifact that is scheduled for deprecation: "PMD Report".
Please update your workflow to use v4 of the artifact actions.
Learn more: https://github.blog/changelog/2024-04-16-deprecation-notice-v3-of-the-artifact-actions/
|
Artifacts
Produced during runtime
Name | Size | |
---|---|---|
PMD Report
Expired
|
217 KB |
|