| ANDROID.LIFECYCLE.SV.FRAGMENTINJ | Unvalidated fragment class name | 1 | True | Yes | 
                                                
                                                    | ANDROID.LIFECYCLE.SV.GETEXTRA | Unvalidated external data | 3 | True | Yes | 
                                                
                                                    | ANDROID.NPE | Dereference of a null value in an Android application | 4 | True | Yes | 
                                                
                                                    | ANDROID.RLK.MEDIAPLAYER | Media player is not released on exit | 1 | True | Yes | 
                                                
                                                    | ANDROID.RLK.MEDIARECORDER | Media recorder is not released on exit | 1 | True | Yes | 
                                                
                                                    | ANDROID.RLK.SQLCON | Sql connection is not closed on exit | 1 | True | Yes | 
                                                
                                                    | ANDROID.RLK.SQLOBJ | Sql object is not closed on exit | 1 | True | Yes | 
                                                
                                                    | ANDROID.UF.BITMAP | Usage of recycled bitmap | 2 | True | Yes | 
                                                
                                                    | ANDROID.UF.CAMERA | Usage of released camera | 2 | True | Yes | 
                                                
                                                    | ANDROID.UF.MEDIAPLAYER | Usage of released media player | 2 | True | Yes | 
                                                
                                                    | ANDROID.UF.MEDIARECORDER | Usage of released media recorder | 2 | True | Yes | 
                                                
                                                    | CMP.CLASS | Comparing by classname | 4 | False | No | 
                                                
                                                    | CMPF.FLOAT | Equality checks on floating point types should be avoided | 4 | True | No | 
                                                
                                                    | CMP.OBJ | Comparing objects with == | 4 | True | No | 
                                                
                                                    | CMP.STR | Comparing strings with == | 4 | True | No | 
                                                
                                                    | COV.CMP | Method compareTo() should have signature 'public int compareTo(Object)' | 4 | True | No | 
                                                
                                                    | ECC.EMPTY | Empty catch clause | 4 | True | No | 
                                                
                                                    | EHC.EQ | Class defines hashCode() but does not define equals() | 4 | True | No | 
                                                
                                                    | EHC.HASH | Class defines equals() but does not define hashCode() | 4 | True | No | 
                                                
                                                    | ESCMP.EMPTYSTR | Inefficient empty string comparison | 4 | True | No | 
                                                
                                                    | EXC.BROADTHROWS | Method has an overly broad throws declaration | 4 | True | No | 
                                                
                                                    | FIN.EMPTY | Empty finalize() method should be removed | 3 | True | No | 
                                                
                                                    | FIN.NOSUPER | Implementation of the finalize() method should call super.finalize() | 3 | True | No | 
                                                
                                                    | FSC.PRT | Class and its superclass have protected fields with the same name | 4 | False | No | 
                                                
                                                    | FSC.PRV | Class and its superclass have private fields with the same name | 4 | False | No | 
                                                
                                                    | FSC.PUB | Class and its superclass have public fields with the same name | 4 | False | No | 
                                                
                                                    | JD.BITCMP | Using non short-circuit logic in expression | 3 | True | No | 
                                                
                                                    | JD.BITMASK | Possible error in bit operations | 3 | True | No | 
                                                
                                                    | JD.BITR | Redundant expression | 3 | True | No | 
                                                
                                                    | JD.CALL.WRONGSTATIC | Call to static method via instance reference | 4 | True | No | 
                                                
                                                    | JD.CAST.COL.MIGHT | Possible ClassCastException for collection | 4 | False | No | 
                                                
                                                    | JD.CAST.COL.MUST | ClassCastException for collection | 4 | True | No | 
                                                
                                                    | JD.CAST.DOWNCAST | Possible ClassCastException for subtypes | 4 | True | No | 
                                                
                                                    | JD.CAST.KEY | Suspicious key type used to retrieve an element from collection | 4 | True | No | 
                                                
                                                    | JD.CAST.SUSP.MIGHT | Possible ClassCastException for different types | 4 | True | No | 
                                                
                                                    | JD.CAST.SUSP.MUST | ClassCastException for different types | 4 | True | No | 
                                                
                                                    | JD.CAST.UPCAST | Possible ClassCastException for subtypes | 4 | True | No | 
                                                
                                                    | JD.CATCH | Catching runtime exception | 4 | True | No | 
                                                
                                                    | JD.CONCUR | Possible ConcurrentModificationException | 3 | True | No | 
                                                
                                                    | JD.EQ.ARR | Calling 'equals' on array | 4 | True | No | 
                                                
                                                    | JD.EQ.UTA | Calling 'equals' on incompatible types (array and non-array) | 4 | True | No | 
                                                
                                                    | JD.EQ.UTC | Calling equals on incompatible types | 4 | True | No | 
                                                
                                                    | JD.FINRET | Return inside finally | 4 | True | No | 
                                                
                                                    | JD.IFBAD | Redundant 'if' statement | 3 | True | No | 
                                                
                                                    | JD.IFEMPTY | Redundant 'if' statement. Unfinished code | 3 | True | No | 
                                                
                                                    | JD.INF.ALLOC | Allocation within infinite loop | 4 | True | No | 
                                                
                                                    | JD.INF.AREC | Apparent infinite recursion | 4 | True | No | 
                                                
                                                    | JD.INST.TRUE | Redundant 'instanceof' condition | 4 | True | No | 
                                                
                                                    | JD.LIST.ADD | Container added to itself | 4 | True | No | 
                                                
                                                    | JD.LOCK | Lock without unlock | 2 | True | Yes | 
                                                
                                                    | JD.LOCK.NOTIFY | Method 'notify' called with locks held | 4 | True | No | 
                                                
                                                    | JD.LOCK.SLEEP | Method 'sleep' called with locks held | 4 | True | No | 
                                                
                                                    | JD.LOCK.WAIT | Method 'wait' called with locks held | 4 | True | No | 
                                                
                                                    | JD.METHOD.CBS | Method can be static | 4 | False | No | 
                                                
                                                    | JD.NEXT | Possible 'NoSuchElementException' | 4 | True | Yes | 
                                                
                                                    | JD.OVER | Mismatched override | 4 | True | No | 
                                                
                                                    | JD.RC.EXPR.CHECK | Test expression is always true | 4 | True | No | 
                                                
                                                    | JD.RC.EXPR.DEAD | Redundant check causing dead code | 4 | False | No | 
                                                
                                                    | JD.ST.POS | Incorrect check for method 'indexOf' | 4 | True | No | 
                                                
                                                    | JD.SYNC.DCL | Double-checked locking | 4 | True | No | 
                                                
                                                    | JD.SYNC.IN | Inconsistent synchronization | 4 | True | No | 
                                                
                                                    | JD.THREAD.RUN | Explicit call to a 'Thread.run' method | 4 | True | No | 
                                                
                                                    | JD.UMC.FINALIZE | Explicit call to method 'Object.finalize' | 3 | True | No | 
                                                
                                                    | JD.UMC.RUNFIN | runFinalizersOnExit() is called | 3 | True | No | 
                                                
                                                    | JD.UMC.WAIT | Wait called on incorrect object | 4 | True | No | 
                                                
                                                    | JD.UNCAUGHT | Uncaught exception | 4 | True | No | 
                                                
                                                    | JD.UN.MET | Unused non-private method | 4 | False | No | 
                                                
                                                    | JD.UNMOD | Modification of unmodifiable collection | 2 | True | Yes | 
                                                
                                                    | JD.UN.PMET | Unused private method | 3 | True | No | 
                                                
                                                    | JD.VNU | Variable was never read after being assigned | 4 | True | No | 
                                                
                                                    | JD.VNU.NULL | Variable was never read after null being assigned | 4 | True | No | 
                                                
                                                    | MNA.CAP | Method name should start with non-capital letter | 4 | True | No | 
                                                
                                                    | MNA.CNS | Method name is same as constructor name but it is not a constructor | 4 | True | No | 
                                                
                                                    | MNA.SUS | Suspicious method name | 4 | True | No | 
                                                
                                                    | NPE.COND | Null pointer dereference where null comes from condition | 1 | True | Yes | 
                                                
                                                    | NPE.CONST | Null pointer dereference where null comes from constant | 1 | True | Yes | 
                                                
                                                    | NPE.RET | Dereference of a null value which is returned from a method | 1 | True | Yes | 
                                                
                                                    | NPE.RET.UTIL | Dereference of a null value which is returned from a map or a collection | 1 | True | Yes | 
                                                
                                                    | NPE.STAT | Null pointer dereference of a return value (statistical) | 4 | False | Yes | 
                                                
                                                    | REDUN.DEF | Assignment of expression to itself | 4 | True | No | 
                                                
                                                    | REDUN.EQ | Suspicious equals() called with same expression on both sides | 4 | True | No | 
                                                
                                                    | REDUN.EQNULL | Suspicious equals() called with expression and null (never true) | 4 | True | No | 
                                                
                                                    | REDUN.FINAL | Redundant 'final' modifier | 4 | True | No | 
                                                
                                                    | REDUN.NULL | Usage of variable instead of null constant | 4 | True | No | 
                                                
                                                    | REDUN.OP | Suspicious operation with same expression on both sides | 4 | True | No | 
                                                
                                                    | RI.IGNOREDCALL | The value returned by a method called on immutable object is ignored | 4 | True | No | 
                                                
                                                    | RI.IGNOREDNEW | Newly created object is ignored | 4 | True | No | 
                                                
                                                    | RLK.AWT | AWT object is not disposed on exit | 1 | True | Yes | 
                                                
                                                    | RLK.FIELD | Possible leak of system resource stored in a field | 4 | True | No | 
                                                
                                                    | RLK.HIBERNATE | Hibernate object is not closed on exit | 1 | True | Yes | 
                                                
                                                    | RLK.IMAGEIO | ImageIO stream is not closed on exit | 1 | True | Yes | 
                                                
                                                    | RLK.IN | Input stream is not closed on exit | 1 | True | Yes | 
                                                
                                                    | RLK.JNDI | JNDI context is not closed on exit | 1 | True | Yes | 
                                                
                                                    | RLK.JPA | {3} object is not closed on exit. | 1 | True | Yes | 
                                                
                                                    | RLK.MAIL | Java mail object is not closed on exit | 1 | True | Yes | 
                                                
                                                    | RLK.MICRO | Java Microedition connection is not closed on exit | 1 | True | Yes | 
                                                
                                                    | RLK.NIO | NIO object is not closed on exit | 1 | True | Yes | 
                                                
                                                    | RLK.OUT | Output stream is not closed on exit | 1 | True | Yes | 
                                                
                                                    | RLK.SOCK | Socket is not closed on exit | 1 | True | Yes | 
                                                
                                                    | RLK.SQLCON | Sql connection is not closed on exit | 1 | True | Yes | 
                                                
                                                    | RLK.SQLOBJ | Sql object is not closed on exit | 1 | True | Yes | 
                                                
                                                    | RLK.SWT | SWT object is not disposed on exit | 1 | True | Yes | 
                                                
                                                    | RLK.ZIP | Zip file is not closed on exit | 1 | True | Yes | 
                                                
                                                    | RNU.THIS | Compare this and null but this cannot be null | 4 | True | No | 
                                                
                                                    | RR.IGNORED | The returned value is ignored | 4 | True | No | 
                                                
                                                    | RTC.CALL | Type cast is redundant | 4 | True | No | 
                                                
                                                    | SPRING.AUTHC.ABSENT | No configuration for a critical resource | 2 | False | No | 
                                                
                                                    | SPRING.AUTHC.MISSING | Missing authentication for critical function | 2 | True | No | 
                                                
                                                    | SPRING.AUTHZ.ABSENT | No configuration for protected resource | 2 | False | No | 
                                                
                                                    | SPRING.AUTHZ.MISSING | Missing Authorization | 2 | True | No | 
                                                
                                                    | STRCON.LOOP | Using append for string in a loop | 4 | True | No | 
                                                
                                                    | SV.AUTH.BYPASS.MIGHT | Incorrect Authentication | 2 | True | Yes | 
                                                
                                                    | SV.AUTH.BYPASS.MUST | Incorrect Authentication | 2 | True | Yes | 
                                                
                                                    | SV.AUTH.HASH.MIGHT | Use of weak cryptographic algorithm | 3 | True | Yes | 
                                                
                                                    | SV.AUTH.HASH.MUST | Use of weak cryptographic algorithm | 3 | True | Yes | 
                                                
                                                    | SV.CLASSDEF.INJ | Runtime Class Definition Injection | 2 | True | Yes | 
                                                
                                                    | SV.CLASSLOADER.INJ | Class Loader URL Injection | 2 | True | Yes | 
                                                
                                                    | SV.CLEXT.CLLOADER | Class extends 'java.lang.ClassLoader' | 4 | False | No | 
                                                
                                                    | SV.CLEXT.POLICY | Class extends 'java.security.Policy' | 4 | False | No | 
                                                
                                                    | SV.CLLOADER | Direct use of Classloader | 4 | False | No | 
                                                
                                                    | SV.CLONE.SUP | Class implements 'clone' method but does not implement Cloneable | 4 | False | No | 
                                                
                                                    | SV.CSRF.GET | CSRF Token in GET request | 4 | False | Yes | 
                                                
                                                    | SV.CSRF.ORIGIN | Request handler without an origin check | 4 | False | Yes | 
                                                
                                                    | SV.CSRF.TOKEN | State changing request handler without a CSRF check | 4 | False | Yes | 
                                                
                                                    | SV.DATA.BOUND | Untrusted Data leaks into trusted storage | 3 | True | Yes | 
                                                
                                                    | SV.DATA.DB | Data injection | 2 | True | Yes | 
                                                
                                                    | SV.DATA.FILE | A potentially harmful file could be uploaded and automatically processed | 4 | True | Yes | 
                                                
                                                    | SV.DOS.ARRINDEX | Tainted index used for array access | 3 | True | Yes | 
                                                
                                                    | SV.DOS.ARRSIZE | Tainted size used for array allocation | 3 | True | Yes | 
                                                
                                                    | SV.DOS.TMPFILEDEL | Leaving temporary file for lifetime of JVM | 3 | True | Yes | 
                                                
                                                    | SV.DOS.TMPFILEEXIT | Leaving temporary file | 3 | True | Yes | 
                                                
                                                    | SV.ECV | Empty certificate validation | 4 | False | No | 
                                                
                                                    | SV.EMAIL | Unchecked e-mail | 2 | True | Yes | 
                                                
                                                    | SV.EXEC | Process Injection | 2 | True | Yes | 
                                                
                                                    | SV.EXEC.DIR | Process Injection. Working Directory | 2 | True | Yes | 
                                                
                                                    | SV.EXEC.ENV | Process Injection. Environment Variables | 2 | True | Yes | 
                                                
                                                    | SV.EXEC.LOCAL | Process Injection. Local Arguments | 3 | True | Yes | 
                                                
                                                    | SV.EXEC.PATH | Untrusted Search Path | 4 | True | No | 
                                                
                                                    | SV.EXPOSE.FIELD | Static field may be changed by malicious code | 4 | False | No | 
                                                
                                                    | SV.EXPOSE.FIN | Method finalize() should have protected access modifier, not public | 4 | False | No | 
                                                
                                                    | SV.EXPOSE.IFIELD | Instance field should be made final | 4 | False | No | 
                                                
                                                    | SV.EXPOSE.MUTABLEFIELD | Static mutable field can be accessed by malicious code | 4 | False | No | 
                                                
                                                    | SV.EXPOSE.RET | Internal representation may be exposed | 4 | False | No | 
                                                
                                                    | SV.EXPOSE.STORE | Method stores reference to mutable object | 4 | False | No | 
                                                
                                                    | SV.HASH.NO_SALT | Use of a one-way cryptographic hash without a salt | 3 | True | No | 
                                                
                                                    | SV.HTTP_SPLIT | Http Response Splitting | 2 | True | Yes | 
                                                
                                                    | SV.IL.DEV | Design information leakage | 3 | True | Yes | 
                                                
                                                    | SV.IL.FILE | File Name Leaking | 3 | True | Yes | 
                                                
                                                    | SV.INT_OVF | Tainted data may lead to Integer Overflow | 2 | True | Yes | 
                                                
                                                    | SV.LDAP | Unvalidated user input is used as LDAP filter | 2 | True | Yes | 
                                                
                                                    | SV.LDAP.ANON | Incorrect authentication | 4 | True | Yes | 
                                                
                                                    | SV.LOADLIB.INJ | Untrusted call to 'loadLibrary' method | 4 | True | No | 
                                                
                                                    | SV.LOG_FORGING | Log Forging | 3 | True | Yes | 
                                                
                                                    | SV.PASSWD.HC | Hardcoded Password | 2 | True | Yes | 
                                                
                                                    | SV.PASSWD.HC.EMPTY | Empty Password | 2 | True | Yes | 
                                                
                                                    | SV.PASSWD.PLAIN | Plain-text Password | 2 | True | Yes | 
                                                
                                                    | SV.PASSWD.PLAIN.HC | Plain-text Password | 2 | True | Yes | 
                                                
                                                    | SV.PATH | Path and file name injection | 3 | True | Yes | 
                                                
                                                    | SV.PATH.INJ | File injection | 3 | True | Yes | 
                                                
                                                    | SV.PERMS.HOME | File created in user home directory, without setting permissions | 2 | True | Yes | 
                                                
                                                    | SV.PERMS.WIDE | Too wide permissions | 4 | True | Yes | 
                                                
                                                    | SV.PRIVILEGE.MISSING | Method invoked should not be inside doPrivileged block | 4 | True | No | 
                                                
                                                    | SV.RANDOM | Use of insecure Random number generator | 4 | True | No | 
                                                
                                                    | SV.SCRIPT | Script Execution | 2 | True | Yes | 
                                                
                                                    | SV.SENSITIVE.DATA | Unencrypted sensitive data is written | 2 | True | Yes | 
                                                
                                                    | SV.SENSITIVE.OBJ | Object with unencrypted sensitive data is stored | 2 | True | No | 
                                                
                                                    | SV.SERIAL.INON | Interface extends 'Serializable' | 4 | False | No | 
                                                
                                                    | SV.SERIAL.NOFINAL | Methods readObject() and writeObject() in serializable classes should be final | 4 | False | No | 
                                                
                                                    | SV.SERIAL.NON | Class implements 'Serializable' | 4 | False | No | 
                                                
                                                    | SV.SERIAL.NOREAD | Method readObject() should be defined for a serializable class | 4 | False | No | 
                                                
                                                    | SV.SERIAL.NOWRITE | Method writeObject() should be defined for a serializable class | 4 | False | No | 
                                                
                                                    | SV.SERIAL.OVERRIDE | Do not invoke overridable methods from the readObject() method | 4 | True | No | 
                                                
                                                    | SV.SERIAL.SIG | Methods readObject() and writeObject() in serializable classes should have correct signature | 4 | False | No | 
                                                
                                                    | SV.SHARED.VAR | Unsynchronized access to static variable from servlet | 4 | True | No | 
                                                
                                                    | SV.SOCKETS | Bad practices: use of sockets | 4 | False | No | 
                                                
                                                    | SV.SQL | Sql Injection | 2 | True | Yes | 
                                                
                                                    | SV.SQL.DBSOURCE | Unchecked information from the database is used in SQL statements | 3 | True | Yes | 
                                                
                                                    | SV.SSRF.URI | URI based on invalidated user input. | 4 | True | Yes | 
                                                
                                                    | SV.STRBUF.CLEAN | String buffer not cleaned | 3 | False | Yes | 
                                                
                                                    | SV.STRUTS.NOTRESET | Struts Forms: inconsistent reset | 4 | False | No | 
                                                
                                                    | SV.STRUTS.NOTVALID | Struts Forms: inconsistent validate | 4 | False | No | 
                                                
                                                    | SV.STRUTS.PRIVATE | Struts Forms: non-private fields | 4 | False | No | 
                                                
                                                    | SV.STRUTS.RESETMET | Struts Forms: reset method | 4 | False | No | 
                                                
                                                    | SV.STRUTS.STATIC | Struts Forms: static fields | 4 | False | No | 
                                                
                                                    | SV.STRUTS.VALIDMET | Struts Forms: validate method | 4 | False | No | 
                                                
                                                    | SV.STRUTS.VER | Usage of vulnerable Apache Struts version | 2 | True | No | 
                                                
                                                    | SV.TAINT | Tainted data | 3 | False | Yes | 
                                                
                                                    | SV.TAINT_NATIVE | Tainted data goes to native code | 3 | True | Yes | 
                                                
                                                    | SV.TMPFILE | Temporary file path tampering | 3 | True | Yes | 
                                                
                                                    | SV.UMC.EXIT | The System.exit() and Runtime.exit() method calls should not be used in servlets code | 4 | False | No | 
                                                
                                                    | SV.UMC.JDBC | Application should avoid calling to DriverManager.getConnection() directly | 4 | False | No | 
                                                
                                                    | SV.UMC.THREADS | Bad practices: use of thread management | 4 | False | No | 
                                                
                                                    | SV.UMD.MAIN | Leftover debug code - main method | 4 | False | No | 
                                                
                                                    | SV.USE.POLICY | Direct use methods of Policy | 4 | False | No | 
                                                
                                                    | SV.WEAK.CRYPT | Use of a Broken or Risky Cryptographic Algorithm | 3 | True | No | 
                                                
                                                    | SV.XPATH | Unvalidated user input is used as an XPath expression | 2 | True | Yes | 
                                                
                                                    | SV.XSS.COOKIE | Sensitive cookie without setHttpOnly flag | 4 | True | Yes | 
                                                
                                                    | SV.XSS.DB | Cross Site Scripting (Stored XSS) | 2 | True | Yes | 
                                                
                                                    | SV.XSS.REF | Cross Site Scripting (Reflected XSS) | 2 | True | Yes | 
                                                
                                                    | SV.XXE.DBF | Possibility for XML External Entity attack | 4 | True | No | 
                                                
                                                    | SV.XXE.SF | Possibility for XML External Entity attack | 4 | True | No | 
                                                
                                                    | SV.XXE.SPF | Possibility for XML External Entity attack | 4 | True | No | 
                                                
                                                    | SV.XXE.TF | Possibility for XML External Entity attack | 4 | True | No | 
                                                
                                                    | SV.XXE.XIF | Possibility for XML External Entity attack | 4 | True | No | 
                                                
                                                    | SV.XXE.XRF | Possibility for XML External Entity attack | 4 | True | No | 
                                                
                                                    | SYNCH.NESTED | Synchronized method calls another synchronized method with the same lock held | 4 | True | No | 
                                                
                                                    | SYNCH.NESTEDS | Synchronized static method calls another synchronized static method with the same lock held | 4 | True | No | 
                                                
                                                    | UC.BOOLB | Unnecessary creation of new Boolean object from a boolean expression | 4 | True | No | 
                                                
                                                    | UC.BOOLS | Unnecessary creation of new Boolean object from a string expression | 4 | True | No | 
                                                
                                                    | UC.STRS | Unnecessary creation of new String object from a string expression | 4 | True | No | 
                                                
                                                    | UC.STRV | Unnecessary creation of empty String object | 4 | True | No | 
                                                
                                                    | UF.IMAGEIO | Usage of closed ImageIO stream | 2 | True | Yes | 
                                                
                                                    | UF.IN | Usage of closed input stream | 2 | True | Yes | 
                                                
                                                    | UF.JNDI | Usage of closed JNDI context | 2 | True | Yes | 
                                                
                                                    | UF.MAIL | Usage of closed Java mail object | 2 | True | Yes | 
                                                
                                                    | UF.MICRO | Usage of closed Java Microedition connection | 2 | True | Yes | 
                                                
                                                    | UF.NIO | Usage of closed NIO object | 2 | True | Yes | 
                                                
                                                    | UF.OUT | Usage of closed output stream | 2 | True | Yes | 
                                                
                                                    | UF.SOCK | Usage of closed socket | 2 | True | Yes | 
                                                
                                                    | UF.SQLCON | Usage of closed SQL connection | 2 | True | Yes | 
                                                
                                                    | UF.SQLOBJ | Usage of closed SQL object | 2 | True | Yes | 
                                                
                                                    | UF.ZIP | Usage of closed zip file | 2 | True | Yes | 
                                                
                                                    | UMC.EXIT | The System.exit() method call is unwanted | 4 | False | No | 
                                                
                                                    | UMC.GC | The System.gc() method call is unwanted | 4 | False | No | 
                                                
                                                    | UMC.SYSERR | Debug print using System.err method calls is unwanted | 4 | False | No | 
                                                
                                                    | UMC.SYSOUT | Debug print using System.out method calls is unwanted | 4 | False | No | 
                                                
                                                    | UMC.TOSTRING | Unnecessary toString() method called for a String argument | 4 | True | No |