Patch 9 #21

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open

Manasi1313 wants to merge 2 commits into NileshVirkar:master from Manasi1313:patch-9

src/main/java/javacodechecker/AccessingAndroidExternalStorage.java

-Original file line number
+Diff line change
@@ -0,0 +1,14 @@
+    package javacodechecker;
+    import android.content.Context;
+    import android.os.Environment;
+    public class AccessingAndroidExternalStorage {
+        public void accessFiles(Context context) {
+        	// EMB-ISSUE: CodeIssueNames.ACCESSING_ANDROID_EXTERNAL_STORAGE
+            Environment.getExternalStoragePublicDirectory(Environment.DIRECTORY_PICTURES); // Sensitive
+        	// EMB-ISSUE: CodeIssueNames.ACCESSING_ANDROID_EXTERNAL_STORAGE
+            context.getExternalFilesDir(Environment.DIRECTORY_PICTURES); // Sensitive
+        }
+    }

src/main/java/javacodechecker/AuthenticateLDAPConnection.java

-Original file line number
+Diff line change
@@ -0,0 +1,17 @@
+    package javacodechecker;
+    import java.util.Hashtable;
+    public class AuthenticateLDAPConnection {
+    	public void method() {
+    		Hashtable<String, Object> env = new Hashtable<String, Object>();
+    		// Set up the environment for creating the initial context
+    		env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
+    		env.put(Context.PROVIDER_URL, "ldap://localhost:389/o=JNDITutorial");
+    		// EMB-ISSUE: CodeIssueNames.AUTHENTICATE_LDAP_CONNECTION
+    		env.put(Context.SECURITY_AUTHENTICATION, "none");
+    	}
+    }

src/main/java/javacodechecker/Big Integer Instantiation

Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@

src/main/java/javacodechecker/CompileRegularExpressionsOnce.java

-Original file line number
+Diff line change
@@ -0,0 +1,25 @@
+    package javacodechecker;
+    import java.util.regex.MatchResult;
+    import java.util.regex.Matcher;
+    import java.util.regex.Pattern;
+    class CompileRegularExpressionsOnce {
+    	Pattern pattern2 = Pattern.compile("(.*)");
+        void findText(String inputText) {
+        	// EMB-ISSUE: CodeIssueNames.COMPILE_REGULAR_EXPRESSIONS_ONCE
+            Pattern pattern = Pattern.compile("(.*)");
+            Matcher matcher = pattern.matcher(inputText);
+            if(matcher.find()) {
+                MatchResult result = matcher.toMatchResult();
+            }
+        }
+        void findText2(String inputText) {
+            Matcher matcher = pattern2.matcher(inputText);
+            if(matcher.find()) {
+                MatchResult result = matcher.toMatchResult();
+            }
+        }
+    }

src/main/java/javacodechecker/ComplexRegexPattern.java

-Original file line number
+Diff line change
@@ -0,0 +1,23 @@
+    package javacodechecker;
+    import java.util.regex.Matcher;
+    import java.util.regex.Pattern;
+    /**
+     * Test case for ComplexRegexPattern
+     * @author bhides
+     *
+     */
+    class ComplexRegexPattern {
+    	public void method() {
+    		String regex = "(a+)+";
+    		// EMB-ISSUE: CodeIssueNames.COMPLEX_REGEXPATTERN
+    		Pattern r = Pattern.compile(regex);
+    		// Now create matcher object.
+    		Matcher m = r.matcher("");
+    		// EMB-ISSUE: CodeIssueNames.COMPLEX_REGEXPATTERN
+    		Pattern r2 = Pattern.compile("(a+)+");
+    	}
+    }

src/main/java/javacodechecker/DatabasesShouldBePasswordProtected.java

-Original file line number
+Diff line change
@@ -0,0 +1,26 @@
+    package javacodechecker;
+    import java.sql.Connection;
+    import java.sql.DriverManager;
+    import java.sql.SQLException;
+    public class DatabasesShouldBePasswordProtected {
+    	public void method() throws SQLException {
+    		String password = "password";
+    		//EMB-ISSUE:CodeIssueNames.DatabasesShouldBePasswordProtected
+    		Connection conn = DriverManager.getConnection("jdbc:derby:memory:myDB;create=true", "AppLogin", "");
+    		// Next 3 have password
+    		Connection conn1 = DriverManager.getConnection("jdbc:derby:memory:myDB;create=true", "AppLogin", password);
+    		Connection conn2 = DriverManager.getConnection("jdbc:derby:memory:myDB;create=true?user=user&password=text");
+    		Connection conn3 = DriverManager.getConnection("jdbc:derby:memory:myDB;create=true&password=text", "AppLogin", "");
+    		//EMB-ISSUE:CodeIssueNames.DatabasesShouldBePasswordProtected
+    		Connection conn4 = DriverManager.getConnection("jdbc:derby:memory:myDB;create=true?user=user&password=");
+    		//EMB-ISSUE:CodeIssueNames.DatabasesShouldBePasswordProtected
+    		Connection conn5 = DriverManager.getConnection("jdbc:derby:memory:myDB;create=true?user=user");
+    	}
+    }

src/main/java/javacodechecker/DisabledSpringSecuritysCSRF.java

-Original file line number
+Diff line change
@@ -0,0 +1,33 @@
+    package javacodechecker;
+    import org.springframework.context.annotation.Bean;
+    import org.springframework.context.annotation.Configuration;
+    import org.springframework.http.HttpMethod;
+    import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+    import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+    import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+    import org.springframework.security.web.firewall.HttpFirewall;
+    import org.springframework.security.web.firewall.StrictHttpFirewall;
+    @Configuration
+    @EnableWebSecurity
+    public class DisabledSpringSecuritysCSRF extends WebSecurityConfigurerAdapter {
+    	private static final String TEST_ROUTE = "/testroute/";
+    	@Bean
+    	protected HttpFirewall strictFirewall() {
+    		StrictHttpFirewall firewall = new StrictHttpFirewall();
+    		firewall.setAllowedHttpMethods(Arrays.asList(HttpMethod.GET.name(), HttpMethod.POST.name()));
+    		return firewall;
+    	}
+    	@Override
+    	protected void configure(HttpSecurity http) throws Exception {
+    		// EMB-ISSUE:CodeIssueNames.DISABLED_SPRING_SECURITYS_CSRF
+    		http.authorizeRequests().mvcMatchers(HttpMethod.GET, TEST_ROUTE).permitAll().anyRequest().denyAll().and().csrf()
+    				.disable();
+    		http.headers().contentSecurityPolicy("default-src 'self'");
+    	}
+    }

src/main/java/javacodechecker/EmptyCatchBlock.java

-Original file line number
+Diff line change
@@ -0,0 +1,16 @@
+    package javacodechecker;
+    import java.io.File;
+    import java.io.FileInputStream;
+    import java.io.FileNotFoundException;
+    class EmptyCatchBlock {
+    	public static void main(String[] args) {
+    		try {
+    			FileInputStream in = new FileInputStream(new File(""));
+    		}
+    		// EMB-ISSUE: CodeIssueNames.EMPTY_CATCH_BLOCK
+    		catch (FileNotFoundException e) {
+    		}
+    	}
+    }

src/main/java/javacodechecker/ExternalizableMustHaveNoArgumentsConstructor.java

-Original file line number
+Diff line change
@@ -0,0 +1,23 @@
+    package javacodechecker;
+    import java.io.Externalizable;
+    import java.io.IOException;
+    import java.io.ObjectInput;
+    import java.io.ObjectOutput;
+    //EMB-ISSUE: CodeIssueNames.EXTERNALIZABLE_MUST_HAVE_NO_ARGUMENTS_CONSTRUCTOR
+    public class ExternalizableMustHaveNoArgumentsConstructor implements Externalizable {
+    	private String name;
+    	private int age;
+    	public void newMethod() {
+    	}
+        public ExternalizableMustHaveNoArgumentsConstructor(String name, int age) {
+    		this.name = name;
+    		this.age = age;
+    	}
+    }

src/main/java/javacodechecker/ExternalizableMustHaveNoArgumentsConstructor2.java

-Original file line number
+Diff line change
@@ -0,0 +1,15 @@
+    package javacodechecker;
+    import java.io.Externalizable;
+    import java.io.IOException;
+    import java.io.ObjectInput;
+    import java.io.ObjectOutput;
+    //EMB-ISSUE: CodeIssueNames.EXTERNALIZABLE_MUST_HAVE_NO_ARGUMENTS_CONSTRUCTOR/no-detect
+    public class ExternalizableMustHaveNoArgumentsConstructor2 implements Externalizable {
+    	private String name;
+    	private int age;
+    	public ExternalizableMustHaveNoArgumentsConstructor2() {
+    	}

src/main/java/javacodechecker/ExternalizableMustHaveNoArgumentsConstructor3.java

-Original file line number
+Diff line change
@@ -0,0 +1,10 @@
+    package javacodechecker;
+    import java.io.Externalizable;
+    //EMB-ISSUE: CodeIssueNames.EXTERNALIZABLE_MUST_HAVE_NO_ARGUMENTS_CONSTRUCTOR/no-detect
+    public class ExternalizableMustHaveNoArgumentsConstructor3 implements Externalizable {
+    	private String name;
+    	private int age;
+    }

src/main/java/javacodechecker/ExternalizableMustHaveNoArgumentsConstructor4.java

-Original file line number
+Diff line change
@@ -0,0 +1,23 @@
+    package javacodechecker;
+    import java.io.Externalizable;
+    import java.io.IOException;
+    import java.io.ObjectInput;
+    import java.io.ObjectOutput;
+    //EMB-ISSUE: CodeIssueNames.EXTERNALIZABLE_MUST_HAVE_NO_ARGUMENTS_CONSTRUCTOR/no-detect
+    public class ExternalizableMustHaveNoArgumentsConstructor4 implements Externalizable {
+    	private String name;
+    	private int age;
+    	 public ExternalizableMustHaveNoArgumentsConstructor4(String name, int age) {
+    			this.name = name;
+    			this.age = age;
+    		}
+    	 public ExternalizableMustHaveNoArgumentsConstructor4() {
+    	 }
+    }

src/main/java/javacodechecker/GettersAndSettersShouldAccessTheExpectedFields.java

-Original file line number
+Diff line change
@@ -0,0 +1,54 @@
+    package javacodechecker;
+    import java.io.File;
+    import java.io.FileInputStream;
+    import java.io.FileNotFoundException;
+    class GettersAndSettersShouldAccessTheExpectedFields {
+    	private int x ,y ,z;
+    	private boolean active;
+    	// EMB-ISSUE: CodeIssueNames.GETTERS_AND_SETTERS_SHOULD_ACCESS_THE_EXPECTED_FIELDS
+    	public void setX(int val) {
+    		//this is for test
+    		this.y = val;
+    	}
+    	// EMB-ISSUE: CodeIssueNames.GETTERS_AND_SETTERS_SHOULD_ACCESS_THE_EXPECTED_FIELDS
+    	public int getY() {
+    		return this.x;
+    	}
+    	// EMB-ISSUE: CodeIssueNames.GETTERS_AND_SETTERS_SHOULD_ACCESS_THE_EXPECTED_FIELDS
+    	  public boolean isActive()
+    		  {
+    		    return x;
+    		  }
+    	  		// EMB-ISSUE: CodeIssueNames.GETTERS_AND_SETTERS_SHOULD_ACCESS_THE_EXPECTED_FIELDS
+    		  public void setActive(boolean b)
+    		  {
+    		    this.y = b;
+    		  }
+    		  // EMB-ISSUE: CodeIssueNames.GETTERS_AND_SETTERS_SHOULD_ACCESS_THE_EXPECTED_FIELDS/no-detect
+    		  public int getName() {
+    			  System.out.println(" ");
+    			  return this.x;
+    			}
+    			// EMB-ISSUE: CodeIssueNames.GETTERS_AND_SETTERS_SHOULD_ACCESS_THE_EXPECTED_FIELDS/no-detect
+    		  	public void setName(int val) {
+    			    System.out.println(" ");
+    				this.y = val;
+    			}
+    		 // EMB-ISSUE: CodeIssueNames.GETTERS_AND_SETTERS_SHOULD_ACCESS_THE_EXPECTED_FIELDS/no-detect
+    			public void setZ(int val) {
+    				this.z = val;
+    			}
+    }

src/main/java/javacodechecker/InitializationOfSecureRandomAtMethodLevel.java

-Original file line number
+Diff line change
@@ -0,0 +1,21 @@
+    package javacodechecker;
+    import java.security.SecureRandom;
+    class InitializationOfSecureRandomAtMethodLevel {
+    	//Non-compliant code
+    	public int generateSecureKey() {
+    		// EMB-ISSUE: CodeIssueNames.INITIALIZATION_OF_SECURE_RANDOM_AT_METHOD_LEVEL
+    		SecureRandom secureRandom = new SecureRandom();
+    		return secureRandom.nextInt();
+    	}
+    }
+    //compliant code
+    class SecureRandomGenerator {
+    	// EMB-ISSUE: CodeIssueNames.INITIALIZATION_OF_SECURE_RANDOM_AT_METHOD_LEVEL/no-detect
+    	static SecureRandom secureRandom = new SecureRandom();
+    	public int generateSecureKey() {
+    		return secureRandom.nextInt();
+    	}
+    }

src/main/java/javacodechecker/InvalidLoggingClassName.java

-Original file line number
+Diff line change
@@ -0,0 +1,10 @@
+    package javacodechecker;
+    import org.apache.logging.log4j.Logger;
+    public class InvalidLoggingClassName {
+    	// EMB-ISSUE: CodeIssueNames.INVALID_LOGGING_CLASS_NAME
+    	private static Logger logger = org.apache.logging.log4j.LogManager
+    			.getLogger(SomeOtherClass.class);
+    }

src/main/java/javacodechecker/NonPrivateFieldAccessInSynchronizedBlock.java

-Original file line number
+Diff line change
@@ -0,0 +1,58 @@
+    /*-
+     * ---license-start
+     * Corona-Warn-App
+     * ---
+     * Copyright (C) 2020 SAP SE and all other contributors
+     * ---
+     * Licensed under the Apache License, Version 2.0 (the "License");
+     * you may not use this file except in compliance with the License.
+     * You may obtain a copy of the License at
+     *
+     *      http://www.apache.org/licenses/LICENSE-2.0
+     *
+     * Unless required by applicable law or agreed to in writing, software
+     * distributed under the License is distributed on an "AS IS" BASIS,
+     * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+     * See the License for the specific language governing permissions and
+     * limitations under the License.
+     * ---license-end
+     */
+    package javacodechecker;
+    import static app.coronawarn.server.services.submission.controller.SubmissionController.SUBMISSION_ROUTE;
+    import static java.util.concurrent.TimeUnit.MILLISECONDS;
+    import app.coronawarn.server.services.submission.monitoring.SubmissionMonitor;
+    import io.micrometer.core.annotation.Timed;
+    import java.util.concurrent.Executors;
+    import java.util.concurrent.ScheduledExecutorService;
+    import org.springframework.http.ResponseEntity;
+    import org.springframework.web.bind.annotation.PostMapping;
+    import org.springframework.web.bind.annotation.RequestHeader;
+    import org.springframework.web.bind.annotation.RequestMapping;
+    import org.springframework.web.bind.annotation.RestController;
+    import org.springframework.web.context.request.async.DeferredResult;
+    @RestController
+    @RequestMapping("/version/v1")
+    public class NonPrivateFieldAccessInSynchronizedBlock {
+      public int counter = 0;
+      public DeferredResult<ResponseEntity<Void>> fakeRequest(@RequestHeader("fake") Integer fake) {
+        synchronized (this) {
+        	// EMB-ISSUE: CodeIssueNames.NON_PRIVATE_FIELD_ACCESS_IN_SYNCHRONIZED_BLOCK
+          counter++;
+          try {
+            java.lang.Thread.sleep(100);
+          } catch (InterruptedException e) {
+            e.printStackTrace();
+          }
+        }
+        return deferredResult;
+      }
+      }

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Patch 9 #21

Uh oh!

Diff view

Diff view

There are no files selected for viewing

Uh oh!

Patch 9 #21

Are you sure you want to change the base?

Uh oh!

Patch 9 #21

Uh oh!

Uh oh!

Diff view

Diff view

There are no files selected for viewing

Uh oh!