Commit Graph
12 Commits
Author SHA1 Message Date
pixeebot[bot]GitHubpixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com>
3afacf2405 Switch order of literals to prevent NullPointerException (#2769)
This change defensively switches the order of literals in comparison
expressions to ensure that no null pointer exceptions are unexpectedly
thrown. Runtime exceptions especially can cause exceptional and
unexpected code paths to be taken, and this can result in unexpected
behavior.

Both simple vulnerabilities (like information disclosure) and complex
vulnerabilities (like business logic flaws) can take advantage of these
unexpected code paths.

Our changes look something like this:

```diff
  String fieldName = header.getFieldName();
  String fieldValue = header.getFieldValue();
- if(fieldName.equals("requestId")) {
+ if("requestId".equals(fieldName)) {
    logRequest(fieldValue);
  }
```

<details>
  <summary>More reading</summary>

*
[https://cwe.mitre.org/data/definitions/476.html](https://cwe.mitre.org/data/definitions/476.html)
*
[https://en.wikibooks.org/wiki/Java_Programming/Preventing_NullPointerException](https://en.wikibooks.org/wiki/Java_Programming/Preventing_NullPointerException)
*
[https://rules.sonarsource.com/java/RSPEC-1132/](https://rules.sonarsource.com/java/RSPEC-1132/)
</details>

🧚🤖  Powered by Pixeebot  

[Feedback](https://ask.pixee.ai/feedback) |
[Community](https://pixee-community.slack.com/signup#/domain-signup) |
[Docs](https://docs.pixee.ai/) | Codemod ID:
pixee:java/switch-literal-first
![](https://d1zaessa2hpsmj.cloudfront.net/pixel/v1/track?writeKey=2PI43jNm7atYvAuK7rJUz3Kcd6A&event=DRIP_PR%7CStirling-Tools%2FStirling-PDF%7Cc45a84d1797c774f11f1a6a0ccbbd8ee5a208be3)


<!--{"type":"DRIP","codemod":"pixee:java/switch-literal-first"}-->

Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com>
2025-01-22 10:39:47 +00:00
pixeebot[bot]GitHubpixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com>
d832a90de0 (CodeQL) Fixed finding: "Arbitrary file access during archive extraction ("Zip Slip")
" (#2344)

(CodeQL) Fixed finding: "Arbitrary file access during archive extraction ("Zip Slip")
"

Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com>
2024-11-27 07:16:03 +00:00
pixeebot[bot]GitHubpixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com>
af5e2b6895 Modernize and secure temp file creation (#2106)
Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com>
2024-10-28 23:19:12 +00:00
pixeebot[bot]GitHubpixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com>
09c9944fc3 Switch order of literals to prevent NullPointerException (#2035)
Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com>
2024-10-18 07:15:10 +01:00
pixeebot[bot]GitHubpixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com>Anthony Stirlinggithub-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>GitHub Action
b31564968c Introduced protections against system command injection (#2011)
* Introduced protections against system command injection

* Update translation files (#2034)

Signed-off-by: GitHub Action <[email protected]>
Co-authored-by: GitHub Action <[email protected]>

---------

Signed-off-by: GitHub Action <[email protected]>
Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com>
Co-authored-by: Anthony Stirling <[email protected]>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: GitHub Action <[email protected]>
2024-10-18 00:10:42 +01:00
pixeebot[bot]GitHubpixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com>
b7d37deb85 Refactored to use parameterized SQL APIs (#1545)
Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com>
2024-07-09 21:18:32 +01:00
pixeebot[bot]andGitHub 88338b4dbc (Sonar) Fixed finding: "Utility classes should not have public constructors" 2024-06-07 07:52:26 +00:00
pixeebot[bot]andGitHub 9147d364bc (Sonar) Fixed finding: "@Override should be used on overriding and implementing methods" 2024-06-07 04:38:10 +00:00
pixeebot[bot]andGitHub 503acc9408 Introduced protections against HTTP header injection / smuggling attacks 2024-05-07 03:44:03 +00:00
pixeebot[bot]GitHubpixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com>
5564f378e5 (Sonar) Fix "String#replace should be preferred to String#replaceAll" (#1056)
Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com>
2024-04-09 06:52:52 +01:00
pixeebot[bot]GitHubpixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com>
54c3bee205 Replaced Stream.collect(Collectors.toList()) with Stream.toList() (Sonar) (#1018)
Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com>
2024-04-03 22:41:24 +01:00
pixeebot[bot]GitHubpixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com>
1035a3be31 Define a constant for a literal string that is duplicated n times (Sonar) (#978)
Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com>
2024-03-28 17:44:10 +00:00