Scan2Fix4Java product
Scan2FixJava the java source code analyzer
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
</project>
Nota : the plugin for Sonar is not required. Usage is limited to 5 days.
mvn clean compile site
Maven will generate the static Web site under target/site/index.html
Nota : the plugin for Sonar is not required. It is provided at the validation step of the command process or on explicit request (contact@qualitesys.com).
mvn clean qcr:qcrgoalclean qcr:qcrgoalcompile compile sonar:sonar
Id | Priority | Description |
---|---|---|
QC-JAVCWE078 | BLOCKER | Potential OS command injection |
QC-JAVCWE080 | BLOCKER | Potential Basic XSS |
QC-JAVCWE089 | BLOCKER | Potential SQL Injection |
QC-JAVCWE369 | BLOCKER | Division by ZERO |
QC-JAVCWE412 | BLOCKER | Unrestricted lock of critical ressource, deadlock |
QC-JAVCWE470 | BLOCKER | Use of externally-controlled (unsafe reflection) |
QC-JAVCWE572 | BLOCKER | Call to Thread run() instead of start() |
QC-JAV999999 | BLOCKER | Syntax analysis failure on the source code |
QC-JAVCWE096 | CRITICAL | Insufficient control of directives in statically saved code |
QC-JAVCWE476 | CRITICAL | Null pointer reference |
QC-JAVCWE484 | CRITICAL | Omitted Break Statement in Switch |
QC-JAVCWE570 | CRITICAL | Condition NEVER true |
QC-JAVCWE616 | CRITICAL | Incomplete identification of uploaded file |
QC-JAVCWE190 | MAJOR | Overflow |
QC-JAVCWE390 | MAJOR | Detection of error condition without action |
QC-JAVCWE392 | MAJOR | Failure to report error in status code |
QC-JAVCWE481 | MAJOR | Assigning instead of comparing |
QC-JAVCWE493 | MAJOR | Critical public variable without final modifier |
QC-JAVCWE584 | MAJOR | Return inside finally block |
QC-JAV000001 | MAJOR | Instance is created within a loop, huge performance impact |
QC-JAVCWE252 | MINOR | Return type of function is not tested |
QC-JAVCWE500 | MINOR | Static public field not marked final |
QC-JAVCWE582 | MINOR | Array declared public, final and static |
QC-JAVCWE585 | MINOR | The software contains an empty synchronized block |
QC-JAVCWE626 | MINOR | Null byte interaction error |
QC-JAVCWE627 | MINOR | Dynamic variable evaluation for variable |
QC-JAV999996 | INFO | Local Cut and Paste Detector in single file |
Url home page : www.h2database.com
Result of the analysis of the java code : site.rar
Url home page : jenkins-ci.org
Result of the analysis of the java code : site.rar
* required fields