Product Documentation
Product Documentation
Welcome To Reshift
Getting Started
Scan Your First Project
Signing Up Using GitHub
Signing Up Using Bitbucket
Signing Up Using GitLab
Scanning Maven Projects
Scanning Gradle Projects
Granting Reshift GitHub Organization Access After Signing up
Setting Projects Up Using NPM
Integrations
GitHub Actions [JavaScript]
GitHub Actions [Java]
Circle CI
Jenkins
GitLab
Analysis Engine
Java Security Rules
JavaScript Security Rules
Product Features
Code Review Workflow
Autofix
IDE plugins
IntelliJ IDE
Visual Studio Code
Reshift Security Model
Source Code Security in Reshift
User Authentication Mode in Reshift
Report Bundles and Call Graphs
User Data Flow
Common Questions and Answers
How do you ensure Reshift's own security?
How do I know my code is secure?
Why do you need access to my source code?
What permissions does reshift gain access to?
Can I try reshift without giving access to my source code?
Why do I need to sign up with GitHub, Bitbucket, or Gitlab?
Why might my scan be failing?
Can’t load code snippets?
Clean security report?
Account Settings
Permissions
Project Settings
Project Tokens
Security Gates
Reporting
Powered by GitBook

Java Security Rules

Reshift Scans your custom Java code for security bugs, below are the security issues Reshift detects.

Security Issues

Severity

CWE

​OWASP Top 10​

PCI DSS

AWS Query Injection

Critical

943

A1

​

Code Execution

Critical

94

A1

​

Command Injection

Critical

78

A1

6.5.1

JSP Include Injection

Critical

917

A1

​

JSP Spring Eval

Critical

95

A1

​

SQL Injection

Critical

89

A1

6.5.1

XML External Entity Injection

Critical

611

A4

6.5.1

Reflected Cross-site Scripting

High

79

A7

​

DOM Cross-site Scripting

High

79

A7

​

Insecure Deserialization

High

502

A8

​

LDAP Injection

High

90

A1

6.5.1

Padding Oracle

High

463

A3

​

Path Tampering

High

73

​

​

Sensitive Data Exposure

High

798

A3

6.5.1

Stored Cross-site Scripting

High

79

A7

​

Template Injection

High

​

A1

6.5.1

Cross Site Request Forgery

Moderate

352

​

​

Denial of Service

Moderate

834

​

​

Insecure Crypto

Moderate

327

A3

​

Hardcoded Key

Moderate

321

A3

​

Header Injection

Moderate

20

A1

6.5.1

HTTP Parameter Pollution

Moderate

88

​

​

HTTP Response Splitting

Moderate

443

​

​

Information Leakage

Moderate

1230

A3

6.5.1

Insecure Data Storage

Moderate

922

A3

6.5.1

Insecure Logging

Moderate

312

A10

6.5.1

Parameter Tampering

Moderate

843

A5

​

RegEx Denial of Service

Moderate

400

​

​

RSA No Padding

Moderate

780

A3

​

Server Side Request Forgery

Moderate

918

​

​

Timing Attacks

Moderate

208

​

​

Unvalidated Redirect

Moderate

601

​

​

Using ECB Mode

Moderate

​

A3

​

Weak Hashing

Moderate

916

A3

​

XPath Injection

Moderate

643

A1

6.5.1

Integrations - Previous
GitLab
Next - Analysis Engine
JavaScript Security Rules
Last updated 5 months ago