Skip to content

SonarSource-Demos/demo-java-security

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

61 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Demo - Java Security

SonarQube: Quality Gate Status Maintainability Rating Reliability Rating Security Rating Security Hotspots

SonarCloud: Quality Gate Status

Use case

This example demonstrates:

  • Vulnerabilities
  • Security Hotspots

It also demonstrates the possibility to define your own custom sources, sanitizers and sinks to detect more injection cases (or avoid false positives)

Usage

Run ./run.sh

This will:

  • Delete the project key training:java-security if it exists in SonarQube (to start from a scratch)
  • Run mvn clean verify sonar:sonar to re-create the project

Project consists of a single class (Insecure.java) with a number of Vulnerabilities and Security Hotspots.

Custom security configuration

At the bottom of the class you see a bunch of methods that demonstrate custom injections.

  • The method without sanitization (doSomething()) has an injection vulnerability
  • The method with custom sanitization (doSomethingSanitized()) has no vulnerability

The custom security configuration file is in the root directory here

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Packages

No packages published