Here you can find several examples of SonarQube Connector Hotspots Breakdown to see how it displays the issues in a Confluence page:
Apache Ant
Detalles de los Security Hotspots de SonarQube
Detalles de los Security Hotspots de SonarQube
Esta sección se centra en todos los security hotspots de toda la base del código
Prioridad
Categoria
Hotspots
MEDIUM
Denial of Service (DoS)
8
Security Hotspot
Line
core/.../xwork2/validator/validators/URLValidator.java
Make sure the regex used here, which is vulnerable to exponential runtime due to backtracking, cannot lead to denial of service or make sure the code is only run using Java 9 or later.
120
core/.../java/org/apache/struts2/dispatcher/Dispatcher.java
Make sure the regex used here, which is vulnerable to polynomial runtime due to backtracking, cannot lead to denial of service.
589
core/.../apache/struts2/interceptor/RolesInterceptor.java
Make sure the regex used here, which is vulnerable to polynomial runtime due to backtracking, cannot lead to denial of service.
140
core/.../apache/struts2/interceptor/ScopeInterceptor.java
Make sure the regex used here, which is vulnerable to polynomial runtime due to backtracking, cannot lead to denial of service.
165
core/.../apache/struts2/interceptor/ScopeInterceptor.java
Make sure the regex used here, which is vulnerable to polynomial runtime due to backtracking, cannot lead to denial of service.
176
core/.../org/apache/struts2/util/RegexPatternMatcher.java
Make sure the regex used here, which is vulnerable to polynomial runtime due to backtracking, cannot lead to denial of service.
80
plugins/.../struts2/convention/DefaultResultMapBuilder.java
Make sure the regex used here, which is vulnerable to polynomial runtime due to backtracking, cannot lead to denial of service.
134
plugins/.../convention/PackageBasedActionConfigBuilder.java
Make sure the regex used here, which is vulnerable to polynomial runtime due to backtracking, cannot lead to denial of service.
287
MEDIUM
Weak Cryptography
1
Security Hotspot
Line
apps/.../struts2/showcase/hangman/PropertiesVocabSource.java
Make sure that using this pseudorandom number generator is safe here.
55
LOW
Insecure Configuration
16
Security Hotspot
Line
apps/.../apache/struts2/showcase/chat/ChatLoginAction.java
Make sure this debug feature is deactivated before delivering the code in production.
56
core/.../xwork2/mock/MockObjectTypeDeterminer.java
Make sure this debug feature is deactivated before delivering the code in production.
75
core/.../com/opensymphony/xwork2/util/ClassPathFinder.java
Make sure this debug feature is deactivated before delivering the code in production.
109
core/.../com/opensymphony/xwork2/util/PropertiesReader.java
Make sure this debug feature is deactivated before delivering the code in production.
450
core/.../interceptor/debugging/DebuggingInterceptor.java
Make sure this debug feature is deactivated before delivering the code in production.
212
core/.../interceptor/debugging/DebuggingInterceptor.java
Make sure this debug feature is deactivated before delivering the code in production.
297
plugins/.../apache/struts2/el/lang/FunctionMapperImpl.java
Make sure this debug feature is deactivated before delivering the code in production.
158
plugins/.../main/java/org/apache/struts2/jasper/JspC.java
Make sure this debug feature is deactivated before delivering the code in production.
1065
plugins/.../org/apache/struts2/jasper/compiler/Dumper.java
Make sure this debug feature is deactivated before delivering the code in production.
188
plugins/.../org/apache/struts2/jasper/compiler/Dumper.java
Make sure this debug feature is deactivated before delivering the code in production.
196
plugins/.../apache/struts2/jasper/compiler/Localizer.java
Make sure this debug feature is deactivated before delivering the code in production.
40
plugins/.../struts2/jasper/runtime/TagHandlerPool.java
Make sure this debug feature is deactivated before delivering the code in production.
57
plugins/.../apache/struts2/jasper/servlet/JasperLoader.java
Make sure this debug feature is deactivated before delivering the code in production.
120
plugins/.../struts2/views/jasperreports/CompileReport.java
Make sure this debug feature is deactivated before delivering the code in production.
42
core/.../org/apache/struts2/interceptor/I18nInterceptor.java
Make sure creating this cookie without the "secure" flag is safe here.
398
core/.../org/apache/struts2/result/plain/HttpCookies.java
Make sure creating this cookie without the "secure" flag is safe here.
31
LOW
Others
11
Security Hotspot
Line
core/.../org/apache/struts2/interceptor/I18nInterceptor.java
Make sure creating this cookie without the "HttpOnly" flag is safe.
398
core/.../org/apache/struts2/result/plain/HttpCookies.java
Make sure creating this cookie without the "HttpOnly" flag is safe.
31
core/.../com/opensymphony/xwork2/util/ClassPathFinder.java
Make sure that expanding this archive file is safe here.
102
core/.../com/opensymphony/xwork2/util/ClassPathFinder.java
Make sure that expanding this archive file is safe here.
102
core/.../opensymphony/xwork2/util/finder/ResourceFinder.java
Make sure that expanding this archive file is safe here.
1200
core/.../opensymphony/xwork2/util/finder/ResourceFinder.java
Make sure that expanding this archive file is safe here.
1226
core/.../xwork2/validator/DefaultValidatorFactory.java
Make sure that expanding this archive file is safe here.
154
core/.../xwork2/validator/DefaultValidatorFactory.java
Make sure that expanding this archive file is safe here.
160
plugins/.../struts2/jasper/compiler/TldLocationsCache.java
Make sure that expanding this archive file is safe here.
368
core/.../xwork2/util/fs/StrutsJarURLConnection.java
Make sure publicly writable directories are used safely here.
123
core/.../apache/struts2/util/FastByteArrayOutputStream.java
Make sure publicly writable directories are used safely here.
138
Microsoft Vscode-python
Detalles de los Security Hotspots de SonarQube
Detalles de los Security Hotspots de SonarQube
Esta sección se centra en todos los security hotspots de toda la base del código
Prioridad
Categoria
Hotspots
MEDIUM
Denial of Service (DoS)
10
Security Hotspot
Line
src/client/common/application/extensions.ts
Make sure the regex used here, which is vulnerable to super-linear runtime due to backtracking, cannot lead to denial of service.
59
src/client/common/editor.ts
Make sure the regex used here, which is vulnerable to super-linear runtime due to backtracking, cannot lead to denial of service.
283
src/client/common/variables/environment.ts
Make sure the regex used here, which is vulnerable to super-linear runtime due to backtracking, cannot lead to denial of service.
134
src/client/language/languageConfiguration.ts
Make sure the regex used here, which is vulnerable to super-linear runtime due to backtracking, cannot lead to denial of service.
28
src/client/pythonEnvironments/base/info/pythonVersion.ts
Make sure the regex used here, which is vulnerable to super-linear runtime due to backtracking, cannot lead to denial of service.
62
src/client/pythonEnvironments/base/info/pythonVersion.ts
Make sure the regex used here, which is vulnerable to super-linear runtime due to backtracking, cannot lead to denial of service.
63
src/client/pythonEnvironments/base/info/pythonVersion.ts
Make sure the regex used here, which is vulnerable to super-linear runtime due to backtracking, cannot lead to denial of service.
64
src/.../common/environmentManagers/conda.ts
Make sure the regex used here, which is vulnerable to super-linear runtime due to backtracking, cannot lead to denial of service.
555
src/.../common/environmentManagers/poetry.ts
Make sure the regex used here, which is vulnerable to super-linear runtime due to backtracking, cannot lead to denial of service.
32
src/client/pythonEnvironments/common/windowsUtils.ts
Make sure the regex used here, which is vulnerable to super-linear runtime due to backtracking, cannot lead to denial of service.
40
LOW
Encryption of Sensitive Data
1
Security Hotspot
Line
src/client/testing/configuration/index.ts
Using http protocol is insecure. Use https instead.
73