CodeAnt AI home page

Support
Dashboard
Dashboard

Join Community

Start Here

What is CodeAnt?

Setup

Github
Bitbucket
Gitlab
Azure Devops

Pull Request Review

Features
Customize Review
Quality Gates
Integrations

Scan center

Code Security
Code Quality
Cloud Security
Engineering Productivity

Integrations

Jira
Test Coverage
CI/CD

IDE

Setup
Review
Enhancements

Rule Reference

Compliance
Anti-Patterns
Code Governance
Infrastructure Security Database
Application Security Database
- Apex
- Bash
- C
- Clojure
- Cpp
- Csharp
- Dockerfile
- Elixir
- Fingerprints
- Generic
- Go
- Html
- Java
  - Android
  - Aws-lambda
  - Castor
  - Java-jwt
  - Jax-rs
  - Jboss
    - Security
  - Jdo
  - Jedis
  - Jjwt
  - Jsch
  - Kryo
  - Lang
  - Micronaut
  - Mongo
  - Mongodb
  - Mysql
  - Okhttp
  - Rmi
  - Servlets
  - Spring
  - Thymeleaf
  - Xstream
- Javascript
- Json
- Kotlin
- Ocaml
- Php
- Problem-based-packs
- Python
- Ruby
- Rust
- Scala
- Solidity
- Swift
- Terraform
- Typescript
- Yaml

Resources

Open Source
Blogs

Jboss

Security

find-sql-string-concatenation

In

METHOD,

X is used to construct a SQL query via string concatenation.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
OWASP:
- A01:2017 - Injection
- A03:2021 - Injection

seam-log-injection

Seam Logging API support an expression language to introduce bean property to log messages. The expression language can also be the source to unwanted code execution. In this context, an expression is built with a dynamic value. The source of the value(s) should be verified to avoid that unfiltered values fall into this risky code evaluation.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’)
OWASP:
- A03:2021 - Injection

Security Hardcoded connection password

twitter linkedin

Powered by Mintlify

Assistant

Responses are generated using AI and may contain mistakes.