Skip to content

kph-sonar/demo-java-security

 
 

Repository files navigation

Demo - Java Security

Quality Gate Status Maintainability Rating Reliability Rating Security Rating Security Hotspots

Use case

This example demonstrates:

  • Vulnerabilities
  • Security Hotspots

It also demonstrates the possibility to define your own custom sources, sanitizers and sinks to detect more injection cases (or avoid false positives)

Usage

Run ./run.sh

This will:

  • Delete the project key training:java-security if it exists in SonarQube (to start from a scratch)
  • Run mvn clean verify sonar:sonar to re-create the project

Project consists of a single class (Insecure.java) with a number of Vulnerabilities and Security Hotspots.

Custom security configuration

At the bottom of the class you see a bunch of methods that demonstrate custom injections.

  • The method without sanitization (doSomething()) has an injection vulnerability
  • The method with custom sanitization (doSomethingSanitized()) has no vulnerability

The custom security configuration file is in the root directory here

About

No description, website, or topics provided.

Resources

Stars

0 stars

Watchers

0 watching

Forks

Packages

 
 
 

Contributors

Languages

  • Java 95.8%
  • Shell 4.2%