CodeQLRules.com
HomeRulesLanguagesDocumentationAbout
Back to Languages

Java Security Rules

Browse and search through our comprehensive collection of CodeQL security rules for Java.

AllSQL InjectionXSSPath TraversalCommand InjectionAuthenticationCSRFServletsSpringAndroidJEESerialization
Tomcat config disables 'HttpOnly' flag (XSS risk)
Java
Low

Disabling 'HttpOnly' leaves session cookies vulnerable to an XSS attack.

ID:java/tomcat-disabled-httponly•CWE:CWE-1004
Kind:problem
# experimental
View Detail
Potential Log4J LDAP JNDI injection (CVE-2021-44228)
Java
Low

Building Log4j log entries from user-controlled data may allow * attackers to inject malicious code through JNDI lookups when * using Log4J versions vulnerable to CVE-2021-44228.

ID:java/log4j-injection•CWE:CWE-020
Kind:path-problem
# experimental
View Detail
SQL injection in MyBatis Mapper XML
Java
Low

Constructing a dynamic SQL statement with input that comes from an * untrusted source could allow an attacker to modify the statement's * meaning or to execute arbitrary SQL commands.

ID:java/mybatis-xml-sql-injection•CWE:CWE-089
Kind:path-problem
# experimental
View Detail
PreviousNext
CodeQLRules.com

Your comprehensive navigation platform for CodeQL security query rules across all programming languages.

Resources

  • Documentation
  • Rule Categories
  • Programming Languages
  • Security Vulnerabilities

Company

  • About Us
  • Blog
  • Careers
  • Contact

Legal

  • Privacy Policy
  • Terms of Service
  • Cookie Policy
© 2025 CodeQLRules.com. All rights reserved.