Java - Code Pathfinder Atlas

Browse our specialized collection of Java security rules designed to detect cryptographic vulnerabilities, secure communication issues, and OWASP Top 10 risks. Our rules help identify common security pitfalls in Java applications, with a focus on modern cryptography, secure networking, and industry best practices.

Test Locally

To run these rules against your Java codebase:

codepathfinder ci --project /src/project --ruleset cpf/java

Rules (4)

Type

Type (clear all)

SECURITY QUALITY PERFORMANCE

Severity

Severity (clear all)

CRITICAL HIGH MEDIUM LOW

OWASP

OWASP Top 10 (clear all)

Broken Access Control Cryptographic Failures Injection Insecure Design Security Misconfiguration Vulnerable and Outdated Components Identification and Authentication Failures Software and Data Integrity Failures Security Logging and Monitoring Failures Server-Side Request Forgery (SSRF)

Insecure Random

Severity: High | OWASP: Cryptographic Failures
Identifies usage of Math.random() which is not cryptographically secure and could lead to predictable values in security-critical contexts.

View Code

Weak Cryptography

Severity: High | OWASP: Cryptographic Failures
Detects usage of deprecated or weak cryptographic algorithms (RC4, RC2, SHA1, Blowfish) that are vulnerable to known attacks.

View Code

Insecure HTTP Client

Severity: High | OWASP: Identification and Authentication Failures
Identifies usage of deprecated DefaultHttpClient which lacks modern security features and proper certificate validation.

View Code

Unencrypted Socket

Severity: High | OWASP: Cryptographic Failures
Detects usage of unencrypted socket connections that could expose sensitive data to network-level attacks.

View Code

For more information on using Code PathFinder with Java, see our documentation.