Skip to content

Merge pull request #23 from sip49/pixeebot/drip-2024-01-26-pixee-java… #6

Merge pull request #23 from sip49/pixeebot/drip-2024-01-26-pixee-java…

Merge pull request #23 from sip49/pixeebot/drip-2024-01-26-pixee-java… #6

Triggered via push July 23, 2024 20:28
Status Success
Total duration 3m 0s
Artifacts 1

codeql.yml

on: push
Fit to window
Zoom out
Zoom in

Annotations

11 errors and 15 warnings
The method parameter name 'answer_pwd1' doesn't match '[a-z][a-zA-Z0-9]*': src/main/java/org/owasp/webgoat/lessons/cryptography/HashingAssignment.java#L84
Configurable naming conventions for formal parameters of methods and lambdas. This rule reports formal parameters which do not match the regex that applies to their specific kind (e.g. lambda parameter, or final formal parameter). Each regex can be configured through properties. By default this rule uses the standard Java naming convention (Camel case). FormalParameterNamingConventions (Priority: 1, Ruleset: Code Style) https://pmd.github.io/pmd-6.40.0/pmd_rules_java_codestyle.html#formalparameternamingconventions
The method parameter name 'answer_pwd1' doesn't match '[a-z][a-zA-Z0-9]*': src/main/java/org/owasp/webgoat/lessons/cryptography/XOREncodingAssignment.java#L39
Configurable naming conventions for formal parameters of methods and lambdas. This rule reports formal parameters which do not match the regex that applies to their specific kind (e.g. lambda parameter, or final formal parameter). Each regex can be configured through properties. By default this rule uses the standard Java naming convention (Camel case). FormalParameterNamingConventions (Priority: 1, Ruleset: Code Style) https://pmd.github.io/pmd-6.40.0/pmd_rules_java_codestyle.html#formalparameternamingconventions
The static method name 'FF' doesn't match '[a-z][a-zA-Z0-9]*': src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/MD5.java#L569
Configurable naming conventions for method declarations. This rule reports method declarations which do not match the regex that applies to their specific kind (e.g. JUnit test or native method). Each regex can be configured through properties. By default this rule uses the standard Java naming convention (Camel case). MethodNamingConventions (Priority: 1, Ruleset: Code Style) https://pmd.github.io/pmd-6.40.0/pmd_rules_java_codestyle.html#methodnamingconventions
The method parameter name 'answer_pwd' doesn't match '[a-z][a-zA-Z0-9]*': src/main/java/org/owasp/webgoat/lessons/cryptography/EncodingAssignment.java#L65
Configurable naming conventions for formal parameters of methods and lambdas. This rule reports formal parameters which do not match the regex that applies to their specific kind (e.g. lambda parameter, or final formal parameter). Each regex can be configured through properties. By default this rule uses the standard Java naming convention (Camel case). FormalParameterNamingConventions (Priority: 1, Ruleset: Code Style) https://pmd.github.io/pmd-6.40.0/pmd_rules_java_codestyle.html#formalparameternamingconventions
Return an empty collection rather than null.: src/main/java/org/owasp/webgoat/lessons/jwt/JWTFinalEndpoint.java#L100
For any method that returns an collection (such as an array, Collection or Map), it is better to return an empty one rather than a null reference. This removes the need for null checking all results and avoids inadvertent NullPointerExceptions. See Effective Java, 3rd Edition, Item 54: Return empty collections or arrays instead of null ReturnEmptyCollectionRatherThanNull (Priority: 1, Ruleset: Error Prone) https://pmd.github.io/pmd-6.40.0/pmd_rules_java_errorprone.html#returnemptycollectionratherthannull
The method parameter name 'QTY4' doesn't match '[a-z][a-zA-Z0-9]*': src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson5a.java#L59
Configurable naming conventions for formal parameters of methods and lambdas. This rule reports formal parameters which do not match the regex that applies to their specific kind (e.g. lambda parameter, or final formal parameter). Each regex can be configured through properties. By default this rule uses the standard Java naming convention (Camel case). FormalParameterNamingConventions (Priority: 1, Ruleset: Code Style) https://pmd.github.io/pmd-6.40.0/pmd_rules_java_codestyle.html#formalparameternamingconventions
The method parameter name 'question_1_solution' doesn't match '[a-z][a-zA-Z0-9]*': src/main/java/org/owasp/webgoat/lessons/cia/CIAQuiz.java#L21
Configurable naming conventions for formal parameters of methods and lambdas. This rule reports formal parameters which do not match the regex that applies to their specific kind (e.g. lambda parameter, or final formal parameter). Each regex can be configured through properties. By default this rule uses the standard Java naming convention (Camel case). FormalParameterNamingConventions (Priority: 1, Ruleset: Code Style) https://pmd.github.io/pmd-6.40.0/pmd_rules_java_codestyle.html#formalparameternamingconventions
The method parameter name 'question_1_solution' doesn't match '[a-z][a-zA-Z0-9]*': src/main/java/org/owasp/webgoat/lessons/jwt/JWTQuiz.java#L20
Configurable naming conventions for formal parameters of methods and lambdas. This rule reports formal parameters which do not match the regex that applies to their specific kind (e.g. lambda parameter, or final formal parameter). Each regex can be configured through properties. By default this rule uses the standard Java naming convention (Camel case). FormalParameterNamingConventions (Priority: 1, Ruleset: Code Style) https://pmd.github.io/pmd-6.40.0/pmd_rules_java_codestyle.html#formalparameternamingconventions
The method parameter name 'question_1_solution' doesn't match '[a-z][a-zA-Z0-9]*': src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionQuiz.java#L49
Configurable naming conventions for formal parameters of methods and lambdas. This rule reports formal parameters which do not match the regex that applies to their specific kind (e.g. lambda parameter, or final formal parameter). Each regex can be configured through properties. By default this rule uses the standard Java naming convention (Camel case). FormalParameterNamingConventions (Priority: 1, Ruleset: Code Style) https://pmd.github.io/pmd-6.40.0/pmd_rules_java_codestyle.html#formalparameternamingconventions
The method parameter name 'question_1_solution' doesn't match '[a-z][a-zA-Z0-9]*': src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingQuiz.java#L44
Configurable naming conventions for formal parameters of methods and lambdas. This rule reports formal parameters which do not match the regex that applies to their specific kind (e.g. lambda parameter, or final formal parameter). Each regex can be configured through properties. By default this rule uses the standard Java naming convention (Camel case). FormalParameterNamingConventions (Priority: 1, Ruleset: Code Style) https://pmd.github.io/pmd-6.40.0/pmd_rules_java_codestyle.html#formalparameternamingconventions
Analyse
This version of the CodeQL Action was deprecated on January 18th, 2023, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v2. For more information, see https://github.blog/changelog/2023-01-18-code-scanning-codeql-action-v1-is-now-deprecated/
Analyse
The following actions uses node12 which is deprecated and will be forced to run on node16: github/codeql-action/upload-sarif@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
Analyse
The following actions uses Node.js version which is deprecated and will be forced to run on node20: actions/checkout@v3, actions/setup-java@v3, github/codeql-action/init@v2, github/codeql-action/autobuild@v2, github/codeql-action/analyze@v2, pmd/pmd-github-action@v1, github/codeql-action/upload-sarif@v1. For more info: https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/
Unused import 'org.springframework.web.bind.annotation.*': src/main/java/org/owasp/webgoat/lessons/insecurelogin/InsecureLoginTask.java#L28
Reports import statements that can be removed. They are either unused, duplicated, or the members they import are already implicitly in scope, because they're in java.lang, or the current package. UnnecessaryImport (Priority: 4, Ruleset: Code Style) https://pmd.github.io/pmd-6.40.0/pmd_rules_java_codestyle.html#unnecessaryimport
Unused import 'org.springframework.web.bind.annotation.*': src/main/java/org/owasp/webgoat/lessons/jwt/JWTFinalEndpoint.java#L34
Reports import statements that can be removed. They are either unused, duplicated, or the members they import are already implicitly in scope, because they're in java.lang, or the current package. UnnecessaryImport (Priority: 4, Ruleset: Code Style) https://pmd.github.io/pmd-6.40.0/pmd_rules_java_codestyle.html#unnecessaryimport
Ensure that resources like this ResultSet object are closed after use: src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java#L66
Ensure that resources (like `java.sql.Connection`, `java.sql.Statement`, and `java.sql.ResultSet` objects and any subtype of `java.lang.AutoCloseable`) are always closed after use. Failing to do so might result in resource leaks. Note: It suffices to configure the super type, e.g. `java.lang.AutoClosable`, so that this rule automatically triggers on any subtype (e.g. `java.io.FileInputStream`). Additionally specifying `java.sql.Connection` helps in detecting the types, if the type resolution / auxclasspath is not correctly setup. Note: Since PMD 6.16.0 the default value for the property `types` contains `java.lang.AutoCloseable` and detects now cases where the standard `java.io.*Stream` classes are involved. In order to restore the old behaviour, just remove "AutoCloseable" from the types. CloseResource (Priority: 3, Ruleset: Error Prone) https://pmd.github.io/pmd-6.40.0/pmd_rules_java_errorprone.html#closeresource
Ensure that resources like this ResultSet object are closed after use: src/main/java/org/owasp/webgoat/lessons/jwt/JWTFinalEndpoint.java#L103
Ensure that resources (like `java.sql.Connection`, `java.sql.Statement`, and `java.sql.ResultSet` objects and any subtype of `java.lang.AutoCloseable`) are always closed after use. Failing to do so might result in resource leaks. Note: It suffices to configure the super type, e.g. `java.lang.AutoClosable`, so that this rule automatically triggers on any subtype (e.g. `java.io.FileInputStream`). Additionally specifying `java.sql.Connection` helps in detecting the types, if the type resolution / auxclasspath is not correctly setup. Note: Since PMD 6.16.0 the default value for the property `types` contains `java.lang.AutoCloseable` and detects now cases where the standard `java.io.*Stream` classes are involved. In order to restore the old behaviour, just remove "AutoCloseable" from the types. CloseResource (Priority: 3, Ruleset: Error Prone) https://pmd.github.io/pmd-6.40.0/pmd_rules_java_errorprone.html#closeresource
Ensure that resources like this ResultSet object are closed after use: src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java#L69
Ensure that resources (like `java.sql.Connection`, `java.sql.Statement`, and `java.sql.ResultSet` objects and any subtype of `java.lang.AutoCloseable`) are always closed after use. Failing to do so might result in resource leaks. Note: It suffices to configure the super type, e.g. `java.lang.AutoClosable`, so that this rule automatically triggers on any subtype (e.g. `java.io.FileInputStream`). Additionally specifying `java.sql.Connection` helps in detecting the types, if the type resolution / auxclasspath is not correctly setup. Note: Since PMD 6.16.0 the default value for the property `types` contains `java.lang.AutoCloseable` and detects now cases where the standard `java.io.*Stream` classes are involved. In order to restore the old behaviour, just remove "AutoCloseable" from the types. CloseResource (Priority: 3, Ruleset: Error Prone) https://pmd.github.io/pmd-6.40.0/pmd_rules_java_errorprone.html#closeresource
Ensure that resources like this ResultSet object are closed after use: src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L74
Ensure that resources (like `java.sql.Connection`, `java.sql.Statement`, and `java.sql.ResultSet` objects and any subtype of `java.lang.AutoCloseable`) are always closed after use. Failing to do so might result in resource leaks. Note: It suffices to configure the super type, e.g. `java.lang.AutoClosable`, so that this rule automatically triggers on any subtype (e.g. `java.io.FileInputStream`). Additionally specifying `java.sql.Connection` helps in detecting the types, if the type resolution / auxclasspath is not correctly setup. Note: Since PMD 6.16.0 the default value for the property `types` contains `java.lang.AutoCloseable` and detects now cases where the standard `java.io.*Stream` classes are involved. In order to restore the old behaviour, just remove "AutoCloseable" from the types. CloseResource (Priority: 3, Ruleset: Error Prone) https://pmd.github.io/pmd-6.40.0/pmd_rules_java_errorprone.html#closeresource
Ensure that resources like this ResultSet object are closed after use: src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6b.java#L65
Ensure that resources (like `java.sql.Connection`, `java.sql.Statement`, and `java.sql.ResultSet` objects and any subtype of `java.lang.AutoCloseable`) are always closed after use. Failing to do so might result in resource leaks. Note: It suffices to configure the super type, e.g. `java.lang.AutoClosable`, so that this rule automatically triggers on any subtype (e.g. `java.io.FileInputStream`). Additionally specifying `java.sql.Connection` helps in detecting the types, if the type resolution / auxclasspath is not correctly setup. Note: Since PMD 6.16.0 the default value for the property `types` contains `java.lang.AutoCloseable` and detects now cases where the standard `java.io.*Stream` classes are involved. In order to restore the old behaviour, just remove "AutoCloseable" from the types. CloseResource (Priority: 3, Ruleset: Error Prone) https://pmd.github.io/pmd-6.40.0/pmd_rules_java_errorprone.html#closeresource
Ensure that resources like this ResultSet object are closed after use: src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java#L71
Ensure that resources (like `java.sql.Connection`, `java.sql.Statement`, and `java.sql.ResultSet` objects and any subtype of `java.lang.AutoCloseable`) are always closed after use. Failing to do so might result in resource leaks. Note: It suffices to configure the super type, e.g. `java.lang.AutoClosable`, so that this rule automatically triggers on any subtype (e.g. `java.io.FileInputStream`). Additionally specifying `java.sql.Connection` helps in detecting the types, if the type resolution / auxclasspath is not correctly setup. Note: Since PMD 6.16.0 the default value for the property `types` contains `java.lang.AutoCloseable` and detects now cases where the standard `java.io.*Stream` classes are involved. In order to restore the old behaviour, just remove "AutoCloseable" from the types. CloseResource (Priority: 3, Ruleset: Error Prone) https://pmd.github.io/pmd-6.40.0/pmd_rules_java_errorprone.html#closeresource
Ensure that resources like this ResultSet object are closed after use: src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java#L115
Ensure that resources (like `java.sql.Connection`, `java.sql.Statement`, and `java.sql.ResultSet` objects and any subtype of `java.lang.AutoCloseable`) are always closed after use. Failing to do so might result in resource leaks. Note: It suffices to configure the super type, e.g. `java.lang.AutoClosable`, so that this rule automatically triggers on any subtype (e.g. `java.io.FileInputStream`). Additionally specifying `java.sql.Connection` helps in detecting the types, if the type resolution / auxclasspath is not correctly setup. Note: Since PMD 6.16.0 the default value for the property `types` contains `java.lang.AutoCloseable` and detects now cases where the standard `java.io.*Stream` classes are involved. In order to restore the old behaviour, just remove "AutoCloseable" from the types. CloseResource (Priority: 3, Ruleset: Error Prone) https://pmd.github.io/pmd-6.40.0/pmd_rules_java_errorprone.html#closeresource
Ensure that resources like this ResultSet object are closed after use: src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java#L65
Ensure that resources (like `java.sql.Connection`, `java.sql.Statement`, and `java.sql.ResultSet` objects and any subtype of `java.lang.AutoCloseable`) are always closed after use. Failing to do so might result in resource leaks. Note: It suffices to configure the super type, e.g. `java.lang.AutoClosable`, so that this rule automatically triggers on any subtype (e.g. `java.io.FileInputStream`). Additionally specifying `java.sql.Connection` helps in detecting the types, if the type resolution / auxclasspath is not correctly setup. Note: Since PMD 6.16.0 the default value for the property `types` contains `java.lang.AutoCloseable` and detects now cases where the standard `java.io.*Stream` classes are involved. In order to restore the old behaviour, just remove "AutoCloseable" from the types. CloseResource (Priority: 3, Ruleset: Error Prone) https://pmd.github.io/pmd-6.40.0/pmd_rules_java_errorprone.html#closeresource
Analyse
CodeQL Action v2 will be deprecated on December 5th, 2024. Please update all occurrences of the CodeQL Action in your workflow files to v3. For more information, see https://github.blog/changelog/2024-01-12-code-scanning-deprecation-of-codeql-action-v2/
Analyse
1 issue was detected with this workflow: git checkout HEAD^2 is no longer necessary. Please remove this step as Code Scanning recommends analyzing the merge commit for best results.
Deprecation notice: v1, v2, and v3 of the artifact actions
The following artifacts were uploaded using a version of actions/upload-artifact that is scheduled for deprecation: "PMD Report". Please update your workflow to use v4 of the artifact actions. Learn more: https://github.blog/changelog/2024-04-16-deprecation-notice-v3-of-the-artifact-actions/

Artifacts

Produced during runtime
Name Size
PMD Report Expired
217 KB