Java - Code Pathfinder Atlas

Browse our specialized collection of Java security rules designed to detect cryptographic vulnerabilities, secure communication issues, and OWASP Top 10 risks. Our rules help identify common security pitfalls in Java applications, with a focus on modern cryptography, secure networking, and industry best practices.

Test Locally

To run these rules against your Java codebase:

codepathfinder ci --project /src/project --ruleset cpf/java

Rules (7)

Browse our collection of Java security rules. Each rule includes example code and the actual rule implementation.

Type

Type (clear all)

SECURITY QUALITY PERFORMANCE

Severity

Severity (clear all)

CRITICAL HIGH MEDIUM LOW

OWASP

OWASP Top 10 (clear all)

Broken Access Control Cryptographic Failures Injection Insecure Design Security Misconfiguration Vulnerable and Outdated Components Identification and Authentication Failures Software and Data Integrity Failures Security Logging and Monitoring Failures Server-Side Request Forgery (SSRF)

Insecure Random

Severity: High | OWASP: Cryptographic Failures
Identifies usage of Math.random() which is not cryptographically secure and could lead to predictable values in security-critical contexts.

View Code

Blowfish Usage

Severity: High | OWASP: Cryptographic Failures
Detects usage of Blowfish encryption which uses a 64-bit block size, making it vulnerable to birthday attacks.

View Code

Default HTTP Client

Severity: High | OWASP: Identification and Authentication Failures
Identifies usage of deprecated DefaultHttpClient which lacks modern security features and proper certificate validation.

View Code

RC4 Usage

Severity: High | OWASP: Cryptographic Failures
Detects usage of RC4 cipher which is cryptographically broken and should not be used.

View Code

SHA-1 Usage

Severity: High | OWASP: Cryptographic Failures
Identifies usage of SHA-1 hash function which is cryptographically broken and should not be used.

View Code

Unencrypted Socket

Severity: High | OWASP: Cryptographic Failures
Detects usage of unencrypted Socket instead of SSLSocket for network communication.

View Code

XML External Entity (XXE)

Severity: High | OWASP: Injection
Identifies XML parsers that may be vulnerable to XXE attacks due to insecure configuration.

View Code

Weak Cryptography

Severity: High | OWASP: Cryptographic Failures
Detects usage of deprecated or weak cryptographic algorithms (RC4, RC2, SHA1, Blowfish) that are vulnerable to known attacks.

View Code

Insecure HTTP Client

Severity: High | OWASP: Identification and Authentication Failures
Identifies usage of deprecated DefaultHttpClient which lacks modern security features and proper certificate validation.

View Code

Unencrypted Socket

Severity: High | OWASP: Cryptographic Failures
Detects usage of unencrypted socket connections that could expose sensitive data to network-level attacks.

View Code

XML External Entity (XXE) Vulnerability

Severity: High | OWASP: XML External Entities (XXE)
Identifies insecure XML parser configurations that could allow XXE attacks, potentially leading to data disclosure, denial of service, or server-side request forgery.

View Code

For more information on using Code PathFinder with Java, see our documentation.