4. common
static analysis
tools
Findbug detect bugs with available list of bugs
http://findbugs.sourceforge.net/bugDescriptions.html
Checkstyle helps to adhere to coding standard
PMD finds common programming flaws like unused variables, empty
catch blocks, unnecessary object creation. Includes CPD, the copy-paste-
detector
SonarLint includes above three tools and more
10. Useful resource – common weakness
enumeration by Mitre
Useful links:
Common java weakness:
https://cwe.mitre.org/data/definitions/660.html
SANS TOP 25 common weakness:
https://cwe.mitre.org/top25/
11. Some weakness from CWE
CWE-912: Hidden Functionality
Hidden functionality - intentionally malicious code,
extraneous functionality, developer-friendly for maintenance or support costs
https://cwe.mitre.org/data/definitions/912.html
CWE-209: Information Exposure Through an Error Message
https://cwe.mitre.org/data/definitions/209.html
try {
// …
}
catch (Exception e) {
System.out.println(e);
}