Christopher Schultz issues

Results 24 issues of


                                            Christopher Schultz

SQL_INJECTION_JDBC seems to miss situations where the tained variable is used in a chained StringBuilder.append

## Environment | Component | Version | | ------------------ | ------- | | Ant |10.5 | | Java | 24 | | SpotBugs | 4.9.4 | | FindSecBugs | 1.14...

false-positive

STATIC_IV false positive

## Environment | Component | Version | | ------------------ | ------- | | Java |24 | | SpotBugs |4.9.4 | | FindSecBugs | 1.14.0 | ## Problem This code triggers...

false-positive

Avoid adding multiple CSRF tokens to a URL

The unit tests describe the problem: if a URL already contains a CSRF token and that URL is passed through `HttpServletResponse.encode(Redirect)URL`, then the URL will end up with multiple instances...

Clarify behavior of HttpServletResponse.encodeURL and HttpServletResponse.encodeRedirectURL

According to the [JavaDoc for `HttpServletResponse.encodeURL`](https://javadoc.io/doc/jakarta.servlet/jakarta.servlet-api/6.1.0/jakarta.servlet/jakarta/servlet/http/HttpServletResponse.html#encodeURL(java.lang.String)), the URL should be modified "by including the session ID, or, if encoding is not needed, returns the URL unchanged". While the phrase "is...