Java Scan rules

Contrast Scan supports these rules for Java.

Severity	Contrast rule	Engine rule ID	Description
Critical	Use Authenticated SOAP Messages	OPT.JAVA.JAX.UseAuthenticatedSOAPMessages	UseAuthenticatedSOAPMessages: Use SOAP messages authentication
Critical	Use Encrypted SOAP Messages	OPT.JAVA.JAX.UseEncryptedSOAPMessages	UseEncryptedSOAPMessages: Use encrypted SOAP messages
Critical	Use Signed SOAP Messages	OPT.JAVA.JAX.UseSignedSOAPMessages	UseSignedSOAPMessages: Use signed SOAP messages
Critical	Acegi Insecure Channel Mixing Rule	OPT.JAVA.SEC_JAVA.AcegiInsecureChannelMixingRule	AcegiInsecureChannelMixingRule: Acegi Misconfiguration - Insecure Channel Mixing
Critical	Insecure SSL	OPT.JAVA.SEC_JAVA.InsecureSSL	InsecureSSL: Insecure SSL configuration
Critical	Too Much Origins Allowed Rule	OPT.JAVA.SEC_JAVA.TooMuchOriginsAllowedRule	TooMuchOriginsAllowedRule: CORS policy (Cross-origin resource sharing) too broad
Critical	Android SQL Injection	OPT.JAVA.ANDROID.AndroidSQLInjection	AndroidSQLInjection: Avoid SQL code formed with non neutralized user input
Critical	Content Provider Uri Injection	OPT.JAVA.ANDROID.ContentProviderUriInjection	ContentProviderUriInjection: Content Provider URI Injection
Critical	Dynamically Loading Code	OPT.JAVA.ANDROID.DynamicallyLoadingCode	DynamicallyLoadingCode: Discourage dynamically loading code
Critical	Intent Manipulation	OPT.JAVA.ANDROID.IntentManipulation	IntentManipulation: Intent Manipulation
Critical	Javascript Enabled	OPT.JAVA.ANDROID.JavascriptEnabled	JavascriptEnabled: Enabling JavaScript is not recommended
Critical	Javascript Interface Annotation	OPT.JAVA.ANDROID.JavascriptInterfaceAnnotation	JavascriptInterfaceAnnotation: Potential code injection via WebView.addJavaScriptInterface()
Critical	Code Injection Rule	OPT.JAVA.SEC_JAVA.CodeInjectionRule	CodeInjectionRule: Dynamic code injection in scripting API
Critical	Code Injection With Deserialization Rule	OPT.JAVA.SEC_JAVA.CodeInjectionWithDeserializationRule	CodeInjectionWithDeserializationRule: Dynamic code injection during XML / JSON deserialization
Critical	Command Injection Rule	OPT.JAVA.SEC_JAVA.CommandInjectionRule	CommandInjectionRule: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Critical	Connection String Parameter Pollution	OPT.JAVA.SEC_JAVA.ConnectionStringParameterPollution	ConnectionStringParameterPollution: Connection string polluted with untrusted input
Critical	Never Use Identifier In Equals Hashcode	OPT.HIBERNATE.NeverUseIdentifierInEqualsHashcode	NeverUseIdentifierInEqualsHashcode: Never ever use the database identifier in equals() and hashCode()
Critical	Rollback Transaction On Exception	OPT.HIBERNATE.RollbackTransactionOnException	RollbackTransactionOnException: Rollback transactions if an exception occurs
Critical	Static Inner Persistent Classes	OPT.HIBERNATE.StaticInnerPersistentClasses	StaticInnerPersistentClasses: If an inner class is persistent, it should be static
Critical	Access to persistence layer from Struts Actions	OPT.JAVA.ACTIONS.ALPA	ALPA: Access to persistence layer from Struts Actions
Critical	N A E A	OPT.JAVA.ACTIONS.NAEA	NAEA: Do not use non final instance fields in Actions
Critical	Activity Start At Broadcast Intent	OPT.JAVA.ANDROID.ActivityStartAtBroadcastIntent	ActivityStartAtBroadcastIntent: Activity Start in response to broadcast Intent
Critical	Cross Site Scripting Rule	OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule	CrossSiteScriptingRule: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Critical	Http Splitting Rule	OPT.JAVA.SEC_JAVA.HttpSplittingRule	HttpSplittingRule: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
Critical	I Batis SQL Injection Rule	OPT.JAVA.SEC_JAVA.IBatisSqlInjectionRule	IBatisSqlInjectionRule: Improper Neutralization of Special Elements used in an SQL Command in iBatis ('SQL Injection')
Critical	Ldap Injection Rule	OPT.JAVA.SEC_JAVA.LdapInjectionRule	LdapInjectionRule: Avoid non-neutralized user-controlled input in LDAP search filters
Critical	Mail Command Injection	OPT.JAVA.SEC_JAVA.MailCommandInjection	MailCommandInjection: Mail Command Injection
Critical	No SQL Injection	OPT.JAVA.SEC_JAVA.NoSQLInjection	NoSQLInjection: Improper neutralization of special elements in data query logic (NoSQL injection)
Critical	Process Control Rule	OPT.JAVA.SEC_JAVA.ProcessControlRule	ProcessControlRule: Library loaded from untrusted source
Critical	Regex Injection Rule	OPT.JAVA.SEC_JAVA.RegexInjectionRule	RegexInjectionRule: Prevent denial of service attack through malicious regular expression ('Regex Injection')
Critical	Privilege Escalation Attack	OPT.JAVA.ANDROID.PrivilegeEscalationAttack	PrivilegeEscalationAttack: Don't allow applications to execute code using other applications privileges
Critical	Same Origin Method Execution	OPT.JAVA.SEC_JAVA.SameOriginMethodExecution	SameOriginMethodExecution: Same Origin Method Execution (SOME)
Critical	Server Side Request Forgery Rule	OPT.JAVA.SEC_JAVA.ServerSideRequestForgeryRule	ServerSideRequestForgeryRule: Server-Side Request Forgery (SSRF)
Critical	Spring View Manipulation	OPT.JAVA.SEC_JAVA.SpringViewManipulation	SpringViewManipulation: Spring View Manipulation
Critical	S Q L Resources	OPT.JAVA.ANDROID.SQLResources	SQLResources: Close SQL resources when finishing using
Critical	SQL Injection Rule	OPT.JAVA.SEC_JAVA.SqlInjectionRule	SqlInjectionRule: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Critical	B L N C	OPT.JAVA.BEANS.BLNC	BLNC: Use appropiate signatures for all listener methods in JavaBeans
Critical	Avoid Assign In For	OPT.JAVA.BUC.AvoidAssignInFor	AvoidAssignInFor: Avoid assigning values to variables inside for loops
Critical	Avoid Reuse Var	OPT.JAVA.BUC.AvoidReuseVar	AvoidReuseVar: Avoid reusing the control variables in nested loops
Critical	Float Double Comparison	OPT.JAVA.COMP.FloatDoubleComparison	FloatDoubleComparison: Avoid using Code Quality[]{'CERT-J': ['NUM07-J']}
Critical	Avoid Call AWT From Servlet	OPT.JAVA.COMPDAT.AvoidCallAWTFromServlet	AvoidCallAWTFromServlet: Avoid calling Java.awt.* from servlet code
Critical	Avoid Call Swing From Servlet	OPT.JAVA.COMPDAT.AvoidCallSwingFromServlet	AvoidCallSwingFromServlet: Avoid calling Javax.swing.* from any servlet
Critical	Avoid Return In Constructors	OPT.JAVA.CONST.AvoidReturnInConstructors	AvoidReturnInConstructors: Avoid constructors with return types
Critical	Avoid Declare Matrix Volatile	OPT.JAVA.DECL.AvoidDeclareMatrixVolatile	AvoidDeclareMatrixVolatile: Do not declare an array field as volatile
Critical	Avoid Inaccessible Class	OPT.JAVA.DECL.AvoidInaccessibleClass	AvoidInaccessibleClass: Avoid inaccessible classes
Critical	Avoid Break Continue In Labels	OPT.JAVA.ESTRUC.AvoidBreakContinueInLabels	AvoidBreakContinueInLabels: Avoid using continue and break with labels
Critical	Avoid Call Sound From Servlet	OPT.JAVA.EXAC.AvoidCallSoundFromServlet	AvoidCallSoundFromServlet: Avoid calling Javax.sound.* from any servlet code
Critical	Avoid Throw Null Pointer Exceptions	OPT.JAVA.EXCP.AvoidThrowNullPointerExceptions	AvoidThrowNullPointerExceptions: Avoid launching NullPointerExceptions
Critical	Avoid Remove Action Listener	OPT.JAVA.FIN.AvoidRemoveActionListener	AvoidRemoveActionListener: Avoid removing listeners in finalize() methods
Critical	A B C L	OPT.JAVA.FMETODOS.ABCL	ABCL: Avoid usage of break/continue sentences with a label
Critical	A GC	OPT.JAVA.GC.AGC	AGC: Do not call to GC with System.gc()
Critical	I F F	OPT.JAVA.GC.IFF	IFF: Call super.finalize() in the finally block of finalize() methods
Critical	Avoid Await Outside Brackets	OPT.JAVA.HEB.AvoidAwaitOutsideBrackets	AvoidAwaitOutsideBrackets: Avoid using the method await() of the class java.util.concurrent.locks.Condition class outside a while loop
Critical	Avoid Call Wait	OPT.JAVA.HEB.AvoidCallWait	AvoidCallWait: Avoid calling wait() on an object java.util.concurrent.locks.Condition
Critical	Avoid Runnable Without Run	OPT.JAVA.HEB.AvoidRunnableWithoutRun	AvoidRunnableWithoutRun: Avoid implementing Runnable without a run() method
Critical	Run With Synchronize	OPT.JAVA.HEB.RunWithSynchronize	RunWithSynchronize: Always use 'synchronized' with the run() methods
Critical	Avoid Load Library	OPT.JAVA.J2EE.AvoidLoadLibrary	AvoidLoadLibrary: Avoid calling java.lang.System.loadLibrary() or java.lang.Runtime.loadLibrary()
Critical	Avoid Set Security Manager	OPT.JAVA.J2EE.AvoidSetSecurityManager	AvoidSetSecurityManager: Avoid calling java.lang.System.setSecurityManager()
Critical	Avoid Protected Native Methods	OPT.JAVA.J2SE.AvoidProtectedNativeMethods	AvoidProtectedNativeMethods: Avoid protected native methods
Critical	Avoid Public Native Methods	OPT.JAVA.J2SE.AvoidPublicNativeMethods	AvoidPublicNativeMethods: Avoid public native methods
Critical	Avoid Invalid Exception Handling	OPT.JAVA.JAX.AvoidInvalidExceptionHandling	AvoidInvalidExceptionHandling: Perform a exception handling conforming to JAX-WS specifications
Critical	Avoid Web Method Annotation In Endpoint Interfaces	OPT.JAVA.JAX.AvoidWebMethodAnnotationInEndpointInterfaces	AvoidWebMethodAnnotationInEndpointInterfaces: Avoid using @WebMethod annotation in endpoint interfaces methods
Critical	Xml Entity Injection Rule	OPT.JAVA.SEC_JAVA.XmlEntityInjectionRule	XmlEntityInjectionRule: XML entity injection
Critical	Avoid Data Submission To Non Editable Field	OPT.JAVA.SPRING.AvoidDataSubmissionToNonEditableField	AvoidDataSubmissionToNonEditableField: Avoid data submissions to non editable fields
Critical	D S L V	OPT.JAVA.JDBC.DSLV	DSLV: Do not create Datasource variables in local methods
Critical	S E T P S	OPT.JAVA.JDBC.SETPS	SETPS: PreparedStatement parameter values must be defined before executing the query
Critical	Set Up J Unit	OPT.JAVA.JUNIT_JAVA.SetUpJUnit	SetUpJUnit: Always overwrite the method setUp() in each test case of JUnits
Critical	Avoid Call Thread From Servlet	OPT.JAVA.MAN.AvoidCallThreadFromServlet	AvoidCallThreadFromServlet: Avoid calling java.lang.Thread from any servlet
Critical	Avoid Call Finalize	OPT.JAVA.MEM.AvoidCallFinalize	AvoidCallFinalize: Avoid calling finalize() except in the finally block of the method finalize()
Critical	Avoid Garbage Collector	OPT.JAVA.MEM.AvoidGarbageCollector	AvoidGarbageCollector: Avoid invoking the garbage collector
Critical	Avoid Publicfinalize	OPT.JAVA.MEM.AvoidPublicfinalize	AvoidPublicfinalize: Do not declare finalize() public
Critical	A S I	OPT.JAVA.PB.ASI	ASI: Possible confusion between assignment and comparison in a conditional expression
Critical	M A I L	OPT.JAVA.PB.MAIL	MAIL: Avoid usages of javax.mail.*
Critical	N A M I N G	OPT.JAVA.PB.NAMING	NAMING: Avoid naming not-constructor methods wiht the same name than its class
Critical	T L S	OPT.JAVA.PB.TLS	TLS: Avoid using text tags in statements
Critical	Avoid Call Applet From Servlet	OPT.JAVA.RECBAS.AvoidCallAppletFromServlet	AvoidCallAppletFromServlet: Avoid calling java.applet.* from the finalize() method of a servlet
Critical	Avoid Call Class Loader From Servlet	OPT.JAVA.RECBAS.AvoidCallClassLoaderFromServlet	AvoidCallClassLoaderFromServlet: Avoid calling java.lang.ClassLoader from finalize() method of a servlet
Critical	Avoid Call Context From Servlet	OPT.JAVA.RECBAS.AvoidCallContextFromServlet	AvoidCallContextFromServlet: Avoid calling javax.naming.Context from the finalize() method of a servlet
Critical	Avoid Call Driver From Servlet	OPT.JAVA.RECBAS.AvoidCallDriverFromServlet	AvoidCallDriverFromServlet: Avoid calling java.sql.Driver from the finalize() method of a servlet
Critical	Avoid Call I O From Servlet	OPT.JAVA.RECBAS.AvoidCallIOFromServlet	AvoidCallIOFromServlet: Avoid calling java.io. * from the finalize() method of a servlet
Critical	Avoid Call Lang Ref From Servlet	OPT.JAVA.RECBAS.AvoidCallLangRefFromServlet	AvoidCallLangRefFromServlet: Avoid calling Java.lang.ref.* from finalize() method of a servlet
Critical	Avoid Call Port Rem Obj From Servlet	OPT.JAVA.RECBAS.AvoidCallPortRemObjFromServlet	AvoidCallPortRemObjFromServlet: Avoid calling javax.rmi.PortableRemoteObject from the finalize() method of a servlet
Critical	Avoid Call Runnable From Servlet	OPT.JAVA.RECBAS.AvoidCallRunnableFromServlet	AvoidCallRunnableFromServlet: Avoid calling java.lang.Runnable from the finalize() method of a servlet
Critical	Avoid Call Security From Servlet	OPT.JAVA.RECBAS.AvoidCallSecurityFromServlet	AvoidCallSecurityFromServlet: Avoid calling Java.security .* from finalize() method of a servlet
Critical	Avoid Call Transaction From Servlet	OPT.JAVA.RECBAS.AvoidCallTransactionFromServlet	AvoidCallTransactionFromServlet: Avoid calling javax.transaction.* from the finalize() method of a servlet
Critical	Avoid Get Declared Method	OPT.JAVA.REFL.AvoidGetDeclaredMethod	AvoidGetDeclaredMethod: Avoid calling java.lang.Class.getDeclaredMethod()
Critical	Avoid Get Field	OPT.JAVA.REFL.AvoidGetField	AvoidGetField: Avoid calling java.lang.Class.getField()
Critical	Avoid Get Method	OPT.JAVA.REFL.AvoidGetMethod	AvoidGetMethod: Avoid calling the method getMethod() from java.lang.Class
Critical	Avoid Call Compiler From Servlet	OPT.JAVA.RENDESC.AvoidCallCompilerFromServlet	AvoidCallCompilerFromServlet: Avoid calling java.lang.Compiler from any servlet
Critical	Avoid Call Reflect From Servlet	OPT.JAVA.RENDESC.AvoidCallReflectFromServlet	AvoidCallReflectFromServlet: Avoid calling Java.lang.reflect .* from any servlet
Critical	Avoid Call Runtime From Servlet	OPT.JAVA.RENDESC.AvoidCallRuntimeFromServlet	AvoidCallRuntimeFromServlet: Avoid calling java.lang.Runtime from any servlet
Critical	Avoid Call Thread Group From Servlet	OPT.JAVA.RENDESC.AvoidCallThreadGroupFromServlet	AvoidCallThreadGroupFromServlet: Avoid calling java.lang.ThreadGroup from any servlet
Critical	Avoid Call Zip From Servlet	OPT.JAVA.RENDESC.AvoidCallZipFromServlet	AvoidCallZipFromServlet: Avoid calling Java.util.zip .* from any servlet
Critical	E A O F	OPT.JAVA.RGME.EAOF	EAOF: Do not access a class field too many times
Critical	Dont Use Keywords	OPT.JAVA.RGP.DontUseKeywords	DontUseKeywords: Do not use keywords in later versions of the language
Critical	E N V	OPT.JAVA.RGP.ENV	ENV: Avoid using System.getenv()
Critical	E R A	OPT.JAVA.RGP.ERA	ERA: Avoid absolute paths
Critical	E X E C	OPT.JAVA.RGP.EXEC	EXEC: Avoid using Runtime.exec()
Critical	N A T V	OPT.JAVA.RGP.NATV	NATV: Avoid user-defined native methods
Critical	P E E R	OPT.JAVA.RGP.PEER	PEER: Avoid using java.awt.peer.* interfaces
Critical	Accessibility Subversion Rule	OPT.JAVA.SEC_JAVA.AccessibilitySubversionRule	AccessibilitySubversionRule: Java access restriction subverted (Reflection)
Critical	Acegi Run As Authentication Replacement Rule	OPT.JAVA.SEC_JAVA.AcegiRunAsAuthenticationReplacementRule	AcegiRunAsAuthenticationReplacementRule: Acegi Misconfiguration - Run-As Authentication Replacement
Critical	Anonymous Ldap Bind Rule	OPT.JAVA.SEC_JAVA.AnonymousLdapBindRule	AnonymousLdapBindRule: Access Control - Anonymous LDAP Bind
Critical	Path Traversal Rule	OPT.JAVA.SEC_JAVA.PathTraversalRule	PathTraversalRule: Avoid non-neutralized user-controlled input composed in a pathname to a resource
Critical	Spring Unrestricted Request Mapping	OPT.JAVA.SEC_JAVA.SpringUnrestrictedRequestMapping	SpringUnrestrictedRequestMapping: Spring CSRF unrestricted RequestMapping.
Critical	Static Database Connection	OPT.JAVA.SEC_JAVA.StaticDatabaseConnection	StaticDatabaseConnection: Static database connection / session
Critical	Avoid Add Container Himself	OPT.JAVA.SENT.AvoidAddContainerHimself	AvoidAddContainerHimself: Avoid adding a container itself
Critical	Avoid Incorrect Increase	OPT.JAVA.SENT.AvoidIncorrectIncrease	AvoidIncorrectIncrease: Avoid assigning a post increment to itself
Critical	Avoid Invoke Exit	OPT.JAVA.SENT.AvoidInvokeExit	AvoidInvokeExit: Do not call System.exit()
Critical	Avoid Invoke Run Finalizers On Exit	OPT.JAVA.SENT.AvoidInvokeRunFinalizersOnExit	AvoidInvokeRunFinalizersOnExit: Avoid calling java.lang.System.runFinalizersOnExit()
Critical	Not Use Label Sentences	OPT.JAVA.SENT.NotUseLabelSentences	NotUseLabelSentences: Do not use labels
Critical	Declare Contructor For Externalizable	OPT.JAVA.SERI.DeclareContructorForExternalizable	DeclareContructorForExternalizable: Always declare a constructor for a class that implements java.io.Externalizable
Critical	Read Resolve Return Object	OPT.JAVA.SERI.ReadResolveReturnObject	ReadResolveReturnObject: Always have a return type of java.lang.Object() in the methods readResolve()
Critical	S B L	OPT.JAVA.STR.SBL	SBL: Remove toString method when using StringBuffer/StringBuilder to obtain string size
Critical	Avoid Sun Star	OPT.JAVA.SUN.AvoidSunStar	AvoidSunStar: Avoid using sun .*
Critical	Avoid Label Switch Sentences	OPT.JAVA.SWITCH.AvoidLabelSwitchSentences	AvoidLabelSwitchSentences: Avoid using text labels in switch commands
Critical	A U T Y	OPT.JAVA.TRS.AUTY	AUTY: Avoid using Thread.yield
Critical	C S F S	OPT.JAVA.TRS.CSFS	CSFS: Do not cause deadlocks by calling synchronized method from another synchronized method
Critical	N S Y N	OPT.JAVA.TRS.NSYN	NSYN: Avoid calling wait, notify or notifyAll out of a synchronized context
Critical	T H R D	OPT.JAVA.TRS.THRD	THRD: Avoid calling Thread.resume(), Thread.stop(), Thread.suspend(), or Runtime.runFinalizersOnExit()
Critical	Android Sticky Broadcast	OPT.JAVA.ANDROID.AndroidStickyBroadcast	AndroidStickyBroadcast: Avoid Sticky Broadcasts
Critical	Receiver Without Permission	OPT.JAVA.ANDROID.ReceiverWithoutPermission	ReceiverWithoutPermission: Missing broadcaster permission when register a receiver
Critical	SMS Monitoring	OPT.JAVA.ANDROID.SMSMonitoring	SMSMonitoring: Don't use SMS for data input or command
Critical	Password In Redirect Rule	OPT.JAVA.SEC_JAVA.PasswordInRedirectRule	PasswordInRedirectRule: Password Management - Password in Redirect
Critical	Use A Safe Cipher	OPT.JAVA.ANDROID.UseASafeCipher	UseASafeCipher: Avoid using cipher in ECB mode, or without specifying the mode
Critical	Hardcoded Crypto Key	OPT.JAVA.SEC_JAVA.HardcodedCryptoKey	HardcodedCryptoKey: Hardcoded cryptographic keys
Critical	Non Random IV With CBC Mode	OPT.JAVA.SEC_JAVA.NonRandomIVWithCBCMode	NonRandomIVWithCBCMode: Not using a Random IV with CBC Mode
Critical	Weak Cryptographic Hash Rule	OPT.JAVA.SEC_JAVA.WeakCryptographicHashRule	WeakCryptographicHashRule: Weak cryptographic hash
Critical	Weak Encryption Rule	OPT.JAVA.SEC_JAVA.WeakEncryptionRule	WeakEncryptionRule: Weak symmetric encryption algorithm
High	Do Not Release Debuggable Apps	OPT.JAVA.ANDROID.DoNotReleaseDebuggableApps	DoNotReleaseDebuggableApps: Do not release debuggable apps
High	Prevent Backup Vulnerability	OPT.JAVA.ANDROID.PreventBackupVulnerability	PreventBackupVulnerability: Inadecuate backup configuration
High	Dynamic Method Invocation	OPT.JAVA.SEC_JAVA.DynamicMethodInvocation	DynamicMethodInvocation: Dynamic method invocation in Struts 2
High	Insufficient Session Expiration Rule	OPT.JAVA.SEC_JAVA.InsufficientSessionExpirationRule	InsufficientSessionExpirationRule: Checks that session expiration interval is positive and does not exceed a limit
High	Play Security Misconfiguration	OPT.JAVA.SEC_JAVA.PlaySecurityMisconfiguration	PlaySecurityMisconfiguration: Security misconfiguration in Play framework.
High	Web Xml Security Misconfigurations Rule	OPT.JAVA.SEC_JAVA.WebXmlSecurityMisconfigurationsRule	WebXmlSecurityMisconfigurationsRule: Avoid misconfiguring security properties in web.xml descriptor
High	Prevent Exposition Of All Repositories	OPT.JAVA.SPRING.PreventExpositionOfAllRepositories	PreventExpositionOfAllRepositories: Avoid exposing all repositories as REST resources
High	Bind Parameters In Queries	OPT.HIBERNATE.BindParametersInQueries	BindParametersInQueries: Use bind (or named) parameters in HQL and native SQL queries
High	Mock Location	OPT.JAVA.ANDROID.MockLocation	MockLocation: Avoid using a mock location provider
High	Package Manager Get Signatures	OPT.JAVA.ANDROID.PackageManagerGetSignatures	PackageManagerGetSignatures: Potential Multiple Certificate Exploit
High	Avoid Multiple Entities Mapped To Same Table	OPT.HIBERNATE.AvoidMultipleEntitiesMappedToSameTable	AvoidMultipleEntitiesMappedToSameTable: Avoid more than one entity mapped to same database table
High	Classes Should Be Their Own Proxy	OPT.HIBERNATE.ClassesShouldBeTheirOwnProxy	ClassesShouldBeTheirOwnProxy: Every persistent class should be its own proxy
High	Close Sessions Where Opened	OPT.HIBERNATE.CloseSessionsWhereOpened	CloseSessionsWhereOpened: Close sessions in the method where they are opened
High	Declare Private Identifier Setter	OPT.HIBERNATE.DeclarePrivateIdentifierSetter	DeclarePrivateIdentifierSetter: The setter method for an identifier property (id or composite-id) should be private
High	Declare Type For Date Property	OPT.HIBERNATE.DeclareTypeForDateProperty	DeclareTypeForDateProperty: Declare type for java.util.Date property in configuration file
High	Implement Zero Argument Constructor	OPT.HIBERNATE.ImplementZeroArgumentConstructor	ImplementZeroArgumentConstructor: Implement a zero-argument constructor for persistent classes
High	Invalid Property Type Mapping	OPT.HIBERNATE.InvalidPropertyTypeMapping	InvalidPropertyTypeMapping: Map a Hibernate property type only to the corresponding Java type
High	Referenced Class Not Defined	OPT.HIBERNATE.ReferencedClassNotDefined	ReferencedClassNotDefined: Classes referenced in the configuration file (*.hbm.xml) should be declared
High	Aapt Crash	OPT.JAVA.ANDROID.AaptCrash	AaptCrash: Avoid defining styles with dynamically generated identifiers
High	Adapter View Children	OPT.JAVA.ANDROID.AdapterViewChildren	AdapterViewChildren: AdapterViews cannot have children in xml
High	Always Canonicalize URL Received By Content Provider	OPT.JAVA.ANDROID.AlwaysCanonicalizeURLReceivedByContentProvider	AlwaysCanonicalizeURLReceivedByContentProvider: Avoid improper access to application data
High	Cross Site Request Forgery Rule	OPT.JAVA.SEC_JAVA.CrossSiteRequestForgeryRule	CrossSiteRequestForgeryRule: Cross-site request forgery (CSRF)
High	Call Super First On Init	OPT.JAVA.ANDROID.CallSuperFirstOnInit	CallSuperFirstOnInit: Be sure super method is called first on initialization methods
High	Call Super Last On End	OPT.JAVA.ANDROID.CallSuperLastOnEnd	CallSuperLastOnEnd: Ensure that on finalization methods, super method is called at the end of the method
High	External Control Of Configuration Setting	OPT.JAVA.SEC_JAVA.ExternalControlOfConfigurationSetting	ExternalControlOfConfigurationSetting: External Control of System or Configuration Setting
High	Device Admin	OPT.JAVA.ANDROID.DeviceAdmin	DeviceAdmin: Check if receiver acts like a device admin
High	Http Parameter Pollution Rule	OPT.JAVA.SEC_JAVA.HttpParameterPollutionRule	HttpParameterPollutionRule: HTTP parameter pollution (HPP)
High	Dont Use Config	OPT.JAVA.ANDROID.DontUseConfig	DontUseConfig: Avoid using deprecated android.util.Config
High	Dont Use Find View By Id Repeately	OPT.JAVA.ANDROID.DontUseFindViewByIdRepeately	DontUseFindViewByIdRepeately: Avoid repeatedly calling to findViewById() with the same identifier
High	Duplicate Ids	OPT.JAVA.ANDROID.DuplicateIds	DuplicateIds: Avoid duplicated ids within the same layout
High	JSON Injection	OPT.JAVA.SEC_JAVA.JSONInjection	JSONInjection: Avoid using non-neutralized user-controlled input into JSON entities - JSON Injection
High	Log Forging	OPT.JAVA.SEC_JAVA.LogForging	LogForging: Improper Output Neutralization for Logs
High	Grant All Uris	OPT.JAVA.ANDROID.GrantAllUris	GrantAllUris: Avoid sharing root path
High	Incorrect Wake Lock Usage	OPT.JAVA.ANDROID.IncorrectWakeLockUsage	IncorrectWakeLockUsage: Make sure WakeLock is liberated
High	Illegal Resource Ref	OPT.JAVA.ANDROID.IllegalResourceRef	IllegalResourceRef: Checks versionCode and versionName are literals
High	Open Redirect Rule	OPT.JAVA.SEC_JAVA.OpenRedirectRule	OpenRedirectRule: URL Redirection to Untrusted Site ('Open Redirect')
High	Missing Super Call	OPT.JAVA.ANDROID.MissingSuperCall	MissingSuperCall: Check super method is caller into the implementation
High	Reflected File Download	OPT.JAVA.SEC_JAVA.ReflectedFileDownload	ReflectedFileDownload: Improper Neutralization of Input leads to Reflected File Download
High	Nested Scrolling	OPT.JAVA.ANDROID.NestedScrolling	NestedScrolling: Avoid scrolling widgets with scrolling widgets children
High	Resource Injection	OPT.JAVA.SEC_JAVA.ResourceInjection	ResourceInjection: Improper control of resource identifiers ("Resource Injection")
High	Reference Type	OPT.JAVA.ANDROID.ReferenceType	ReferenceType: Alias and resource types have to be the same
High	Resource As Color	OPT.JAVA.ANDROID.ResourceAsColor	ResourceAsColor: Avoid method calls using color id directly as paremeter
High	Resource Cycle	OPT.JAVA.ANDROID.ResourceCycle	ResourceCycle: Cycles can't exist in resources definition
High	Scroll View Size	OPT.JAVA.ANDROID.ScrollViewSize	ScrollViewSize: Check layout_width and layout_height attributes for ScrollView children
High	Sd Card Path	OPT.JAVA.ANDROID.SdCardPath	SdCardPath: Avoid hardcoded references to SD card path
High	Scroll View Count	OPT.JAVA.ANDROID.ScrollViewCount	ScrollViewCount: Check ScrollViews just have one children
High	Text View Edits	OPT.JAVA.ANDROID.TextViewEdits	TextViewEdits: Check if TextView is correctly used
High	Use Check Permission	OPT.JAVA.ANDROID.UseCheckPermission	UseCheckPermission: Use the result of a permission check
High	Use Serialization Judiciously	OPT.JAVA.ANDROID.UseSerializationJudiciously	UseSerializationJudiciously: Discourage use of Serialization, use JSON instead
High	Uses Min Sdk Attributes	OPT.JAVA.ANDROID.UsesMinSdkAttributes	UsesMinSdkAttributes: Check required API levels are specified
High	Wrong View Cast	OPT.JAVA.ANDROID.WrongViewCast	WrongViewCast: Type check for views with an assigned id
High	Wait Sleep In Activit	OPT.JAVA.ANDROID.WaitSleepInActivit	WaitSleepInActivit: Avoid using Thread.wait or Thread.sleep in Activity
High	J DB C	OPT.JAVA.BEANS.JDBC	JDBC: Avoid JDBC use in Bean classes
High	S Z B L	OPT.JAVA.BEANS.SZBL	SZBL: Verify that beans implements java.io.Serializable
High	Avoid Use Replace Methods Rule	OPT.JAVA.CADCAR.AvoidUseReplaceMethodsRule	AvoidUseReplaceMethodsRule: Do not use '.' in String methods expecting a regular expression
High	P J D C C	OPT.JAVA.CDCI.PJDCC	PJDCC: Provide Javadoc comments for public classes and interfaces
High	S Y N	OPT.JAVA.CFFSERVLET.SYN	SYN: Minimize synchronization in Servlets
High	C T N L	OPT.JAVA.CMETRICS.CTNL	CTNL: Avoid classes / interfaces with too many lines of code
High	N O F	OPT.JAVA.CMETRICS.NOF	NOF: Maximum allowed number of fields
High	N O M	OPT.JAVA.CMETRICS.NOM	NOM: Maximum allowed number of methods
High	T C C	OPT.JAVA.CMETRICS.TCC	TCC: Cyclomatic complexity
High	A A I	OPT.JAVA.CNU.AAI	AAI: Avoid unnecessary modifiers in an interface
High	D I	OPT.JAVA.CNU.DI	DI: Avoid duplicated imports
High	E I	OPT.JAVA.CNU.EI	EI: Avoid excesive import lines
High	E P N U	OPT.JAVA.CNU.EPNU	EPNU: Avoid unused parameters
High	E V N U	OPT.JAVA.CNU.EVNU	EVNU: Avoid unused local variables
High	P F	OPT.JAVA.CNU.PF	PF: Avoid unused private fields
High	P M	OPT.JAVA.CNU.PM	PM: Avoid unused private methods and constructors
High	U I	OPT.JAVA.CNU.UI	UI: Avoid unused imports
High	E I S	OPT.JAVA.COL.EIS	EIS: Avoid concurrently iterations over a collection
High	Equals Hash Code	OPT.JAVA.COMP.EqualsHashCode	EqualsHashCode: Always overwrite java.lang.Object.equals() and java.lang.Object.hashCode()
High	Method Equals	OPT.JAVA.COMP.MethodEquals	MethodEquals: Make sure the method name is equals() and not equal
High	Avoid Return Object	OPT.JAVA.CONV.AvoidReturnObject	AvoidReturnObject: Avoid returning Java.lang.Object, instead convert it to a specific type
High	Avoid Method Invok Only Super Method	OPT.JAVA.DECL.AvoidMethodInvokOnlySuperMethod	AvoidMethodInvokOnlySuperMethod: Avoid methods that invoke only overwritten supermethods
High	Avoid Not Use Field	OPT.JAVA.DECL.AvoidNotUseField	AvoidNotUseField: Avoid unused fields
High	Correct Hash Code	OPT.JAVA.DECL.CorrectHashCode	CorrectHashCode: Make sure the hashCode() method is spelled correctly
High	Correct To String	OPT.JAVA.DECL.CorrectToString	CorrectToString: Make sure the name of the method is toString() and not tostring()
High	Declare Equals Method Of Compareable	OPT.JAVA.DECL.DeclareEqualsMethodOfCompareable	DeclareEqualsMethodOfCompareable: Always declare equals() method in a class that implements java.lang.Comparable
High	Signature Standard Equals	OPT.JAVA.DECL.SignatureStandardEquals	SignatureStandardEquals: Always use the standard signature for equals methods
High	Make your clone() method final for security	OPT.JAVA.DECLARA.CLONE	CLONE: Declare clone() throws CloneNotSupportedException for Cloneable class
High	Trust Boundary Violation Rule	OPT.JAVA.SEC_JAVA.TrustBoundaryViolationRule	TrustBoundaryViolationRule: Trust boundary violation
High	U C C	OPT.JAVA.DECLARA.UCC	UCC: Private constructors in class with static members
High	Avoid Remote Exception	OPT.JAVA.EJB.AvoidRemoteException	AvoidRemoteException: Throw RemoteException from methods of remote interfaces
High	Dont Avoid Remote Exception	OPT.JAVA.EJB.DontAvoidRemoteException	DontAvoidRemoteException: Do not throw an 'java.rmi.RemoteException' for methods of local interfaces
High	Public Constructor Without Parameters	OPT.JAVA.EJB.PublicConstructorWithoutParameters	PublicConstructorWithoutParameters: Every EJB class should have a public constructor with no parameters
High	Reuse EJB Home Instances	OPT.JAVA.EJB.ReuseEJBHomeInstances	ReuseEJBHomeInstances: Always reuse EJBHome instances
High	Avoid New Throwable	OPT.JAVA.EXCP.AvoidNewThrowable	AvoidNewThrowable: Avoid creating new instances of java.lang.Throwable
High	Avoid Null Pointer Exception	OPT.JAVA.EXCP.AvoidNullPointerException	AvoidNullPointerException: Avoid capturing NullPointerExceptions
High	Avoid Throw Error	OPT.JAVA.EXCP.AvoidThrowError	AvoidThrowError: Avoid throwing java.lang.Error
High	Avoid Throw Runtime Excetions	OPT.JAVA.EXCP.AvoidThrowRuntimeExcetions	AvoidThrowRuntimeExcetions: Avoid throwing RuntimeExceptions
High	Avoid Empty Methods Finalize	OPT.JAVA.FIN.AvoidEmptyMethodsFinalize	AvoidEmptyMethodsFinalize: Avoid empty finalize() methods
High	Avoid Overload Finalize	OPT.JAVA.FIN.AvoidOverloadFinalize	AvoidOverloadFinalize: Avoid overloading the method finalize()
High	Dont Call Finalize	OPT.JAVA.FIN.DontCallFinalize	DontCallFinalize: Never call finalize() explicitly
High	N C A C	OPT.JAVA.FMETODOS.NCAC	NCAC: Do not call an abstract method from a constructor in abstract classes
High	O V E R R I D E	OPT.JAVA.FMETODOS.OVERRIDE	OVERRIDE: Override Object.equals ()when you override Object.hashCode ()
High	A U T P	OPT.JAVA.GC.AUTP	AUTP: Avoid unnecesary temporal wrapping objects when converting primitive data to String
High	D U D	OPT.JAVA.GC.DUD	DUD: Avoid using Date[], use long[] instead
High	F C F	OPT.JAVA.GC.FCF	FCF: Call super.finalize() from finalize()
High	OS T M	OPT.JAVA.GC.OSTM	OSTM: Prevent potential memory leaks in ObjectOutputStreams by calling reset () or close ()
High	S T V	OPT.JAVA.GC.STV	STV: Avoid static collections; they can grow without bounds
High	Avoid Call Interrupted Object	OPT.JAVA.HEB.AvoidCallInterruptedObject	AvoidCallInterruptedObject: Avoid calling Thread.interrupted() on an arbitrary Thread
High	Avoid Call Run	OPT.JAVA.HEB.AvoidCallRun	AvoidCallRun: Avoid calling Thread.run()
High	Avoid Sleep Inside While	OPT.JAVA.HEB.AvoidSleepInsideWhile	AvoidSleepInsideWhile: Avoid using while() and sleep(), instead use wait() and notify()
High	Avoid Synchronized Blocks Notify	OPT.JAVA.HEB.AvoidSynchronizedBlocksNotify	AvoidSynchronizedBlocksNotify: Avoid synchronised blocks that have an invocation to notify() or notifyAll() as the statement
High	Avoid Synchronized Object Lock	OPT.JAVA.HEB.AvoidSynchronizedObjectLock	AvoidSynchronizedObjectLock: Avoid the synchronization of objects java.util.concurrent.locks.Lock
High	Avoid Thread Destroy	OPT.JAVA.HEB.AvoidThreadDestroy	AvoidThreadDestroy: Avoid calling java.lang.Thread.destroy
High	Avoid Static Instance Class Without Fields	OPT.JAVA.INIC.AvoidStaticInstanceClassWithoutFields	AvoidStaticInstanceClassWithoutFields: Avoid creating new objects in static initializers before all static fields have been initialized
High	A M I	OPT.JAVA.INICIA.AMI	AMI: Avoid initializations of several variables with the same value in a line
High	N F S	OPT.JAVA.INICIA.NFS	NFS: Do not use non-final static fields during the initialization
High	S F	OPT.JAVA.INICIA.SF	SF: Initialize all static fields
High	Avoid System Out Err	OPT.JAVA.IO.AvoidSystemOutErr	AvoidSystemOutErr: Use specialized library instead of System.out or System.err for logging
High	C S	OPT.JAVA.IO.CS	CS: Close input and output resources in finally blocks
High	Dont Use Print Stack Trace	OPT.JAVA.IO.DontUsePrintStackTrace	DontUsePrintStackTrace: Do not use the printStackTrace method
High	F I L B U F	OPT.JAVA.IO.FILBUF	FILBUF: All input/output resources must have a flow with buffer
High	S I E	OPT.JAVA.IO.SIE	SIE: Avoid System.err.print() or Sytem.err.println() statements
High	S I O	OPT.JAVA.IO.SIO	SIO: Avoid System.out.println() or System.out.print() statements
High	Avoid Security Manager	OPT.JAVA.J2EE.AvoidSecurityManager	AvoidSecurityManager: Avoid using java.lang.SecurityManager
High	Avoid Set Property	OPT.JAVA.J2EE.AvoidSetProperty	AvoidSetProperty: Avoid calling java.security.Security.setProperty()
High	Dont Extend Class Loader	OPT.JAVA.J2SE.DontExtendClassLoader	DontExtendClassLoader: Do not allowed inheriting from java.lang.ClassLoader
High	Final Class Extends Permission	OPT.JAVA.J2SE.FinalClassExtendsPermission	FinalClassExtendsPermission: A class that extends from java.security.Permission should be final
High	Unsafe Reflection	OPT.JAVA.SEC_JAVA.UnsafeReflection	UnsafeReflection: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
High	XPath Injection Rule	OPT.JAVA.SEC_JAVA.XPathInjectionRule	XPathInjectionRule: Improper Neutralization of Data within XPath Expressions ('XPath Injection')
High	Xslt Injection	OPT.JAVA.SEC_JAVA.XsltInjection	XsltInjection: XML Injection (aka Blind XPath Injection)
High	Use Cache With Idempotent And Safe Methods	OPT.JAVA.JAX.UseCacheWithIdempotentAndSafeMethods	UseCacheWithIdempotentAndSafeMethods: Use cache along with idempotent and safe HTTP methods
High	Validate Endpoint Business Methods	OPT.JAVA.JAX.ValidateEndpointBusinessMethods	ValidateEndpointBusinessMethods: Endpoint implementation class business methods must follow some requirements
High	Validate Endpoint Implementation Class	OPT.JAVA.JAX.ValidateEndpointImplementationClass	ValidateEndpointImplementationClass: Endpoint implementation classes must follow some requirements
High	C DB C	OPT.JAVA.JDBC.CDBC	CDBC: Close JDBC connections in finally blocks
High	U P C	OPT.JAVA.JDBC.UPC	UPC: Use a connection pool
High	Avoid Contructors Config Tests	OPT.JAVA.JUNIT_JAVA.AvoidContructorsConfigTests	AvoidContructorsConfigTests: Do not use constructors to set up test cases
High	C E L	OPT.JAVA.LOOP.CEL	CEL: Avoid using method calls in a loop
High	L O O P2	OPT.JAVA.LOOP.LOOP2	LOOP2: Do not instantiate temporal Objects in loops bodies
High	P I	OPT.JAVA.LOOP.PI	PI: Avoid problematic constructions in a while loop
High	S Y N	OPT.JAVA.LOOP.SYN	SYN: Avoid calling synchronized methods/blocks in a loop
High	T R Y	OPT.JAVA.LOOP.TRY	TRY: Avoid using try statements in loops
High	Avoid Empty Jar Zip	OPT.JAVA.MEM.AvoidEmptyJarZip	AvoidEmptyJarZip: Avoid creating empty JAR and ZIP
High	Avoid Throw Inside Finally	OPT.JAVA.MEM.AvoidThrowInsideFinally	AvoidThrowInsideFinally: Avoid the command throws within finally
High	L E V E L	OPT.JAVA.OOP.LEVEL	LEVEL: Avoid too many levels of nested inner classes
High	A E C B	OPT.JAVA.PB.AECB	AECB: Avoid catch blocks with empty bodies
High	C L P	OPT.JAVA.PB.CLP	CLP: Avoid casting primitive data types to lower precision
High	D C F	OPT.JAVA.PB.DCF	DCF: Avoid comparing floating point types
High	D C P	OPT.JAVA.PB.DCP	DCP: Avoid using the + string concatenation operator to concatenate numbers; use it only to add numbers
High	D N I F	OPT.JAVA.PB.DNIF	DNIF: Avoid nested IF sentences with too many levels
High	D S U P	OPT.JAVA.PB.DSUP	DSUP: Place default clause at the end of a switch - case
High	E M S I	OPT.JAVA.PB.EMSI	EMSI: Avoid empty static blocks
High	E Q L	OPT.JAVA.PB.EQL	EQL: Use getClass() in the equals() method implementation
High	E Q L2	OPT.JAVA.PB.EQL2	EQL2: Use instanceof within an equals() method implementation
High	E S B L	OPT.JAVA.PB.ESBL	ESBL: Avoid empty synchronized blocks
High	F E B	OPT.JAVA.PB.FEB	FEB: Avoid 'for' and 'while' sentences with empty bodies
High	F L V A	OPT.JAVA.PB.FLVA	FLVA: Do not assign loop control variables in the body of a for loop
High	I E B	OPT.JAVA.PB.IEB	IEB: Avoid if statements with empty bodies
High	M A I N	OPT.JAVA.PB.MAIN	MAIN: Use the method name main() only for the entry point method
High	Don't use masterpage files C	OPT.JAVA.PB.MPC	MPC: Avoid parameter method names that provoke conflicts with class members names
High	N D C	OPT.JAVA.PB.NDC	NDC: Avoid defining direct or indirect subclasses of Error and Throwable
High	N X R E	OPT.JAVA.PB.NXRE	NXRE: Avoid defining direct or indirect subclasses of RuntimeException
High	Non Heritable Exception Classes	OPT.JAVA.PB.NonHeritableExceptionClasses	NonHeritableExceptionClasses: Do not define exceptions that inherit from the specified classes
High	P D S	OPT.JAVA.PB.PDS	PDS: Provide 'default' label for each switch statement
High	S B C	OPT.JAVA.PB.SBC	SBC: Avoid using a switch structure with a bad case statement
High	S B D F	OPT.JAVA.PB.SBDF	SBDF: Provide a break or return statement for the default label in a switch
High	U E I2	OPT.JAVA.PB.UEI2	UEI2: Use equals() when comparing Strings
High	U F S T	OPT.JAVA.PB.UFST	UFST: Avoid unconditional If blocks
High	Avoid File Separators	OPT.JAVA.PORT.AvoidFileSeparators	AvoidFileSeparators: Avoid writing directly in the code directory separators in order to create a java.io.File file
High	Avoid Implement Peer Interfaces	OPT.JAVA.PORT.AvoidImplementPeerInterfaces	AvoidImplementPeerInterfaces: Avoid implementing java.awt.peer interfaces
High	Avoid Call Bean From Servlet	OPT.JAVA.RECBAS.AvoidCallBeanFromServlet	AvoidCallBeanFromServlet: Avoid calling Java.beans.* from the finalize() method of a servlet
High	Avoid Call SQL From Servlet	OPT.JAVA.RECBAS.AvoidCallSQLFromServlet	AvoidCallSQLFromServlet: Avoid calling Javax.sql.* from finalize() method of a servlet
High	Avoid Get Declared Field	OPT.JAVA.REFL.AvoidGetDeclaredField	AvoidGetDeclaredField: Avoid calling java.lang.Class.getDeclaredField
High	Avoid Call Driver Manager From Servlet	OPT.JAVA.RENDESC.AvoidCallDriverManagerFromServlet	AvoidCallDriverManagerFromServlet: Avoid calling java.sql.DriverManager from a servlet
High	Avoid Call Process From Servlet	OPT.JAVA.RENDESC.AvoidCallProcessFromServlet	AvoidCallProcessFromServlet: Avoid calling java.lang.Process from any servlet
High	Avoid Call System From Servlet	OPT.JAVA.RENDESC.AvoidCallSystemFromServlet	AvoidCallSystemFromServlet: Avoid calling java.lang.System from any servlet
High	P J D C F	OPT.JAVA.RGD.PJDCF	PJDCF: Provide Javadoc comments for public fields
High	A S F I	OPT.JAVA.RGM.ASFI	ASFI: Redeclare a class with only abstract methods and static final fields as an interface
High	C T O R	OPT.JAVA.RGM.CTOR	CTOR: Avoid calling non-final, non-static and non-private methods from constructors
High	M S F	OPT.JAVA.RGM.MSF	MSF: Avoid using too many 'non-final static' fields
High	N U O T	OPT.JAVA.RGM.NUOT	NUOT: Do not use the ternary operator
High	A R L L	OPT.JAVA.RGME.ARLL	ARLL: Do not access arrays 'length' property in a loop condition
High	A G Q S	OPT.JAVA.RGOR.AGQS	AGQS: Avoid getQueryString(), using getParameter()
High	A M C O	OPT.JAVA.RGOR.AMCO	AMCO: Avoid using repeated cast over the same object or variable (Max 3 cast of every type)
High	Dont Use Reflection	OPT.JAVA.RGOR.DontUseReflection	DontUseReflection: Avoid the use of reflection
High	E I O F	OPT.JAVA.RGOR.EIOF	EIOF: Avoid if/else-if chains performing type testing
High	S D F	OPT.JAVA.RGOR.SDF	SDF: Date format class java.text.SimpleDateFormat spends many resources
High	Avoid Runtime And System Classes	OPT.JAVA.RGP.AvoidRuntimeAndSystemClasses	AvoidRuntimeAndSystemClasses: Do not use Runtime and System classes
High	Do not use applets in an application client	OPT.JAVA.RGS.NUA	NUA: Do not use applets in an application client layer
High	Transient fields in Serializable classes	OPT.JAVA.RGS.SER	SER: 'Transient' fields in 'Serializable' classes
High	Avoid EJB Explicit Server Socket	OPT.JAVA.SEC_JAVA.AvoidEJBExplicitServerSocket	AvoidEJBExplicitServerSocket: EJB Bad Practices: Use of Sockets
High	Avoid EJB Explicit Thread Management	OPT.JAVA.SEC_JAVA.AvoidEJBExplicitThreadManagement	AvoidEJBExplicitThreadManagement: Avoid explicit thread management in EJB
High	Avoid J2EE Jvm Exit	OPT.JAVA.SEC_JAVA.AvoidJ2EEJvmExit	AvoidJ2EEJvmExit: Avoid JVM shutdown code in J2EE applications
High	Cookies In Security Decision	OPT.JAVA.SEC_JAVA.CookiesInSecurityDecision	CookiesInSecurityDecision: Reliance on Cookies without Validation and Integrity Checking in a Security Decision
High	Database Access Control Rule	OPT.JAVA.SEC_JAVA.DatabaseAccessControlRule	DatabaseAccessControlRule: Avoid queries in the database except from the specific classes
High	J2ee File Disclosure Rule	OPT.JAVA.SEC_JAVA.J2eeFileDisclosureRule	J2eeFileDisclosureRule: File disclosure in server-side J2EE forward/include
High	Not Overridable Method Rule	OPT.JAVA.SEC_JAVA.NotOverridableMethodRule	NotOverridableMethodRule: Not overridable method
High	Race Condition Format Flaw	OPT.JAVA.SEC_JAVA.RaceConditionFormatFlaw	RaceConditionFormatFlaw: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
High	Race Condition Servlet	OPT.JAVA.SEC_JAVA.RaceConditionServlet	RaceConditionServlet: Race Condition in a Java Servlet
High	Security Check In Overridable Method Rule	OPT.JAVA.SEC_JAVA.SecurityCheckInOverridableMethodRule	SecurityCheckInOverridableMethodRule: Methods that perform a security check must be declared private or final
High	Spring No Anti Xss Configuration	OPT.JAVA.SEC_JAVA.SpringNoAntiXssConfiguration	SpringNoAntiXssConfiguration: Use defaultHtmlEscape {'OWASP-2021': ['A5'], 'WASC': ['08'], 'PCI-DSS': ['6.5.7'], 'ASVS-v4.0.2': ['3.4.5']}
High	Unhandled SSL Exception Rule	OPT.JAVA.SEC_JAVA.UnhandledSSLExceptionRule	UnhandledSSLExceptionRule: Unhandled SSL exception
High	User Controlled SQL Primary Key	OPT.JAVA.SEC_JAVA.UserControlledSQLPrimaryKey	UserControlledSQLPrimaryKey: Avoid using an user controlled Primary Key into a query
High	Avoid Call Next In Has Next	OPT.JAVA.SENT.AvoidCallNextInHasNext	AvoidCallNextInHasNext: Avoid calling next() in hasNext()
High	Avoid Call Set Size Inside Component Resized	OPT.JAVA.SENT.AvoidCallSetSizeInsideComponentResized	AvoidCallSetSizeInsideComponentResized: Avoid calling the setSize() from within componentResized()
High	Avoid Empty Sentences Switch	OPT.JAVA.SENT.AvoidEmptySentencesSwitch	AvoidEmptySentencesSwitch: Avoid empty switch statements
High	Avoid Declare Method Read Object	OPT.JAVA.SERI.AvoidDeclareMethodReadObject	AvoidDeclareMethodReadObject: Avoid declaring the method readObject() as synchronized
High	Avoid Serializable Classes	OPT.JAVA.SERI.AvoidSerializableClasses	AvoidSerializableClasses: Avoid non-serializable classes with inner classes serializable
High	Always Use Ids As Bean Identifiers	OPT.JAVA.SPRING.AlwaysUseIdsAsBeanIdentifiers	AlwaysUseIdsAsBeanIdentifiers: Use beans id attribute as beans identifiers
High	Avoid Beans With The Same Id Across Diferent Descriptors	OPT.JAVA.SPRING.AvoidBeansWithTheSameIdAcrossDiferentDescriptors	AvoidBeansWithTheSameIdAcrossDiferentDescriptors: Ensure beans id attribute is unique across all the XML configuration files
High	Avoid Hardcoding Null	OPT.JAVA.SPRING.AvoidHardcodingNull	AvoidHardcodingNull: Avoid initializing properties or parameters with a hardcoded null
High	Avoid Retrieving More Than One Batch At Time	OPT.JAVA.SPRING.AvoidRetrievingMoreThanOneBatchAtTime	AvoidRetrievingMoreThanOneBatchAtTime: Avoid retrieving more than one batch of items at a time
High	Avoid Using Default Package With Auto Scanning	OPT.JAVA.SPRING.AvoidUsingDefaultPackageWithAutoScanning	AvoidUsingDefaultPackageWithAutoScanning: Avoid using the default package when using the auto scan
High	Avoid Wildcards When Loading Resource From Class Path	OPT.JAVA.SPRING.AvoidWildcardsWhenLoadingResourceFromClassPath	AvoidWildcardsWhenLoadingResourceFromClassPath: Avoid using the * wildcard when loading a resource from the classpath
High	Enable Auto Configuration Annotation Must Be Unique	OPT.JAVA.SPRING.EnableAutoConfigurationAnnotationMustBeUnique	EnableAutoConfigurationAnnotationMustBeUnique: EnableAutoConfiguration annotation must be unique
High	Refer Imported Resources To The Classpath	OPT.JAVA.SPRING.ReferImportedResourcesToTheClasspath	ReferImportedResourcesToTheClasspath: Refer imported resources to the classpath
High	Use A Proper Base Package When Using Component Scanning	OPT.JAVA.SPRING.UseAProperBasePackageWhenUsingComponentScanning	UseAProperBasePackageWhenUsingComponentScanning: Use a proper base package when using component scanning
High	Use A Top Package For Main Application Class	OPT.JAVA.SPRING.UseATopPackageForMainApplicationClass	UseATopPackageForMainApplicationClass: Main application class must belong to a root package
High	Use Constructor Based Dependency Injection	OPT.JAVA.SPRING.UseConstructorBasedDependencyInjection	UseConstructorBasedDependencyInjection: Use constructor based dependency injection
High	A C D O	OPT.JAVA.STR.ACDO	ACDO: Prevents the use of some ones of the String class constructors
High	P C T S	OPT.JAVA.STR.PCTS	PCTS: Use charAt() instead of startsWith() for comparisons of one character
High	S T OS	OPT.JAVA.STR.STOS	STOS: Avoid using toString method in a String
High	Usb In Loop	OPT.JAVA.STR.UsbInLoop	UsbInLoop: Avoid using the concatenation operator of strings +{}
High	U S C	OPT.JAVA.STR.USC	USC: Avoid using StringBuffer to store a String that is never modified
High	Switch Fully Covers Enumeration	OPT.JAVA.SWITCH.SwitchFullyCoversEnumeration	SwitchFullyCoversEnumeration: Use a default statement and as many case statements as existing enumeration elements
High	A N F	OPT.JAVA.TRS.ANF	ANF: Avoid using notify, use notifyAll()instead
High	Avoid using variables of type java.lang.ThreadGroup	OPT.JAVA.TRS.AUTG	AUTG: Avoid using variables of type java.lang.ThreadGroup
High	M R U N	OPT.JAVA.TRS.MRUN	MRUN: Give Thread subclasses a run() method
High	N S M	OPT.JAVA.TRS.NSM	NSM: Avoid using synchronized modifier in the method declaration
High	Avoid Ejs	OPT.JAVA.WEBS.AvoidEjs	AvoidEjs: Avoid using the package com.ibm.ejs .*
High	Avoid Ws	OPT.JAVA.WEBS.AvoidWs	AvoidWs: Avoid using Avoid using com.ibm.ws and com.ibm.websphere packages
High	Context Sensitive Data Is Kept Secure	OPT.JAVA.ANDROID.ContextSensitiveDataIsKeptSecure	ContextSensitiveDataIsKeptSecure: Avoid improper access to data created by the context
High	N IP	OPT.JAVA.DECLARA.NIP	NIP: Do not write IP address in source code
High	Avoid Exposing All Endpointl Public Methods	OPT.JAVA.JAX.AvoidExposingAllEndpointlPublicMethods	AvoidExposingAllEndpointlPublicMethods: Specify an endpoint interface to avoid exposing all the public methods
High	Information Exposure Through Error Message	OPT.JAVA.SEC_JAVA.InformationExposureThroughErrorMessage	InformationExposureThroughErrorMessage: Avoid sensitive information exposure through error messages
High	Packaged Private Key	OPT.JAVA.ANDROID.PackagedPrivateKey	PackagedPrivateKey: Avoid package private key files
High	Secure Random	OPT.JAVA.ANDROID.SecureRandom	SecureRandom: Do not use SecureRandom with a fixed seed
High	Hardcoded Salt Rule	OPT.JAVA.SEC_JAVA.HardcodedSaltRule	HardcodedSaltRule: A hardcoded salt can compromise system security
High	Inadequate Padding Rule	OPT.JAVA.SEC_JAVA.InadequatePaddingRule	InadequatePaddingRule: Inadequate padding
High	Insecure Randomness Rule	OPT.JAVA.SEC_JAVA.InsecureRandomnessRule	InsecureRandomnessRule: Standard pseudo-random number generators cannot withstand cryptographic attacks
High	Insecure Transport	OPT.JAVA.SEC_JAVA.InsecureTransport	InsecureTransport: Insecure transport
High	Insufficient Key Size Rule	OPT.JAVA.SEC_JAVA.InsufficientKeySizeRule	InsufficientKeySizeRule: Weak cryptography, insufficient key length
Info	Dont Modify Access Security	OPT.JAVA.EJB.DontModifyAccessSecurity	DontModifyAccessSecurity: Do not access or modify java.security configuration objects (Policy, Security, Provider, Principal, KeyStore)
Info	Action names must end in Action	OPT.JAVA.ACTIONS.BNMC	BNMC: Action names must end in Action
Info	Use a defined package for Actions	OPT.JAVA.ACTIONS.MAUB	MAUB: Use a defined package for Actions
Info	Avoid Actions with a simple forward	OPT.JAVA.ACTIONS.OROP	OROP: Avoid Actions with a simple forward
Info	Declare unique exception for Actions	OPT.JAVA.ACTIONS.THME	THME: Declare Action methods with a unique exception type thrown
Info	Avoid Creating Unnecesary Objects	OPT.JAVA.ANDROID.AvoidCreatingUnnecesaryObjects	AvoidCreatingUnnecesaryObjects: Avoid creating string
Info	Avoid Internal Getter Setter	OPT.JAVA.ANDROID.AvoidInternalGetterSetter	AvoidInternalGetterSetter: Avoid internal use of getter/setter
Info	Private Inner Class Access	OPT.JAVA.ANDROID.PrivateInnerClassAccess	PrivateInnerClassAccess: Consider package instead of private access with private inner classes
Info	Use Value Of	OPT.JAVA.ANDROID.UseValueOf	UseValueOf: Avoid wrapper classes constructor calls
Info	E Q U A L	OPT.JAVA.BEANS.EQUAL	EQUAL: Override Object.equals() method in JavaBean classes
Info	Avoid Call To String	OPT.JAVA.CADCAR.AvoidCallToString	AvoidCallToString: Avoid calling toString () on String objects
Info	M D J D T	OPT.JAVA.CDCI.MDJDT	MDJDT: Use the @deprecated tag in Javadoc comments for classes and interfaces
Info	M J J D T	OPT.JAVA.CDCI.MJJDT	MJJDT: Use the @since tag in Javadoc comments for classes and interfaces
Info	M S J D T	OPT.JAVA.CDCI.MSJDT	MSJDT: Use the @see tag in Javadoc comments for classes and interfaces
Info	P J D C C4	OPT.JAVA.CDCI.PJDCC4	PJDCC4: Provide Javadoc comments for private classes and interfaces
Info	M R D C2	OPT.JAVA.CDM.MRDC2	MRDC2: Use the @return tag in Javadoc comments for protected methods
Info	M R D C4	OPT.JAVA.CDM.MRDC4	MRDC4: Use the @return tag in Javadoc comments for private methods
Info	P A R A M2	OPT.JAVA.CDM.PARAM2	PARAM2: Use the @param tag in Javadoc comments for each parameter of protected methods
Info	P A R A M4	OPT.JAVA.CDM.PARAM4	PARAM4: Use the @param tag in Javadoc comments for each parameter of private methods
Info	T H R O W2	OPT.JAVA.CDM.THROW2	THROW2: Use the @throws or @exception tags in Javadoc comments of protected methods
Info	T H R O W4	OPT.JAVA.CDM.THROW4	THROW4: Use the @throws or @exception tags in Javadoc comments of private methods
Info	C R T E	OPT.JAVA.CFFEJB.CRTE	CRTE: Declare ejbCreate() methods public, but neither static nor final
Info	F N D M	OPT.JAVA.CFFEJB.FNDM	FNDM: Declare finder methods public and neither final nor static
Info	P C R T E	OPT.JAVA.CFFEJB.PCRTE	PCRTE: Declare public 'ejbPostCreate()' method, but never static nor final
Info	A L B L	OPT.JAVA.CNOM.ALBL	ALBL: Justify the opening and closing braces in code blocks
Info	E L E M	OPT.JAVA.CNOM.ELEM	ELEM: All elements (variables, methods and constructors) in a Java type should follow a naming standard
Info	I F V	OPT.JAVA.CNOM.IFV	IFV: Use all uppercase letters for the names of fields in an interface
Info	N N M A	OPT.JAVA.CNOM.NNMA	NNMA: Follow a naming standard for Java packages
Info	Avoid Short If Else	OPT.JAVA.COND.AvoidShortIfElse	AvoidShortIfElse: Avoid using if else statements in short conditions
Info	Avoid Unnecessary Constructor	OPT.JAVA.CONST.AvoidUnnecessaryConstructor	AvoidUnnecessaryConstructor: Avoid unnecessary constructors
Info	Avoid Local Variables Differ Upper Lower Case	OPT.JAVA.CONV.AvoidLocalVariablesDifferUpperLowerCase	AvoidLocalVariablesDifferUpperLowerCase: Avoid variable names that differ in only the case
Info	Avoid Same Class Field Names	OPT.JAVA.CONV.AvoidSameClassFieldNames	AvoidSameClassFieldNames: Avoid classes and fields with the same name
Info	Avoid Short Class Names	OPT.JAVA.CONV.AvoidShortClassNames	AvoidShortClassNames: Avoid class names that are less than 5 characters
Info	Use Correct Format Inner Classes	OPT.JAVA.CONV.UseCorrectFormatInnerClasses	UseCorrectFormatInnerClasses: Avoid incorrect name format of inner classes
Info	Use Is If Return Boolean	OPT.JAVA.CONV.UseIsIfReturnBoolean	UseIsIfReturnBoolean: Only add the prefix 'is' to a method name if it returns a Boolean
Info	Avoid Declare Fields Only Null	OPT.JAVA.DECL.AvoidDeclareFieldsOnlyNull	AvoidDeclareFieldsOnlyNull: Avoid declaring fields that are only ever null
Info	Avoid Declare Method Final And Static	OPT.JAVA.DECL.AvoidDeclareMethodFinalAndStatic	AvoidDeclareMethodFinalAndStatic: Do not declare static methods as final
Info	Avoid Declare Method Private And Final	OPT.JAVA.DECL.AvoidDeclareMethodPrivateAndFinal	AvoidDeclareMethodPrivateAndFinal: Avoid declaring private methods as final
Info	Dont Extend Object	OPT.JAVA.DECL.DontExtendObject	DontExtendObject: Make sure that classes do not explicitly inherit 'java.lang.Object'
Info	Signature Standard To String	OPT.JAVA.DECL.SignatureStandardToString	SignatureStandardToString: Always declare the toString() with the standard signature
Info	C H A I N	OPT.JAVA.DECLARA.CHAIN	CHAIN: With multiple (overloaded) constructors, use 'this' to call more generic constructors inside constructors
Info	I Don't use masterpage files T2	OPT.JAVA.DECLARA.IMPT2	IMPT2: Use wild cards when importing a class
Info	Leave A White Space Between Arguments	OPT.JAVA.DECLARA.LeaveAWhiteSpaceBetweenArguments	LeaveAWhiteSpaceBetweenArguments: Leave a white space between arguments
Info	O C C	OPT.JAVA.DECLARA.OCC	OCC: Checks code organization inside a .java file
Info	Avoid Incorrect Format Of Final Fields	OPT.JAVA.DEN.AvoidIncorrectFormatOfFinalFields	AvoidIncorrectFormatOfFinalFields: Avoid incorrect name format in the final static fields
Info	Avoid Incorrect Format Of Final Non Static Fields	OPT.JAVA.DEN.AvoidIncorrectFormatOfFinalNonStaticFields	AvoidIncorrectFormatOfFinalNonStaticFields: Avoid incorrect name format in static non-final fields
Info	Avoid Incorrect Format Of Local Vars	OPT.JAVA.DEN.AvoidIncorrectFormatOfLocalVars	AvoidIncorrectFormatOfLocalVars: Avoid incorrect name format in local variables
Info	Avoid Incorrect Format Of Non Static Fields	OPT.JAVA.DEN.AvoidIncorrectFormatOfNonStaticFields	AvoidIncorrectFormatOfNonStaticFields: Avoid incorrect name format in the non-static fields
Info	Avoid Use Of Dollar In Names	OPT.JAVA.DEN.AvoidUseOfDollarInNames	AvoidUseOfDollarInNames: Avoid using dollar signs in the names of classes, methods or variables
Info	Interfaces Start With Capital	OPT.JAVA.DEN.InterfacesStartWithCapital	InterfacesStartWithCapital: Always start an interface name with a capital letter
Info	Method Not Start With Lowercase Or Under Score	OPT.JAVA.DEN.MethodNotStartWithLowercaseOrUnderScore	MethodNotStartWithLowercaseOrUnderScore: Always follow the java method naming conventions
Info	Start Class Name Capital	OPT.JAVA.DEN.StartClassNameCapital	StartClassNameCapital: Always start a class name with a capital letter
Info	Avoid Load Library EJB	OPT.JAVA.EJB.AvoidLoadLibraryEJB	AvoidLoadLibraryEJB: Do not load native libraries in a class of Enterprise JavaBean
Info	Declare Static Final Class EJB	OPT.JAVA.EJB.DeclareStaticFinalClassEJB	DeclareStaticFinalClassEJB: Always declare the EntityBeans static fields as final
Info	Ejb Create Enterprise Java Bean	OPT.JAVA.EJB.EjbCreateEnterpriseJavaBean	EjbCreateEnterpriseJavaBean: Always implements at least one ejbCreate () method in a class of Enterprise JavaBean
Info	Ejb Create No Parameter	OPT.JAVA.EJB.EjbCreateNoParameter	EjbCreateNoParameter: Do not have parameters for the method ejbCreate() of the MessageDrivenBean classes
Info	Ejb Create Post Create	OPT.JAVA.EJB.EjbCreatePostCreate	EjbCreatePostCreate: EntityBeans should one ejbPostCreate() method per ejbCreate() method
Info	Ejb Post Create Entity Bean	OPT.JAVA.EJB.EjbPostCreateEntityBean	EjbPostCreateEntityBean: EntityBeans must implement at least one method ejbPostCreate()
Info	Method Void Ejb Create	OPT.JAVA.EJB.MethodVoidEjbCreate	MethodVoidEjbCreate: Avoid non-empty return type of the methods ejbCreate() in classes of SessionBean and MessageDrivenBean
Info	Method Void Ejb Post Create	OPT.JAVA.EJB.MethodVoidEjbPostCreate	MethodVoidEjbPostCreate: Avoid non-empty return type of methods ejbPostCreate() in Enterprise JavaBean classes
Info	Use Capitals For Final Fields	OPT.JAVA.EJB.UseCapitalsForFinalFields	UseCapitalsForFinalFields: Declare fields with names in capital letters as final
Info	Define Classes Exceptions As Final	OPT.JAVA.EXCP.DefineClassesExceptionsAsFinal	DefineClassesExceptionsAsFinal: Always declare user-defined exceptions as final
Info	L L	OPT.JAVA.FMETODOS.LL	LL: Too long code lines
Info	N S A B	OPT.JAVA.FMETODOS.NSAB	NSAB: Do not place statements on the same line as {opening brace
Info	S A O P	OPT.JAVA.FMETODOS.SAOP	SAOP: Enforce number of space character(s) on each side of an assignment operator using one only line
Info	S C	OPT.JAVA.FMETODOS.SC	SC: Enforce number of space character(s) after the opening parenthesis '(' in a conditional statement
Info	S M C	OPT.JAVA.FMETODOS.SMC	SMC: Place a single space character between a method name and the opening ( parenthesis
Info	Avoid Extend Thread	OPT.JAVA.HEB.AvoidExtendThread	AvoidExtendThread: Avoid extending java.lang.Thread
Info	Avoid Link Operator Assign	OPT.JAVA.INIC.AvoidLinkOperatorAssign	AvoidLinkOperatorAssign: Avoid creating asignment chains
Info	Avoid Get Context	OPT.JAVA.J2EE.AvoidGetContext	AvoidGetContext: Avoid calling java.security.AccessController.getContext()
Info	Avoid Get Security Manager	OPT.JAVA.J2EE.AvoidGetSecurityManager	AvoidGetSecurityManager: Avoid calling java.lang.System.getSecurityManager()
Info	Javadoc Location	OPT.JAVA.JDOC.JavadocLocation	JavadocLocation: Avoid putting non-Javadoc comments between Javadoc and class / method declarations
Info	Javadoc Param Rule	OPT.JAVA.JDOC.JavadocParamRule	JavadocParamRule: Always provide the tag @param in the correct order for public and protected methods
Info	Javadoc Reg Exp Rule	OPT.JAVA.JDOC.JavadocRegExpRule	JavadocRegExpRule: Do not use the tag @exception in the JavaDoc comments for the exceptions thrown
Info	Format Subclass Junit Test Case	OPT.JAVA.JUNIT_JAVA.FormatSubclassJunitTestCase	FormatSubclassJunitTestCase: Avoid incorrect name format Junit TestCase subclasses
Info	Start Test Class Name Test Suite	OPT.JAVA.JUNIT_JAVA.StartTestClassNameTestSuite	StartTestClassNameTestSuite: Avoid incorrect name format TestSuite classes
Info	Avoid Call Ceil With Int Converted To Double	OPT.JAVA.MAT.AvoidCallCeilWithIntConvertedToDouble	AvoidCallCeilWithIntConvertedToDouble: Avoid passing integer type to Math.ceil() / Math.floor() / Math.round()
Info	Avoid Switch Case Break Without Comment	OPT.JAVA.PB.AvoidSwitchCaseBreakWithoutComment	AvoidSwitchCaseBreakWithoutComment: Check if there is a switch with a case without break and without comments
Info	Comment Every Variable	OPT.JAVA.RGD.CommentEveryVariable	CommentEveryVariable: Comment every variable
Info	P J D C F4	OPT.JAVA.RGD.PJDCF4	PJDCF4: Provide Javadoc comments for private fields
Info	P J D C M2	OPT.JAVA.RGD.PJDCM2	PJDCM2: Provide Javadoc comments for protected methods
Info	P J D C M4	OPT.JAVA.RGD.PJDCM4	PJDCM4: Provide Javadoc comments for private methods
Info	Dont Use Servlets	OPT.JAVA.RGM.DontUseServlets	DontUseServlets: Do not use servlets
Info	P F L	OPT.JAVA.RGM.PFL	PFL: Use for loops instead of while
Info	S D I	OPT.JAVA.RGM.SDI	SDI: Use blank lines to separate import blocks
Info	ESAPI Banned Rule	OPT.JAVA.SEC_JAVA.ESAPIBannedRule	ESAPIBannedRule: Avoid dangerous J2EE API, use replacements from security-focused libraries (like OWASP ESAPI)
Info	Avoid Return Sentences Method Void	OPT.JAVA.SENT.AvoidReturnSentencesMethodVoid	AvoidReturnSentencesMethodVoid: Avoid unnecessary return commands in void methods
Info	Avoid Using Do While	OPT.JAVA.SENT.AvoidUsingDoWhile	AvoidUsingDoWhile: Avoid using do-while statements
Info	Version U I D Field	OPT.JAVA.SERI.serialVersionUIDField	serialVersionUIDField: Serializable classes should always have a final static serialVersionUID field
Info	Use Package Declaration	OPT.JAVA.SWITCH.UsePackageDeclaration	UsePackageDeclaration: Always use a package declaration
Info	Password In Comment Rule	OPT.JAVA.SEC_JAVA.PasswordInCommentRule	PasswordInCommentRule: Avoid hard-coded or in-comment passwords in code
Low	Avoid Field Access Strategy	OPT.HIBERNATE.AvoidFieldAccessStrategy	AvoidFieldAccessStrategy: Use accessor methods (getter/setter) for property access
Low	Collection Getter And Setter Must Return Same Object	OPT.HIBERNATE.CollectionGetterAndSetterMustReturnSameObject	CollectionGetterAndSetterMustReturnSameObject: Collection getter and setter must return same object
Low	Declare Identifier Property	OPT.HIBERNATE.DeclareIdentifierProperty	DeclareIdentifierProperty: Declare identifier property/properties on persistent classes
Low	Externalize Queries	OPT.HIBERNATE.ExternalizeQueries	ExternalizeQueries: Externalize query strings as named queries
Low	Implement Equals Hash Code In Components	OPT.HIBERNATE.ImplementEqualsHashCodeInComponents	ImplementEqualsHashCodeInComponents: Implement equals() and hashCode() for components and composite elements
Low	Select Before Update With Update Trigger	OPT.HIBERNATE.SelectBeforeUpdateWithUpdateTrigger	SelectBeforeUpdateWithUpdateTrigger: Check select-before-update attribute matches UPDATE trigger
Low	Use Named Identifier	OPT.HIBERNATE.UseNamedIdentifier	UseNamedIdentifier: You should always specify a name attribute for identifiers in Hibernate
Low	Use Proper Subclass Strategy	OPT.HIBERNATE.UseProperSubclassStrategy	UseProperSubclassStrategy: Use proper subclass strategy according to the number of subclass properties
Low	Do not manually treat exceptions in Actions	OPT.JAVA.ACTIONS.AUTC	AUTC: Do not manually treat exceptions in Actions
Low	Don't use public methods in Actions	OPT.JAVA.ACTIONS.NMTP	NMTP: Do not use public methods in Actions
Low	Avoid Using Floating Point	OPT.JAVA.ANDROID.AvoidUsingFloatingPoint	AvoidUsingFloatingPoint: Avoid Using Floating-Point
Low	Keep XML Layout Hierarchy Flat	OPT.JAVA.ANDROID.KeepXMLLayoutHierarchyFlat	KeepXMLLayoutHierarchyFlat: Check the depth of the layout
Low	Suspicious Import	OPT.JAVA.ANDROID.SuspiciousImport	SuspiciousImport: Check android.R package is used
Low	Use Enhanced For Loop	OPT.JAVA.ANDROID.UseEnhancedForLoop	UseEnhancedForLoop: Consider using enhanced for-each loop
Low	Use Primitive For Numbers	OPT.JAVA.ANDROID.UsePrimitiveForNumbers	UsePrimitiveForNumbers: Use primitive types instead of Number objects
Low	Use Sparse Arrays	OPT.JAVA.ANDROID.UseSparseArrays	UseSparseArrays: Use SparseArray instead of a Map with Integer keys
Low	Avoid Cyclic Dependencies Between Packages	OPT.JAVA.AvoidCyclicDependenciesBetweenPackages	AvoidCyclicDependenciesBetweenPackages: Avoid cyclic dependencies between packages
Low	Avoid Assign In While	OPT.JAVA.BUC.AvoidAssignInWhile	AvoidAssignInWhile: Avoid assignments in while / do-while loop condition
Low	Avoid Call Loop	OPT.JAVA.BUC.AvoidCallLoop	AvoidCallLoop: Avoid the invocations of method within conditional loop statements
Low	Avoid Continue	OPT.JAVA.BUC.AvoidContinue	AvoidContinue: Avoid using the command continue
Low	Avoid List Contains	OPT.JAVA.BUC.AvoidListContains	AvoidListContains: Avoid calling contains inside a loop
Low	Avoid Call Objects Sub String	OPT.JAVA.CADCAR.AvoidCallObjectsSubString	AvoidCallObjectsSubString: Avoid calling substring(0) on a String object
Low	Avoid Check Index Of Positive	OPT.JAVA.CADCAR.AvoidCheckIndexOfPositive	AvoidCheckIndexOfPositive: Avoid checking if String.IndexOf() is a positive value
Low	Avoid Concat String	OPT.JAVA.CADCAR.AvoidConcatString	AvoidConcatString: Declare a non-constant string as a StringBuffer
Low	M A J D T	OPT.JAVA.CDCI.MAJDT	MAJDT: Use the @author tag in Javadoc comments for classes and interfaces
Low	M V J D T	OPT.JAVA.CDCI.MVJDT	MVJDT: Use the @version tag in Javadoc comments for classes and interfaces
Low	P J D C C2	OPT.JAVA.CDCI.PJDCC2	PJDCC2: Provide Javadoc comments for protected classes and interfaces
Low	M R D C	OPT.JAVA.CDM.MRDC	MRDC: Use the @return tag in Javadoc comments for public methods
Low	T S M J T	OPT.JAVA.CDM.TSMJT	TSMJT: Provide Javadoc comment for toString() methods
Low	V M C R	OPT.JAVA.CDM.VMCR	VMCR: Avoid the @return Javadoc tag in void methods
Low	B M S S	OPT.JAVA.CFFEJB.BMSS	BMSS: Serialization of fields of a 'Bean' class
Low	Declare Public Clone	OPT.JAVA.CLON.DeclarePublicClone	DeclarePublicClone: Always declare clone() as public
Low	T R E T	OPT.JAVA.CMETRICS.TRET	TRET: Follow the limit for number of return statements
Low	C V N	OPT.JAVA.CNOM.CVN	CVN: Requires that Variable names of one character must be only used for their conventional use
Low	G E T B	OPT.JAVA.CNOM.GETB	GETB: Requires that boolean getter methods names start with 'is', 'can', 'has', or 'have'
Low	L C I N	OPT.JAVA.CNOM.LCIN	LCIN: Avoid class or interface names too long
Low	N U P R	OPT.JAVA.CNOM.NUPR	NUPR: Do not use reserved words inside Java identifiers
Low	S E T A	OPT.JAVA.CNOM.SETA	SETA: Setter methods convention
Low	U S F	OPT.JAVA.CNOM.USF	USF: Avoid lowercase in static and final field names
Low	D I L	OPT.JAVA.CNU.DIL	DIL: Do not explicity import the java.lang.* package
Low	Avoid Declare Many Constructors	OPT.JAVA.COMPJ.AvoidDeclareManyConstructors	AvoidDeclareManyConstructors: Avoid declaring too many constructors
Low	Avoid Null Pointer	OPT.JAVA.COND.AvoidNullPointer	AvoidNullPointer: If/else can generate NullPointerExceptions
Low	Protected Constructor In Abstract Class	OPT.JAVA.CONST.ProtectedConstructorInAbstractClass	ProtectedConstructorInAbstractClass: Only declare 'protected' constructors for abstract classes
Low	Avoid Method Name Differ Upper Lower Case	OPT.JAVA.CONV.AvoidMethodNameDifferUpperLowerCase	AvoidMethodNameDifferUpperLowerCase: Avoid method names that differ only in the case
Low	Array List Instead Of Vector	OPT.JAVA.DECL.ArrayListInsteadOfVector	ArrayListInsteadOfVector: Always use ArrayList instead of Vector
Low	Avoid Empty Classes	OPT.JAVA.DECL.AvoidEmptyClasses	AvoidEmptyClasses: Avoid empty classes or intefaces
Low	Avoid Implement Protected Final Class	OPT.JAVA.DECL.AvoidImplementProtectedFinalClass	AvoidImplementProtectedFinalClass: Avoid implementing protected fields in a final class
Low	Avoid Use Class Interface Or Abstract	OPT.JAVA.DECL.AvoidUseClassInterfaceOrAbstract	AvoidUseClassInterfaceOrAbstract: Avoid using abstract classes or interfaces in order to declare common constants
Low	Avoid Use Static No Final	OPT.JAVA.DECL.AvoidUseStaticNoFinal	AvoidUseStaticNoFinal: Avoid non-final static fields during initialisation
Low	Avoid Using Same Variable Names	OPT.JAVA.DECL.AvoidUsingSameVariableNames	AvoidUsingSameVariableNames: Avoid using variables with the same name
Low	L In Long Object Value	OPT.JAVA.DECL.LInLongObjectValue	LInLongObjectValue: Always add a suffix to numeric literals in upper case (L instead of l)
Low	A S I	OPT.JAVA.DECLARA.ASI	ASI: Make methods static if they do not use instance class members
Low	C C P A	OPT.JAVA.DECLARA.CCPA	CCPA: Each public class must be declared in a separate file
Low	C L S	OPT.JAVA.DECLARA.CLS	CLS: Define constants on the left side of comparisons
Low	C R S	OPT.JAVA.DECLARA.CRS	CRS: Place constants on the right side of comparisons
Low	Define Every Variable In A Line	OPT.JAVA.DECLARA.DefineEveryVariableInALine	DefineEveryVariableInALine: Define every variable in a line
Low	Define Privacy Fields	OPT.JAVA.DECLARA.DefinePrivacyFields	DefinePrivacyFields: Define every field private or protected
Low	I S A C F	OPT.JAVA.DECLARA.ISACF	ISACF: Avoid interfaces that only define constants
Low	Separate Declarations And Statements	OPT.JAVA.DECLARA.SeparateDeclarationsAndStatements	SeparateDeclarationsAndStatements: Separate declarations and statements
Low	U C D C	OPT.JAVA.DECLARA.UCDC	UCDC: Provide a by default private constructor in utility classes
Low	Avoid Incorrect Format Of Non Static Methods	OPT.JAVA.DEN.AvoidIncorrectFormatOfNonStaticMethods	AvoidIncorrectFormatOfNonStaticMethods: Avoid the incorrect naming of non-static methods
Low	Declare Bean Class Public	OPT.JAVA.EJB.DeclareBeanClassPublic	DeclareBeanClassPublic: Always declare bean classes as public
Low	Declare Method Ejb Find Public	OPT.JAVA.EJB.DeclareMethodEjbFindPublic	DeclareMethodEjbFindPublic: Always declare ejbFindXX methods as public, non static and non final
Low	Avoid Text Field	OPT.JAVA.ESPUI.AvoidTextField	AvoidTextField: Avoid using java.awt.TextField
Low	Avoid Block Catch Return	OPT.JAVA.EXCP.AvoidBlockCatchReturn	AvoidBlockCatchReturn: Do not use return statements inside catch blocks
Low	Avoid Excp Catch	OPT.JAVA.EXCP.AvoidExcpCatch	AvoidExcpCatch: Do not note an exception or throw an exception in a catch block
Low	Avoid Excp Exception	OPT.JAVA.EXCP.AvoidExcpException	AvoidExcpException: Avoid capturing java.lang.Exception exceptions
Low	Avoid New Error	OPT.JAVA.EXCP.AvoidNewError	AvoidNewError: Avoid creating new instances of java.lang.Error
Low	Next Emit No Such Element Exception	OPT.JAVA.EXCP.NextEmitNoSuchElementException	NextEmitNoSuchElementException: Always make sure that the method 'next()' in an Iterator class can be cast java.util.NoSuchElementException
Low	Avoid Unnecessary Finalize	OPT.JAVA.FIN.AvoidUnnecessaryFinalize	AvoidUnnecessaryFinalize: Avoid unnecessary finalize() method
Low	A I O C	OPT.JAVA.FMETODOS.AIOC	AIOC: Do not use instanceof to distinguish between exceptions
Low	D E E M	OPT.JAVA.FMETODOS.DEEM	DEEM: Leave at least a blank line between methods
Low	M I N D	OPT.JAVA.FMETODOS.MIND	MIND: Indent code properly
Low	N C E	OPT.JAVA.FMETODOS.NCE	NCE: Avoid Exception, RuntimeException o Throwable in catch or throw statements
Low	OS P L	OPT.JAVA.FMETODOS.OSPL	OSPL: Write one statement per line
Low	S B R	OPT.JAVA.FMETODOS.SBR	SBR: Simplify code returning boolean
Low	U P	OPT.JAVA.FMETODOS.UP	UP: Avoid unnecessary parenthesis in return statements
Low	Avoid Call Interrupted Run	OPT.JAVA.HEB.AvoidCallInterruptedRun	AvoidCallInterruptedRun: Avoid calling Thread.currentThread().interrupted() on the run() method of a thread
Low	C S I	OPT.JAVA.INICIA.CSI	CSI: Use constructors than initialize all the fields in a class
Low	Avoid Too Long Resource Names	OPT.JAVA.JAX.AvoidTooLongResourceNames	AvoidTooLongResourceNames: Avoid using too long resource names
Low	Tear Down J Unit	OPT.JAVA.JUNIT_JAVA.TearDownJUnit	TearDownJUnit: Always overwrite the tearDown() method in a JUnit test case
Low	Avoid Call Next Double	OPT.JAVA.MAT.AvoidCallNextDouble	AvoidCallNextDouble: Avoid invoking nextDouble() to generate a random int
Low	Parent Class Doesnot Reference Child Classes	OPT.JAVA.ParentClassDoesnotReferenceChildClasses	ParentClassDoesnotReferenceChildClasses: Parent class does not reference any of its child classes
Low	A D E	OPT.JAVA.PB.ADE	ADE: Avoid dangling else statements
Low	Avoid Complex If	OPT.JAVA.PB.AvoidComplexIf	AvoidComplexIf: Avoid complex condition in the If statements
Low	A C E C	OPT.JAVA.RGD.ACEC	ACEC: Avoid special characters in comments
Low	Leave A White Line Before A Comment Line	OPT.JAVA.RGD.LeaveAWhiteLineBeforeACommentLine	LeaveAWhiteLineBeforeACommentLine: Leave a white line before a comment line
Low	P J D C F2	OPT.JAVA.RGD.PJDCF2	PJDCF2: Provide Javadoc comments for protected fields
Low	P J D C M	OPT.JAVA.RGD.PJDCM	PJDCM: Provide Javadoc comments for public methods in Java classes (non-interface)
Low	P J D C M Interface	OPT.JAVA.RGD.PJDCMInterface	PJDCMInterface: Provide Javadoc comments for public methods in Java interfaces
Low	B L K E L S E	OPT.JAVA.RGM.BLKELSE	BLKELSE: Use a branches block for 'else' statements
Low	B L K I F	OPT.JAVA.RGM.BLKIF	BLKIF: Provide a branch block for 'if' statements
Low	Dont Set In Session	OPT.JAVA.RGM.DontSetInSession	DontSetInSession: Do not place objects in session scope
Low	Use Session From Restricted Packages	OPT.JAVA.RGM.UseSessionFromRestrictedPackages	UseSessionFromRestrictedPackages: Access session objects only from classes in certain packages
Low	U E Q	OPT.JAVA.RGOR.UEQ	UEQ: Avoid comparing boolean variables with true
Low	Transient fields in Serializable classes2	OPT.JAVA.RGS.SER2	SER2: Do not use interfaces that extends the java.io.Serializable interface
Low	Improper Validation Of Array Index	OPT.JAVA.SEC_JAVA.ImproperValidationOfArrayIndex	ImproperValidationOfArrayIndex: Array index coming from a non neutralized vulnerable input
Low	Avoid Assign Same Variable	OPT.JAVA.SENT.AvoidAssignSameVariable	AvoidAssignSameVariable: Avoid assigning a variable to itself
Low	Avoid Return Null	OPT.JAVA.SENT.AvoidReturnNull	AvoidReturnNull: Avoid returning null in a method declaration
Low	Avoid Transient Fileds	OPT.JAVA.SERI.AvoidTransientFileds	AvoidTransientFileds: Do not declare fields as transient in non-serializable classes
Low	Implement Comparable With Serializable	OPT.JAVA.SERI.ImplementComparableWithSerializable	ImplementComparableWithSerializable: Always implement java.io.Serializable if implementing java.lang.Comparable
Low	Add Comments To Configuration Files	OPT.JAVA.SPRING.AddCommentsToConfigurationFiles	AddCommentsToConfigurationFiles: Add comments to the XML configuration files
Low	Use Rest Controller Convenience Annotation	OPT.JAVA.SPRING.UseRestControllerConvenienceAnnotation	UseRestControllerConvenienceAnnotation: Use @RestController annotation in REST applications
Low	Use Spring Boot Application Convenience Annotation	OPT.JAVA.SPRING.UseSpringBootApplicationConvenienceAnnotation	UseSpringBootApplicationConvenienceAnnotation: Use @SpringBootApplication annotation
Low	Avoid New String	OPT.JAVA.STR.AvoidNewString	AvoidNewString: Avoid using the 'new' operator to create Strings of literals
Low	Do not compare class objects with getName() or getSimpleName() methods C H	OPT.JAVA.STR.CMPCH	CMPCH: Do not use strings to compare characters
Low	Avoid Short Switch	OPT.JAVA.SWITCH.AvoidShortSwitch	AvoidShortSwitch: Avoid switch statements with few branches, instead use if-else
Low	Avoid Declare Variable Inside Loop	OPT.JAVA.VELOC.AvoidDeclareVariableInsideLoop	AvoidDeclareVariableInsideLoop: Avoid creating or assigning a variable within a loop
Low	Avoid New Object Get Class	OPT.JAVA.VELOC.AvoidNewObjectGetClass	AvoidNewObjectGetClass: Avoid creating a new object with the objective of invoking getClass() on it
Low	Information Exposure Through Debug Log	OPT.JAVA.SEC_JAVA.InformationExposureThroughDebugLog	InformationExposureThroughDebugLog: Avoid exposing sensible information through log
Medium	Limit Accessibility Of Sensitive Content Provider	OPT.JAVA.ANDROID.LimitAccessibilityOfSensitiveContentProvider	LimitAccessibilityOfSensitiveContentProvider: Limit the accessibility of a app's sensitive ContentProvider
Medium	Secure Resources Properly	OPT.JAVA.JAX.SecureResourcesProperly	SecureResourcesProperly: Use annotations to secure resources properly
Medium	Use HTTP Method Annotation	OPT.JAVA.JAX.UseHTTPMethodAnnotation	UseHTTPMethodAnnotation: Use a proper annotation to indicate the HTTP request methods accepted
Medium	Use Secured Transport Layer	OPT.JAVA.JAX.UseSecuredTransportLayer	UseSecuredTransportLayer: Avoid using HTTP instead of HTTPS
Medium	Plaintext Storage In A Cookie Rule	OPT.JAVA.SEC_JAVA.PlaintextStorageInACookieRule	PlaintextStorageInACookieRule: Cleartext Storage of Sensitive Information in a Cookie
Medium	Unsafe Cookie Rule	OPT.JAVA.SEC_JAVA.UnsafeCookieRule	UnsafeCookieRule: Generate server-side cookies with adequate security properties
Medium	Exported Activity	OPT.JAVA.ANDROID.ExportedActivity	ExportedActivity: Exported activity must require permissions
Medium	Exported Preference Activity	OPT.JAVA.ANDROID.ExportedPreferenceActivity	ExportedPreferenceActivity: Activities extending PreferenceActivity should not be exported
Medium	Exported Provider	OPT.JAVA.ANDROID.ExportedProvider	ExportedProvider: Exported providers must require permissions
Medium	Exported Receiver	OPT.JAVA.ANDROID.ExportedReceiver	ExportedReceiver: Exported receivers must require permissions
Medium	Exported Service	OPT.JAVA.ANDROID.ExportedService	ExportedService: Exported services must require permissions
Medium	Avoid Host Name Checks Rule	OPT.JAVA.SEC_JAVA.AvoidHostNameChecksRule	AvoidHostNameChecksRule: Avoid checks on client-side hostname, that are not reliable due to DNS poisoning
Medium	Avoid Cartesian Product	OPT.HIBERNATE.AvoidCartesianProduct	AvoidCartesianProduct: Avoid unaware cartessian products in HQL and native SQL queries
Medium	Avoid Many To Many Associations	OPT.HIBERNATE.AvoidManyToManyAssociations	AvoidManyToManyAssociations: Avoid many-to-many associations
Medium	Avoid Non Lazy Collections	OPT.HIBERNATE.AvoidNonLazyCollections	AvoidNonLazyCollections: Avoid non-lazy persistent collections
Medium	Avoid Problematic Flush Mode	OPT.HIBERNATE.AvoidProblematicFlushMode	AvoidProblematicFlushMode: Avoid setting FlushMode that could produce stale data issues
Medium	Avoid Using HQL	OPT.HIBERNATE.AvoidUsingHQL	AvoidUsingHQL: Avoid using HQL in mapping descriptors and in code
Medium	Avoid Using Native SQL	OPT.HIBERNATE.AvoidUsingNativeSQL	AvoidUsingNativeSQL: Avoid using native SQL in mapping descriptors and in code
Medium	Cross Site History Manipulation	OPT.JAVA.SEC_JAVA.CrossSiteHistoryManipulation	CrossSiteHistoryManipulation: Cross-Site History Manipulation (XSHM)
Medium	Configure Connection Pool	OPT.HIBERNATE.ConfigureConnectionPool	ConfigureConnectionPool: Configure Hibernate with an explicit connection pool
Medium	Never Use Persistent Arrays	OPT.HIBERNATE.NeverUsePersistentArrays	NeverUsePersistentArrays: Never use persistent arrays
Medium	One Class Per Mapping File	OPT.HIBERNATE.OneClassPerMappingFile	OneClassPerMappingFile: Use one mapping file per persistent class
Medium	Only Use Hibernate For Database Access	OPT.HIBERNATE.OnlyUseHibernateForDatabaseAccess	OnlyUseHibernateForDatabaseAccess: Only use Hibernate/JPA for database access
Medium	Override Equals Hashcode In Composites	OPT.HIBERNATE.OverrideEqualsHashcodeInComposites	OverrideEqualsHashcodeInComposites: Every class implementing a composite-* element should override equals() and hashCode()
Medium	Proper Equals Hashcode Policy	OPT.HIBERNATE.ProperEqualsHashcodePolicy	ProperEqualsHashcodePolicy: Use the proper policy when implementing equals() and hashCode() in persistent entities
Medium	Separation Of Concerns	OPT.HIBERNATE.SeparationOfConcerns	SeparationOfConcerns: Avoid domain entities using J2EE APIs
Medium	Use Interface For Collection Property	OPT.HIBERNATE.UseInterfaceForCollectionProperty	UseInterfaceForCollectionProperty: Use interface for collection-valued properties
Medium	Use Non Final Persistent Classes	OPT.HIBERNATE.UseNonFinalPersistentClasses	UseNonFinalPersistentClasses: Avoid 'final' persistent classes
Medium	Use Nullable Type For Identifier	OPT.HIBERNATE.UseNullableTypeForIdentifier	UseNullableTypeForIdentifier: Use a nullable (non-primitive) type for identifier fields in persistent classes
Medium	Use Version Instead Of Timestamp	OPT.HIBERNATE.UseVersionInsteadOfTimestamp	UseVersionInsteadOfTimestamp: Use version instead of timestamp
Medium	Avoid Absolute Layout	OPT.JAVA.ANDROID.AvoidAbsoluteLayout	AvoidAbsoluteLayout: Avoid using AbsoluteLayout
Medium	Avoid Calls After Recycle Call	OPT.JAVA.ANDROID.AvoidCallsAfterRecycleCall	AvoidCallsAfterRecycleCall: Do not call a recycled resource
Medium	Check External Storage Permission	OPT.JAVA.ANDROID.CheckExternalStoragePermission	CheckExternalStoragePermission: Check permission usage conformance (External Storage Permission)
Medium	Check Internet Permission	OPT.JAVA.ANDROID.CheckInternetPermission	CheckInternetPermission: Check permission usage conformance (Internet Permission)
Medium	Check Location Permission	OPT.JAVA.ANDROID.CheckLocationPermission	CheckLocationPermission: Check permission usage conformance (Location Permission)
Medium	Complete Transaction With Commit	OPT.JAVA.ANDROID.CompleteTransactionWithCommit	CompleteTransactionWithCommit: Transactions have to be completed calling commit () method
Medium	Format String Injection Rule	OPT.JAVA.SEC_JAVA.FormatStringInjectionRule	FormatStringInjectionRule: Exclude unsanitized user input from format strings
Medium	Do Not Log Sensitive Information	OPT.JAVA.ANDROID.DoNotLogSensitiveInformation	DoNotLogSensitiveInformation: Avoid unsafe log access
Medium	Dont Use Multidimensional List	OPT.JAVA.ANDROID.DontUseMultidimensionalList	DontUseMultidimensionalList: Avoid using multidimensional arrays or nested lists
Medium	Input Path Not Canonicalized Rule	OPT.JAVA.SEC_JAVA.InputPathNotCanonicalizedRule	InputPathNotCanonicalizedRule: Incorrect Behavior Order: Validate Before Canonicalize
Medium	Missing Recycle Calls	OPT.JAVA.ANDROID.MissingRecycleCalls	MissingRecycleCalls: Resources must be recycled after using them
Medium	On Click Method Does Not Exist	OPT.JAVA.ANDROID.OnClickMethodDoesNotExist	OnClickMethodDoesNotExist: onClick method must exists
Medium	Request Parameters In Session Rule	OPT.JAVA.SEC_JAVA.RequestParametersInSessionRule	RequestParametersInSessionRule: Request parameters should not be passed into Session without sanitizing
Medium	View Holder	OPT.JAVA.ANDROID.ViewHolder	ViewHolder: Avoid inflate a new layout when implementing a view Adapter
Medium	A Package Does Not Depend On Less Stable Packages	OPT.JAVA.APackageDoesNotDependOnLessStablePackages	APackageDoesNotDependOnLessStablePackages: A package does not depend on less stable packages
Medium	Do Not Return Store Mutable Members	OPT.JAVA.DoNotReturnStoreMutableMembers	DoNotReturnStoreMutableMembers: Do not directly return or store references to mutable members
Medium	Avoid Peer Interface	OPT.JAVA.AWT.AvoidPeerInterface	AvoidPeerInterface: Avoid using java.awt.peer interfaces directly
Medium	P P B	OPT.JAVA.BEANS.PPB	PPB: Avoid passing presentation layer objects to beans
Medium	Avoid Enums In While	OPT.JAVA.BUC.AvoidEnumsInWhile	AvoidEnumsInWhile: Avoid using the enumerator for loop control
Medium	Avoid For Without Ini Incr	OPT.JAVA.BUC.AvoidForWithoutIniIncr	AvoidForWithoutIniIncr: Avoid loops without an initiator and an increase
Medium	Avoid Array To String	OPT.JAVA.CADCAR.AvoidArrayToString	AvoidArrayToString: Avoid calling toString() on an array
Medium	N C C A	OPT.JAVA.CDCI.NCCA	NCCA: Old commented code
Medium	P A R A M	OPT.JAVA.CDM.PARAM	PARAM: Use the @param tag in Javadoc comments for each parameter of public methods
Medium	T H R O W	OPT.JAVA.CDM.THROW	THROW: Use the @throws or @exception tags in Javadoc comments of public methods
Medium	Use Set Rollback Only	OPT.JAVA.CFFEJB.UseSetRollbackOnly	UseSetRollbackOnly: Call setRollbackOnly() if a method in a bean throws an application exception
Medium	Classes Are Strongly Internally Coupled	OPT.JAVA.ClassesAreStronglyInternallyCoupled	ClassesAreStronglyInternallyCoupled: Classes internally strongly coupled must be avoided
Medium	Class Hierarchies Are Not Too Deep	OPT.JAVA.ClassHierarchiesAreNotTooDeep	ClassHierarchiesAreNotTooDeep: Avoid too deep hierarchy classes
Medium	Avoid Overload Clone	OPT.JAVA.CLON.AvoidOverloadClone	AvoidOverloadClone: Avoid overloading the clone method
Medium	Implement Cloneable Alter Clone	OPT.JAVA.CLON.ImplementCloneableAlterClone	ImplementCloneableAlterClone: Implement java.lang.Cloneable when overwriting clone() method
Medium	Signature Standard Clone	OPT.JAVA.CLON.SignatureStandardClone	SignatureStandardClone: Always use the standard signature for clone methods
Medium	N P R I F	OPT.JAVA.CMETRICS.NPRIF	NPRIF: Maximum allowed number of private fields
Medium	N P R I M	OPT.JAVA.CMETRICS.NPRIM	NPRIM: Maximum allowed number of private methods
Medium	N P R O F	OPT.JAVA.CMETRICS.NPROF	NPROF: Maximum allowed number of protected fields
Medium	N P R O M	OPT.JAVA.CMETRICS.NPROM	NPROM: Maximum allowed number of protected methods
Medium	N P U B F	OPT.JAVA.CMETRICS.NPUBF	NPUBF: Maximum allowed number of public fields
Medium	N P U B M	OPT.JAVA.CMETRICS.NPUBM	NPUBM: Maximum allowed number of public methods
Medium	S T M T	OPT.JAVA.CMETRICS.STMT	STMT: Follow the limit for number of statements in a method
Medium	T N L M	OPT.JAVA.CMETRICS.TNLM	TNLM: Follow the limit for number of lines in a method
Medium	T N M C	OPT.JAVA.CMETRICS.TNMC	TNMC: Counts the number of method calls
Medium	T N O P	OPT.JAVA.CMETRICS.TNOP	TNOP: Avoid methods with too many parameters
Medium	G E T A	OPT.JAVA.CNOM.GETA	GETA: Getter methods conventions
Medium	I R B	OPT.JAVA.CNOM.IRB	IRB: Use is... only for naming methods that return a boolean
Medium	N A R G S	OPT.JAVA.CNOM.NARGS	NARGS: Use a naming convention for arguments
Medium	N C L	OPT.JAVA.CNOM.NCL	NCL: Naming convention for class names
Medium	N E	OPT.JAVA.CNOM.NE	NE: Naming convention for class exceptions
Medium	N M	OPT.JAVA.CNOM.NM	NM: Follow a naming standard for methods
Medium	Inner classes should be protected or private	OPT.JAVA.CNOM.PKG	PKG: Use all lowercase letters for package names
Medium	R Inner classes should be protected or private	OPT.JAVA.CNOM.RPKG	RPKG: Avoid using the package name that is reserverd by Sun
Medium	D I C	OPT.JAVA.COL.DIC	DIC: Define initial capacities for ArrayList, HashMap, HashSet, Hashtable, Vector and WeakHashMap
Medium	M C S	OPT.JAVA.COL.MCS	MCS: Minimize using syncrohized collections: detect use of synchronized collectiorns (Vector, Hashtable) and indicate it
Medium	M C S C	OPT.JAVA.COL.MCSC	MCSC: Do not make an excessive use of synchronized collections: detect use of Collections.syncronizedCollection() and derivate collections
Medium	Avoid Bit To Bit Comparisons	OPT.JAVA.COMP.AvoidBitToBitComparisons	AvoidBitToBitComparisons: Avoid using bitwise operators to make comparisons
Medium	Avoid Comp Byte Max Value Min Value	OPT.JAVA.COMP.AvoidCompByteMaxValueMinValue	AvoidCompByteMaxValueMinValue: Avoid the comparisons of byte data with Byte.MIN_VALUE and Byte.MAX_VALUE because they always return the same result
Medium	Avoid Comp Character Max Value Min Value	OPT.JAVA.COMP.AvoidCompCharacterMaxValueMinValue	AvoidCompCharacterMaxValueMinValue: Avoid comparisons between Character.MIN_VALUE and Character.MAX_VALUE, because they always return the same result
Medium	Avoid Comp Double Max Value Min Value	OPT.JAVA.COMP.AvoidCompDoubleMaxValueMinValue	AvoidCompDoubleMaxValueMinValue: Avoid comparing double with Double.MAX_VALUE and Double.MIN_VALUE. These comparisons will always return the same value
Medium	Avoid Comp Float Max Value Min Value	OPT.JAVA.COMP.AvoidCompFloatMaxValueMinValue	AvoidCompFloatMaxValueMinValue: Avoid comparing Float.MAX_VALUE and Double.MIN_VALUE. These comparisons will always return the same value
Medium	Avoid Comp Integer Max Value Min Value	OPT.JAVA.COMP.AvoidCompIntegerMaxValueMinValue	AvoidCompIntegerMaxValueMinValue: Avoid the comparisons of Integer.MIN_VALUE and Integer.MAX_VALUE because they always return the same result
Medium	Avoid Comp Long Max Value Min Value	OPT.JAVA.COMP.AvoidCompLongMaxValueMinValue	AvoidCompLongMaxValueMinValue: Avoid comparisons with Long.MIN_VALUE and Long.MAX_VALUE, because they always return the same result
Medium	Avoid Comp Short Max Value Min Value	OPT.JAVA.COMP.AvoidCompShortMaxValueMinValue	AvoidCompShortMaxValueMinValue: Avoid comparing short with Short.MAX_VALUE and Short.MIN_VALUE. These comparisons will always return the same value
Medium	Dont Compare One Self	OPT.JAVA.COMP.DontCompareOneSelf	DontCompareOneSelf: Avoid comparing a variable with itself
Medium	Avoid Excessively Bracketed Loops	OPT.JAVA.COMPJ.AvoidExcessivelyBracketedLoops	AvoidExcessivelyBracketedLoops: Avoid nesting more than three loops
Medium	Avoidt Nest Try Catch	OPT.JAVA.COMPJ.AvoidtNestTryCatch	AvoidtNestTryCatch: Avoid nesting more than 1 try / catch
Medium	Components Are Not Calling Too Many Other Components	OPT.JAVA.ComponentsAreNotCallingTooManyOtherComponents	ComponentsAreNotCallingTooManyOtherComponents: Avoid using components calling too many other components
Medium	Avoid Asignments Within I F	OPT.JAVA.COND.AvoidAsignmentsWithinIF	AvoidAsignmentsWithinIF: Avoid assignments inside conditional expressions
Medium	Private Constructor Utility Program	OPT.JAVA.CONST.PrivateConstructorUtilityProgram	PrivateConstructorUtilityProgram: Only declare 'private' constructors for a class of a utility program
Medium	Avoid Field Variables Differ Upper Lower Case	OPT.JAVA.CONV.AvoidFieldVariablesDifferUpperLowerCase	AvoidFieldVariablesDifferUpperLowerCase: Avoid field names that differ only in case
Medium	Avoid Import Class Local Package	OPT.JAVA.CONV.AvoidImportClassLocalPackage	AvoidImportClassLocalPackage: Avoid importing classes from the local package
Medium	Avoid Parameter Differ Upper Lower Case	OPT.JAVA.CONV.AvoidParameterDifferUpperLowerCase	AvoidParameterDifferUpperLowerCase: Avoid parameters that only differ in case
Medium	Avoid Same Method Field Names	OPT.JAVA.CONV.AvoidSameMethodFieldNames	AvoidSameMethodFieldNames: Avoid fields and methods with the same name
Medium	Collection Type Verification	OPT.JAVA.CONV.CollectionTypeVerification	CollectionTypeVerification: Always test the type of object when it is converted to an abstract collection
Medium	Object Type Verification	OPT.JAVA.CONV.ObjectTypeVerification	ObjectTypeVerification: Always check object type before cast
Medium	Avoid Declare Field Used In Only One Method	OPT.JAVA.DECL.AvoidDeclareFieldUsedInOnlyOneMethod	AvoidDeclareFieldUsedInOnlyOneMethod: Do not declare private fields that are used in only one method
Medium	Avoid Final Static Public Matrix Field	OPT.JAVA.DECL.AvoidFinalStaticPublicMatrixField	AvoidFinalStaticPublicMatrixField: Avoid using a public static final field of type Matrix
Medium	Avoid Local Variable Similar Name	OPT.JAVA.DECL.AvoidLocalVariableSimilarName	AvoidLocalVariableSimilarName: Avoid local variables with similar names
Medium	Avoid New Boolean	OPT.JAVA.DECL.AvoidNewBoolean	AvoidNewBoolean: Avoid creating Boolean objects using ‚Äúnew Boolean()·æø
Medium	Avoid Num Literals	OPT.JAVA.DECL.AvoidNumLiterals	AvoidNumLiterals: Avoid using numeric literals
Medium	Avoid Use Literal	OPT.JAVA.DECL.AvoidUseLiteral	AvoidUseLiteral: Avoid using explicit string literals, but instead, declare constants
Medium	Private Constructor In Final Class	OPT.JAVA.DECL.PrivateConstructorInFinalClass	PrivateConstructorInFinalClass: Declare classes where all constructors are private as 'final'
Medium	A U V T	OPT.JAVA.DECLARA.AUVT	AUVT: Declare the List and Set variables with their interface type
Medium	D C I	OPT.JAVA.DECLARA.DCI	DCI: Define public constants in an interface
Medium	D C T O R	OPT.JAVA.DECLARA.DCTOR	DCTOR: Define a default constructor whenever possible
Medium	I Don't use masterpage files T	OPT.JAVA.DECLARA.IMPT	IMPT: Avoid usage of * in import statements
Medium	M V OS	OPT.JAVA.DECLARA.MVOS	MVOS: Avoid declaring multiple variables in one statement
Medium	N T X	OPT.JAVA.DECLARA.NTX	NTX: Avoid throwing 'Exception'. Always use a proper Exception subclass
Medium	Not Define Object Variables	OPT.JAVA.DECLARA.NotDefineObjectVariables	NotDefineObjectVariables: Do not define 'Object' variables
Medium	Avoid Abstract Class Ejb	OPT.JAVA.EJB.AvoidAbstractClassEjb	AvoidAbstractClassEjb: Do not declare abstract EJBs
Medium	Avoid Create Exception	OPT.JAVA.EJB.AvoidCreateException	AvoidCreateException: Always launch 'javax.ejb.CreateException' for creation methods of the remote and local interfaces
Medium	Avoid Final Class Ejb	OPT.JAVA.EJB.AvoidFinalClassEjb	AvoidFinalClassEjb: Do not declare EJBs as final
Medium	Avoid Finder Exception	OPT.JAVA.EJB.AvoidFinderException	AvoidFinderException: Always throw a 'javax.ejb.FinderException' for the finder methods of the remote and local interfaces
Medium	Avoid Return This Class Ejb	OPT.JAVA.EJB.AvoidReturnThisClassEjb	AvoidReturnThisClassEjb: Avoid returning 'this' from the methods of the Enterprise JavaBean classes
Medium	Avoid Using Thread	OPT.JAVA.EJB.AvoidUsingThread	AvoidUsingThread: Do not start, stop or manage objects in a EntityBeans java.lang.Thread
Medium	Declareejb Post Create Public	OPT.JAVA.EJB.DeclareejbPostCreatePublic	DeclareejbPostCreatePublic: Always declare ejbPostCreate() public
Medium	Unnormalized Input String	OPT.JAVA.SEC_JAVA.UnnormalizedInputString	UnnormalizedInputString: Always normalize system inputs
Medium	Dont Pass This As Arg	OPT.JAVA.EJB.DontPassThisAsArg	DontPassThisAsArg: Do not pass 'this' as an argument
Medium	Ejb Create Message Driven Bean	OPT.JAVA.EJB.EjbCreateMessageDrivenBean	EjbCreateMessageDrivenBean: Always implement the least one ejbCreate() method in a class of MessageDrivenBean
Medium	Avoid Text Area	OPT.JAVA.ESPUI.AvoidTextArea	AvoidTextArea: Avoid using java.awt.TextArea
Medium	Avoid Empty Finally Blocks	OPT.JAVA.EXCP.AvoidEmptyFinallyBlocks	AvoidEmptyFinallyBlocks: Avoid empty final blocks
Medium	Avoid Empty Try Blocks	OPT.JAVA.EXCP.AvoidEmptyTryBlocks	AvoidEmptyTryBlocks: Avoid empty try blocks
Medium	Avoid Excp Error	OPT.JAVA.EXCP.AvoidExcpError	AvoidExcpError: Avoid java.lang.Error catch exceptions
Medium	Avoid Illegal Monitor State Excp	OPT.JAVA.EXCP.AvoidIllegalMonitorStateExcp	AvoidIllegalMonitorStateExcp: Avoid capturing java.lang.IllegalMonitorStateException
Medium	Avoid New Exception	OPT.JAVA.EXCP.AvoidNewException	AvoidNewException: Avoid creating new instances of java.lang.Exception
Medium	Avoid Object Throwable	OPT.JAVA.EXCP.AvoidObjectThrowable	AvoidObjectThrowable: Avoid capturing Throwable objects
Medium	Exceptions In Throws	OPT.JAVA.EXCP.ExceptionsInThrows	ExceptionsInThrows: Always use specific exceptions in the throws clause
Medium	A M C	OPT.JAVA.FMETODOS.AMC	AMC: Avoid multiple comparisons within if
Medium	D U N	OPT.JAVA.FMETODOS.DUN	DUN: Too many uses of the negation operator (!) in a method
Medium	G N E	OPT.JAVA.FMETODOS.GNE	GNE: Control number of exceptions in a clause
Medium	I A D	OPT.JAVA.FMETODOS.IAD	IAD: Declare arrays with [] braces after the array type and before the variable name(s)
Medium	Avoid Call Start Constructors	OPT.JAVA.HEB.AvoidCallStartConstructors	AvoidCallStartConstructors: Do not call the start() method from within the constructors of the subclass of the thread
Medium	Avoid This In Sincronized Sentences	OPT.JAVA.HEB.AvoidThisInSincronizedSentences	AvoidThisInSincronizedSentences: Avoid using this in synchronised blocks
Medium	Avoid Wait Outside Brackets	OPT.JAVA.HEB.AvoidWaitOutsideBrackets	AvoidWaitOutsideBrackets: Avoid using wait() method of the class java.lang.Object outside a while loop
Medium	D V B C	OPT.JAVA.INICIA.DVBC	DVBC: Define class attributes at the beginning of the class
Medium	L V	OPT.JAVA.INICIA.LV	LV: Initialize all local variables at the declaration statement
Medium	U S N	OPT.JAVA.INICIA.USN	USN: Avoid literals in method calls. Named constants (static final class variables) make source code easier to understand and maintain
Medium	Avoid Check Permission	OPT.JAVA.J2EE.AvoidCheckPermission	AvoidCheckPermission: Avoid calling java.security.AccessController.checkPermission()
Medium	Avoid Class Loader Instance	OPT.JAVA.J2EE.AvoidClassLoaderInstance	AvoidClassLoaderInstance: Avoid instantiating java.lang.ClassLoader
Medium	Avoid Do As	OPT.JAVA.J2EE.AvoidDoAs	AvoidDoAs: Avoid calling javax.security.auth.Subject.doAs()
Medium	Avoid Do As Privileged	OPT.JAVA.J2EE.AvoidDoAsPrivileged	AvoidDoAsPrivileged: Avoid calling javax.security.auth.Subject.doAsPrivileged()
Medium	Avoid Do Priviliged	OPT.JAVA.J2EE.AvoidDoPriviliged	AvoidDoPriviliged: Avoid calling java.security.AccessController.doPrivileged()
Medium	Avoid Extend Permission	OPT.JAVA.J2EE.AvoidExtendPermission	AvoidExtendPermission: Avoid extending java.security.Permission
Medium	Avoid Get Policy	OPT.JAVA.J2EE.AvoidGetPolicy	AvoidGetPolicy: Avoid calling Policy.getPolicy()
Medium	Avoid Get Property	OPT.JAVA.J2EE.AvoidGetProperty	AvoidGetProperty: Avoid calling java.security.Security.getProperty()
Medium	Avoid Large Blocks	OPT.JAVA.J2EE.AvoidLargeBlocks	AvoidLargeBlocks: Avoiding a privileged block of more than 5 lines
Medium	Avoid Permission Instance	OPT.JAVA.J2EE.AvoidPermissionInstance	AvoidPermissionInstance: Avoid creating an instance of java.security.Permission
Medium	Avoid Policy Instance	OPT.JAVA.J2EE.AvoidPolicyInstance	AvoidPolicyInstance: Avoid creating an instance of java.security.Policy
Medium	Avoid Set Policy	OPT.JAVA.J2EE.AvoidSetPolicy	AvoidSetPolicy: Avoid call to Policy.setPolicy()
Medium	Avoid Alter Check Security Manager	OPT.JAVA.J2SE.AvoidAlterCheckSecurityManager	AvoidAlterCheckSecurityManager: Avoid overwriting methods check* in SecurityManager
Medium	Avoid Catch Security Exception	OPT.JAVA.J2SE.AvoidCatchSecurityException	AvoidCatchSecurityException: Avoid capturing Java.lang.SecurityException
Medium	Avoid Static Public No Final Field	OPT.JAVA.J2SE.AvoidStaticPublicNoFinalField	AvoidStaticPublicNoFinalField: Avoid non-final public static fields
Medium	Avoid Using J A X R P C	OPT.JAVA.JAX.AvoidUsingJAXRPC	AvoidUsingJAXRPC: Avoid using JAX-RPC
Medium	Include A P IVersion Number Into URL	OPT.JAVA.JAX.IncludeAPIVersionNumberIntoURL	IncludeAPIVersionNumberIntoURL: Include the API version number into the URL
Medium	Use Default Value Annotation	OPT.JAVA.JAX.UseDefaultValueAnnotation	UseDefaultValueAnnotation: Use the @DefaultValue annotation when processing a request
Medium	Use Generic Entity	OPT.JAVA.JAX.UseGenericEntity	UseGenericEntity: Use GenericEntity when returning a list of instances
Medium	Use JSON Responses	OPT.JAVA.JAX.UseJSONResponses	UseJSONResponses: Use JSON responses in REST applications
Medium	Use Proper Return Types And Response Codes	OPT.JAVA.JAX.UseProperReturnTypesAndResponseCodes	UseProperReturnTypesAndResponseCodes: Include a proper response code along with an appropriate return type
Medium	P S T	OPT.JAVA.JDBC.PST	PST: Use PreparedStatement instead of Statement to similar requests
Medium	R R W D	OPT.JAVA.JDBC.RRWD	RRWD: Close JDBC resources when finishing using
Medium	S E L E C T	OPT.JAVA.JDBC.SELECT	SELECT: Avoid SQL sentences with SELECT *
Medium	Javadoc T O D O	OPT.JAVA.JDOC.JavadocTODO	JavadocTODO: Avoid TODO comments in production code
Medium	Javadoc Throws Rule	OPT.JAVA.JDOC.JavadocThrowsRule	JavadocThrowsRule: Provide the @throws tag in Javadoc comments for public and protected methods
Medium	Call Super Set Up From Set Up	OPT.JAVA.JUNIT_JAVA.CallSuperSetUpFromSetUp	CallSuperSetUpFromSetUp: Always call super.setUp() from the method setUp of the JUnit TestCase
Medium	Call Super Tear Down From Tear Down	OPT.JAVA.JUNIT_JAVA.CallSuperTearDownFromTearDown	CallSuperTearDownFromTearDown: Always call super.tearDown() from the method tearDown() of the JUnit TestCase
Medium	Invoke Suite As Static Public	OPT.JAVA.JUNIT_JAVA.InvokeSuiteAsStaticPublic	InvokeSuiteAsStaticPublic: Always declare Junit.framework.TestCase.suite() as a public static method
Medium	I A C B	OPT.JAVA.LOOP.IACB	IACB: Use System.arraycopy() instead of using a loop to copy arrays
Medium	L I N T	OPT.JAVA.LOOP.LINT	LINT: Use integer index variable in loops
Medium	Avoid Call Run From Servlet	OPT.JAVA.MAN.AvoidCallRunFromServlet	AvoidCallRunFromServlet: Avoid calling java.lang.Runnable.run() from any servlet
Medium	Avoid Confused Multiplication	OPT.JAVA.MAT.AvoidConfusedMultiplication	AvoidConfusedMultiplication: Avoid Confusing Multiplications
Medium	Avoid Modulus One	OPT.JAVA.MAT.AvoidModulusOne	AvoidModulusOne: Avoid modulus value that equal to one
Medium	Avoid Static Call Math	OPT.JAVA.MAT.AvoidStaticCallMath	AvoidStaticCallMath: Avoid invoking a static method of java.lang.Math invoke on a constant
Medium	Check Variable Odd Value	OPT.JAVA.MAT.CheckVariableOddValue	CheckVariableOddValue: Avoid using var% 2 [] {}
Medium	Avoid Number Instance With New	OPT.JAVA.MEM.AvoidNumberInstanceWithNew	AvoidNumberInstanceWithNew: Avoid creating an instance of a number using new
Medium	Avoid Run Finalization	OPT.JAVA.MEM.AvoidRunFinalization	AvoidRunFinalization: Avoid call to java.lang.Runtime.runFinalization()
Medium	Avoid Return Null Enumeration	OPT.JAVA.NULL.AvoidReturnNullEnumeration	AvoidReturnNullEnumeration: Return empty enumerations instead of returning null
Medium	Avoid Return Null Iterator	OPT.JAVA.NULL.AvoidReturnNullIterator	AvoidReturnNullIterator: Return an empty iterator instead of null
Medium	Null Dereference	OPT.JAVA.NullDereference	NullDereference: NULL Pointer Dereference
Medium	D N C S S	OPT.JAVA.PB.DNCSS	DNCSS: Do not call setSize() in ComponentListener.componentResized()
Medium	Empty pages	OPT.JAVA.PB.ISEM	ISEM: Avoid calling varString.equals('literal') or varString.equalsIgnoreCase('literal')
Medium	J U I N	OPT.JAVA.PB.JUIN	JUIN: Avoid incrementers with error
Medium	M ASP	OPT.JAVA.PB.MASP	MASP: Assign protected accessibility to readResolve () and writeReplace () methods in serializable classes
Medium	MVC	OPT.JAVA.PB.MVC	MVC: Avoid local variables with the same name as variables of the enclosing class
Medium	Num Max Class By Package	OPT.JAVA.PB.NumMaxClassByPackage	NumMaxClassByPackage: Avoid an excessive number of classes per package/namespace
Medium	R F F B	OPT.JAVA.PB.RFFB	RFFB: Return from finally blocks
Medium	U E I	OPT.JAVA.PB.UEI	UEI: Use equals() when comparing Objects
Medium	U O M E	OPT.JAVA.PB.UOME	UOME: Do not make useless method overwriten
Medium	Avoid Dump Stack	OPT.JAVA.PERF.AvoidDumpStack	AvoidDumpStack: Avoid using Thread.dumpStack() in production code
Medium	Avoid System	OPT.JAVA.PERF.AvoidSystem	AvoidSystem: Avoid using System.out or System.err in production code
Medium	Avoid Call Connection From Servlet	OPT.JAVA.RECBAS.AvoidCallConnectionFromServlet	AvoidCallConnectionFromServlet: Avoid calling java.sql.Connection from the finalize() method of a servlet
Medium	Avoid Call Net From Servlet	OPT.JAVA.RECBAS.AvoidCallNetFromServlet	AvoidCallNetFromServlet: Avoid calling Java.net .* from finalize() method of a servlet
Medium	Avoid Call Omg From Servlet	OPT.JAVA.RECBAS.AvoidCallOmgFromServlet	AvoidCallOmgFromServlet: Avoid calling org.omg .* from finalize() method of a servlet
Medium	Avoid Call Result Set From Servlet	OPT.JAVA.RECBAS.AvoidCallResultSetFromServlet	AvoidCallResultSetFromServlet: Avoid calling java.sql.ResultSet from the finalize() method of a servlet
Medium	Avoid Call Statement From Servlet	OPT.JAVA.RECBAS.AvoidCallStatementFromServlet	AvoidCallStatementFromServlet: Avoid calling java.sql.Statement from the method finalize() of a servlet
Medium	Avoid Date Matrix	OPT.JAVA.RECBASJ2SE.AvoidDateMatrix	AvoidDateMatrix: Avoid using a matrix of type Date
Medium	Avoid Call Jar From Servlet	OPT.JAVA.RENDESC.AvoidCallJarFromServlet	AvoidCallJarFromServlet: Avoid calling Java.util.jar .* from any servlet
Medium	Avoid Call Rmi From Servlet	OPT.JAVA.RENDESC.AvoidCallRmiFromServlet	AvoidCallRmiFromServlet: Avoid calling Java.rmi.* from any servlet
Medium	A D GC	OPT.JAVA.RGM.ADGC	ADGC: Avoid using java.util.Date or java.util.GregorianCalendar
Medium	A F P	OPT.JAVA.RGM.AFP	AFP: Avoid modifications on method or constructor parameters
Medium	A R N	OPT.JAVA.RGM.ARN	ARN: Return zero-length arrays instead of null
Medium	B L K D O W H L	OPT.JAVA.RGM.BLKDOWHL	BLKDOWHL: Use a braches block for 'do-while' statements
Medium	B L K F O R	OPT.JAVA.RGM.BLKFOR	BLKFOR: Use a braces block for 'for' statements
Medium	B L K W H L	OPT.JAVA.RGM.BLKWHL	BLKWHL: Provide a braches block for 'while' statements
Medium	C L N C	OPT.JAVA.RGM.CLNC	CLNC: Avoid using constructors in the clone() method
Medium	Make your clone() method final for security	OPT.JAVA.RGM.CLONE	CLONE: Call super.clone() in all clone() methods
Medium	D U I D	OPT.JAVA.RGM.DUID	DUID: Create a serialVersionUID for all Serializable classes
Medium	Dont Use Assert	OPT.JAVA.RGM.DontUseAssert	DontUseAssert: Do not use assert and do not launch AssertionError
Medium	F F	OPT.JAVA.RGM.FF	FF: Declare constant fields private and final
Medium	F L V	OPT.JAVA.RGM.FLV	FLV: Declare constant local variables as final
Medium	H M F	OPT.JAVA.RGM.HMF	HMF: Avoid giving method local variables and parameters the same name as class fields
Medium	P C I F	OPT.JAVA.RGM.PCIF	PCIF: Declare for loops with a condition and an increment statement
Medium	P C I F2	OPT.JAVA.RGM.PCIF2	PCIF2: Use only one condition statement in for blocks
Medium	P C I F3	OPT.JAVA.RGM.PCIF3	PCIF3: Use 'for' loops with explicit condition and increment/decrement statements
Medium	P C T O R	OPT.JAVA.RGM.PCTOR	PCTOR: Do not declare public constructors in non-public classes
Medium	P S F A	OPT.JAVA.RGM.PSFA	PSFA: Avoid using public static final array fields
Medium	U S T	OPT.JAVA.RGM.UST	UST: Use StringTokenizer instead of indexOf() or substring() for String parsing
Medium	C IP A	OPT.JAVA.RGME.CIPA	CIPA: Avoid large array initializations from constant arrays
Medium	O O M E	OPT.JAVA.RGME.OOME	OOME: Capture OutOfMemoryError for large arrays initializations
Medium	U N C	OPT.JAVA.RGOR.UNC	UNC: Do not cast a variable to an interface implemented by that variable or to the base class that extends it
Medium	Use Service Locator Pattern	OPT.JAVA.RGOR.UseServiceLocatorPattern	UseServiceLocatorPattern: Apply the 'Service Locator' pattern
Medium	Avoid Packages	OPT.JAVA.RGP.AvoidPackages	AvoidPackages: Do not import the specified packages
Medium	L N S P	OPT.JAVA.RGP.LNSP	LNSP: Do not hard code character for line separator
Medium	No Absolute Paths	OPT.JAVA.RGP.NoAbsolutePaths	NoAbsolutePaths: Do not use absolute paths
Medium	Make your clone() method final for security	OPT.JAVA.RGS.CLONE	CLONE: Make your clone() method final for security
Medium	Do not compare class objects with getName() or getSimpleName() methods	OPT.JAVA.RGS.CMP	CMP: Do not compare class objects with getName() or getSimpleName() methods
Medium	Define inner classes as private	OPT.JAVA.RGS.INNER	INNER: Define inner classes as private
Medium	Inner classes should be protected or private	OPT.JAVA.RGS.PKG	PKG: Inner classes should be 'protected' or 'private'
Medium	Avoid EJB AWT Swing	OPT.JAVA.SEC_JAVA.AvoidEJBAWTSwing	AvoidEJBAWTSwing: EJB Bad Practices: Use of AWT Swing
Medium	Avoid EJB JVM Shutdown	OPT.JAVA.SEC_JAVA.AvoidEJBJVMShutdown	AvoidEJBJVMShutdown: J2EE Bad Practices: Use of System.exit()
Medium	Avoid EJB Java Io	OPT.JAVA.SEC_JAVA.AvoidEJBJavaIo	AvoidEJBJavaIo: EJB Bad Practices: Use of Java I/O
Medium	Avoid EJB Redirect Streams	OPT.JAVA.SEC_JAVA.AvoidEJBRedirectStreams	AvoidEJBRedirectStreams: Avoid changing the input, output, and error streams in EJB
Medium	Avoid EJB Set Class Loader	OPT.JAVA.SEC_JAVA.AvoidEJBSetClassLoader	AvoidEJBSetClassLoader: Avoid setting context ClassLoader in EJB
Medium	Avoid EJB Set Security Manager	OPT.JAVA.SEC_JAVA.AvoidEJBSetSecurityManager	AvoidEJBSetSecurityManager: Avoid setting system SecurityManager in EJB
Medium	Avoid EJB Synchronization Primitives	OPT.JAVA.SEC_JAVA.AvoidEJBSynchronizationPrimitives	AvoidEJBSynchronizationPrimitives: Avoid use of synchronization primitives in EJB
Medium	Avoid J2EE Direct Database Connection	OPT.JAVA.SEC_JAVA.AvoidJ2EEDirectDatabaseConnection	AvoidJ2EEDirectDatabaseConnection: J2EE Bad Practices: Direct Management of Connections
Medium	Avoid J2EE Explicit Socket	OPT.JAVA.SEC_JAVA.AvoidJ2EEExplicitSocket	AvoidJ2EEExplicitSocket: J2EE Bad Practices: Direct Use of Sockets
Medium	Avoid J2EE Explicit Thread Management	OPT.JAVA.SEC_JAVA.AvoidJ2EEExplicitThreadManagement	AvoidJ2EEExplicitThreadManagement: J2EE Bad Practices: Direct Use of Threads
Medium	Avoid J2EE Leftover Debug Code	OPT.JAVA.SEC_JAVA.AvoidJ2EELeftoverDebugCode	AvoidJ2EELeftoverDebugCode: Leftover Debug Code in J2EE applications
Medium	Avoid J2EE Non Serializable Objects Stored	OPT.JAVA.SEC_JAVA.AvoidJ2EENonSerializableObjectsStored	AvoidJ2EENonSerializableObjectsStored: Avoid non-serializable objects stored in session in J2EE applications
Medium	Avoid Native Calls Rule	OPT.JAVA.SEC_JAVA.AvoidNativeCallsRule	AvoidNativeCallsRule: Avoid calls from Java to native (JNI) code
Medium	Detail Error Leak Rule	OPT.JAVA.SEC_JAVA.DetailErrorLeakRule	DetailErrorLeakRule: Do not send detail error information to client
Medium	Execution After Redirect	OPT.JAVA.SEC_JAVA.ExecutionAfterRedirect	ExecutionAfterRedirect: Execution After Redirect (EAR)
Medium	Potential Infinite Loop	OPT.JAVA.SEC_JAVA.PotentialInfiniteLoop	PotentialInfiniteLoop: Loop with Unreachable Exit Condition ('Infinite Loop')
Medium	Unchecked Input In Loop Condition	OPT.JAVA.SEC_JAVA.UncheckedInputInLoopCondition	UncheckedInputInLoopCondition: Unchecked input in loop condition
Medium	Avoid Assign Repeated Value	OPT.JAVA.SENT.AvoidAssignRepeatedValue	AvoidAssignRepeatedValue: Avoid assigning a value to a variable that has already been assigned
Medium	Avoid Call Get Resource Rule	OPT.JAVA.SENT.AvoidCallGetResourceRule	AvoidCallGetResourceRule: Avoid calling this.getClass.getResource
Medium	Avoid Compare Float Point	OPT.JAVA.SENT.AvoidCompareFloatPoint	AvoidCompareFloatPoint: Avoid comparing floating point with Code Quality[]{}
Medium	Implement Externalizable	OPT.JAVA.SERI.ImplementExternalizable	ImplementExternalizable: Every class that implements Externalizable must have a constructor with no parameters
Medium	Private Read Write Objects	OPT.JAVA.SERI.PrivateReadWriteObjects	PrivateReadWriteObjects: Declare optional readObject and writeObject as private in externalizable / serializable classes
Medium	Avoid Implement Single Thread Model	OPT.JAVA.SERV.AvoidImplementSingleThreadModel	AvoidImplementSingleThreadModel: Avoid implementing the interface javax.servlet.SingleThreadModel in a servlet
Medium	Avoid Large Syncronised Blocks	OPT.JAVA.SERV.AvoidLargeSyncronisedBlocks	AvoidLargeSyncronisedBlocks: Avoid synchronized blocks with more than 6 statements
Medium	Avoid Constructor Injection By Name	OPT.JAVA.SPRING.AvoidConstructorInjectionByName	AvoidConstructorInjectionByName: Avoid constructor injection by name
Medium	Avoid Hardcoding Properties Into XML	OPT.JAVA.SPRING.AvoidHardcodingPropertiesIntoXML	AvoidHardcodingPropertiesIntoXML: Avoid hardcoding properties into XML descriptors, externalize them instead
Medium	Avoid Loading Multiple XML Configuration Files	OPT.JAVA.SPRING.AvoidLoadingMultipleXMLConfigurationFiles	AvoidLoadingMultipleXMLConfigurationFiles: Avoid loading multiple XML configuration files
Medium	Avoid Too Deep Hierarchy In Jobs	OPT.JAVA.SPRING.AvoidTooDeepHierarchyInJobs	AvoidTooDeepHierarchyInJobs: Avoid too deep jobs hierarchy
Medium	Avoid Too Deep Hierarchy In Steps	OPT.JAVA.SPRING.AvoidTooDeepHierarchyInSteps	AvoidTooDeepHierarchyInSteps: Avoid too deep steps hierarchy
Medium	Avoid Using Version Numbers Within Spring Schema Names	OPT.JAVA.SPRING.AvoidUsingVersionNumbersWithinSpringSchemaNames	AvoidUsingVersionNumbersWithinSpringSchemaNames: Avoid using version numbers in Spring schema names
Medium	Disable XML Validation In Production	OPT.JAVA.SPRING.DisableXMLValidationInProduction	DisableXMLValidationInProduction: Disable XML validation in production
Medium	Enforces JSON Responses	OPT.JAVA.SPRING.EnforcesJSONResponses	EnforcesJSONResponses: Use JSON responses in REST applications
Medium	Prefer Repository Rest Resource Annotation	OPT.JAVA.SPRING.PreferRepositoryRestResourceAnnotation	PreferRepositoryRestResourceAnnotation: Use RepositoryRestResource annotation instead of RestResource
Medium	Setup Commit Interval For Chunk Processing	OPT.JAVA.SPRING.SetupCommitIntervalForChunkProcessing	SetupCommitIntervalForChunkProcessing: Set up a proper commit interval for chunk processing
Medium	Use Annotations To Create Controllers	OPT.JAVA.SPRING.UseAnnotationsToCreateControllers	UseAnnotationsToCreateControllers: Create controllers just using annotations
Medium	Use Java Based Configuration Instead XML Config	OPT.JAVA.SPRING.UseJavaBasedConfigurationInsteadXMLConfig	UseJavaBasedConfigurationInsteadXMLConfig: Use Java based configuration instead of XML based configuration
Medium	Use Lazy Initialized Singleton Beans	OPT.JAVA.SPRING.UseLazyInitializedSingletonBeans	UseLazyInitializedSingletonBeans: Use lazy initialized singleton beans
Medium	Use Thread Safe Multi Threading Steps	OPT.JAVA.SPRING.UseThreadSafeMultiThreadingSteps	UseThreadSafeMultiThreadingSteps: Use thread safe multi threading steps
Medium	A D L R	OPT.JAVA.STR.ADLR	ADLR: Avoid duplicate literals
Medium	Avoid String Concat	OPT.JAVA.STR.AvoidStringConcat	AvoidStringConcat: Avoid String concatenation using + or + {}
Medium	L S T R	OPT.JAVA.STR.LSTR	LSTR: Do not concatenate single character strings in a loop
Medium	N T U L C	OPT.JAVA.STR.NTULC	NTULC: Never use either toUpperCase.equals or toLowerCase.equals
Medium	S B	OPT.JAVA.STR.SB	SB: Instantiate StringBuffer/StringBuilder with explicit initial size
Medium	U C T M	OPT.JAVA.STR.UCTM	UCTM: Avoid unnecessary temporal conversion
Medium	U S B	OPT.JAVA.STR.USB	USB: Avoid using the concatenation operator of strings + {}
Medium	F I E L D S	OPT.JAVA.STRUTS.FIELDS	FIELDS: Provide a getter and a setter for each field in a form Bean that extends ActionForm
Medium	F O R M	OPT.JAVA.STRUTS.FORM	FORM: Use only getters and setters in form beans
Medium	I N S T	OPT.JAVA.STRUTS.INST	INST: Avoid instance variables in an Action class
Medium	Case With Return	OPT.JAVA.SWITCH.CaseWithReturn	CaseWithReturn: Every CASE statement should end with a break statement
Medium	Avoid Map Set In URL	OPT.JAVA.VELOC.AvoidMapSetInURL	AvoidMapSetInURL: Avoid Map and Set methods of java.net.URL objects
Medium	Avoid String Equals	OPT.JAVA.VELOC.AvoidStringEquals	AvoidStringEquals: Do not check the length of a series by invoking the String.equals('')
Medium	Avoid URL Methods	OPT.JAVA.VELOC.AvoidURLMethods	AvoidURLMethods: Avoid using the equals() and hashCode() in java.net.URL
Medium	Transient For System Resources	OPT.JAVA.J2SE.TransientForSystemResources	TransientForSystemResources: Mark as transient the fields with system resources
Medium	Check HTTP Methods	OPT.JAVA.JAX.CheckHTTPMethods	CheckHTTPMethods: Check the HTTP method used to send the request
Medium	Avoid Total Memory Debug	OPT.JAVA.PERF.AvoidTotalMemoryDebug	AvoidTotalMemoryDebug: Avoid debugging with Runtime.totalMemory()
Medium	Avoid Trace Method Calls Debug	OPT.JAVA.PERF.AvoidTraceMethodCallsDebug	AvoidTraceMethodCallsDebug: Avoid debugging with Runtime.traceMethodCalls ()
Medium	Hardcoded Username Password	OPT.JAVA.SEC_JAVA.HardcodedUsernamePassword	HardcodedUsernamePassword: Use of Hard-coded Credentials
Medium	Password In Configuration File	OPT.JAVA.SEC_JAVA.PasswordInConfigurationFile	PasswordInConfigurationFile: Use of credentials into configuration file
Medium	Plaintext Storage Of Password	OPT.JAVA.SEC_JAVA.PlaintextStorageOfPassword	PlaintextStorageOfPassword: Plaintext Storage of a Password
Medium	Serializable Class Containing Sensitive Data	OPT.JAVA.SEC_JAVA.SerializableClassContainingSensitiveData	SerializableClassContainingSensitiveData: Serializable Class Containing Sensitive Data
Medium	Weak Password Hashing	OPT.JAVA.SEC_JAVA.WeakPasswordHashing	WeakPasswordHashing: Weak Password Hashing

In this section:

Java Scan rules

Search results